Open Bug 901050 Opened 12 years ago Updated 8 days ago

Consider writing a mach_port_t IPC backend for OSX

Categories

(Core :: IPC, defect, P3)

Product:
Core
Component:
IPC
Platform:
x86
macOS
Type:
defect

Tracking

()

People

(Reporter: mattwoodrow, Assigned: nika, NeedInfo)

References

(Blocks 1 open bug)

Details

Attachments

(7 files)

Bug 901050 - Part 1: Make IPC::Channel virtual, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 901050 - Part 2: Add mach port watching support to the IO thread, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 901050 - Part 3: Add an IPC::ChannelMach Backend, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 901050 - Part 4: Use IPC::Channel::Mode to indicate brokering status, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 901050 - Part 6: Avoid checking backend pref in content, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 901050 - Part 7: Use the SEND_POSSIBLE notification for mach_msg timeouts, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
Bug 901050 - Part 5: Don't initialize IOThread until Prefs are available, r=#ipc-reviewers!
48 bytes, text/x-phabricator-request
Details | Review
When sharing IOSurfaces between processes (what we use for WebGL and plugins) we currently mark them as global, so that they can be looked up by ID number from any process in the system. A better solution would be to use mach ports for our IPC code, because this supports proper ownership transfer/sharing, similar to passing file descriptors via POSIX sockets. It appears that the chromium guys wrote a prototype for this, and abandoned it because OSX 10.5 didn't support a feature that they needed (EVFILTER_MACHPORT). They also did seem in depth performance measurements, and found them to be faster than sockets. Their initial descriptor says that the wins are negligible, but the actual numbers show them to be 150% - 1000% faster than FIFO sockets for the packet sizes that they frequently see. Details: http://www.chromium.org/developers/design-documents/os-x-interprocess-communication http://code.google.com/p/chromium/issues/detail?id=5308 The remaining issue I see is passing filedescriptors across processes. Comment 4 in the chromium bug has a solution, but it might be Lion (10.7) only.
As an update, SharedMemoryBasic_mach.mm has basically all the code we'd need for this, we just need to implement a ShareToProcess function for MacIOSurface using the same infrastructure.
Priority: -- → P3
Depends on: 1480205
See Also: → 1695866
Severity: normal → S3

We have supported sending mach ports over IPC for many years (we've been using mach-based shared memory since bug 1161166, and have been brokering them in normal IPC messages since bug 1734735).

I'm re-purposing this bug to track actually switching the underlying IPC mechanism to use mach ports for IPC, similar to how Chrome and WebKit do. This will be important for Gecko on iOS, as the strategy we use for transferring mach ports on desktop will not work due to the sandbox on that platform.

Assignee: nobody → nika

This change to how IPC::Channel is declared will make it more feasible for the
specific channel implementation to be selected at runtime. This patch will use
this to allow selecting the IPC::Channel backend using a pref on macOS.

This adds a new message_pump implementation, MessagePumpKqueue. This new
implementation is compatible with the existing MessagePumpLibevent, but adds
support for also watching mach ports.

This also disables building libevent and MessagePumpLibevent on macOS, as it is
redundant.

Depends on D251392

This adds a new IPC::Channel implementation which can be selected at runtime by
a pref, which uses mach ports for sending and receiving messages.

Some additional complexity is required outside of the channel, as the
ChannelHandle type needs to handle multiple different underlying types now.

Depends on D251393

Attachment #9491033 - Attachment description: WIP: Bug 901050 - Part 1: Make IPC::Channel virtual, r=#ipc-reviewers! → Bug 901050 - Part 1: Make IPC::Channel virtual, r=#ipc-reviewers!
Attachment #9491034 - Attachment description: WIP: Bug 901050 - Part 2: Add mach port watching support to the IO thread, r=#ipc-reviewers! → Bug 901050 - Part 2: Add mach port watching support to the IO thread, r=#ipc-reviewers!
Attachment #9491035 - Attachment description: WIP: Bug 901050 - Part 3: Add an IPC::ChannelMach Backend, r=#ipc-reviewers! → Bug 901050 - Part 3: Add an IPC::ChannelMach Backend, r=#ipc-reviewers!

The mode_ member on ChannelPosix and ChannelWin was completely unused before
this change, so this patch re-purposes it to replace the existing privileged_
and accept_handles_ flags, removing some platform-specific methods from the
Channel interface. This also removes the argument being passed around in
NodeChannel::Introduction arguments.

Depends on D251394

This is done by adding a new static ChannelKind vtable, which will be selected
as the IO thread is initialized, and used for all operations in NodeController
which care about the underlying channel implementation.

In addition to num_relayed_attachments, create_raw_pipe and a new
is_valid_handle check were moved into the vtable as well, as they are
specific to a channel backend.

This required some changes to the NodeController interface to hide channel
creation better from callers.

Depends on D251640

This patch adds support to message_pump_kqueue for watching for SEND_POSSIBLE
and DEAD_NAME notifications for send rights from the kernel.

This is done in the message pump, rather than in the IPC::Channel directly, as
failing to process a queued DEAD_NAME notification from the kernel (e.g. due to
destroying a receive right with queued messages) can lead to a port leak. By
using a shared listener port in the message pump, this leak can be avoided.

Depends on D254419

Before this change, we would initialize IOThread much earlier during startup, before Preferences are available to read (which depends on the XPCOM component manager). After this change, starting the IOThread is done during XPCOM component startup, meaning preferences are available.

This will allow us to customize IPC configuration at startup based on Preferences in the parent process. Content processes still cannot depend on Prefs to be available.

Depends on D251640

Attachment #9495835 - Attachment description: Bug 901050 - Part 5: Avoid checking backend pref in content, r=#ipc-reviewers! → Bug 901050 - Part 6: Avoid checking backend pref in content, r=#ipc-reviewers!
Attachment #9495836 - Attachment description: Bug 901050 - Part 6: Use the SEND_POSSIBLE notification for mach_msg timeouts, r=#ipc-reviewers! → Bug 901050 - Part 7: Use the SEND_POSSIBLE notification for mach_msg timeouts, r=#ipc-reviewers!
Pushed by agoloman@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/b45a01cb538e https://hg.mozilla.org/integration/autoland/rev/fc524e49401d Revert "Bug 901050 - Part 6: Avoid checking backend pref in content, r=ipc-reviewers,jld" for causing build bustages @ipc_channel_mach.cc.

Backed out for causing build bustages @ipc_channel_mach.cc.

Flags: needinfo?(nika)

(In reply to agoloman from comment #12)

Backed out for causing build bustages @ipc_channel_mach.cc.

Looks like a conflict with bug 1973598; see also this comment about argument-dependent lookup. Should be trivial to fix.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: