Shmem sizes serialized in an ipc::ShmemCreated message should be sent as an
uint32_t rather than a size_t, as size_t is defined as different sizes in 64
and 32 bit builds. If the size isn't consistent, we won't be able to reliably
send this message between cross architecture processes.
Also, Shmem's have a limit of 32bit for their size anyway:
https://searchfox.org/mozilla-central/rev/e00ea598e52bbb35f8c45abf9c2eade17962bb5e/ipc/glue/Shmem.cpp#127
So this patch should not affect allocations of shmems.
Differential Revision: https://phabricator.services.mozilla.com/D18909
--HG--
extra : source : d7276bbcafafd5cb96ef498ef74629294483e002
extra : amend_source : 9e4b7721cfbef5f2caf34c22de106c3127628597
extra : intermediate-source : 57b88145a6357f2fd3d93a101952b22279a246f2
For cases where the class has direct calls (that is, we cast `this` to the
subclass before making the call) no longer declare Recv/Answer methods on the
base class at all. This should ensure that slots for them are not generated in
vtables, and also allow the derived class to choose the method signature (e.g.
whether it wants to take something by reference or by value).
Differential Revision: https://phabricator.services.mozilla.com/D18132
--HG--
extra : moz-landing-system : lando
For cases where the class has direct calls (that is, we cast `this` to the
subclass before making the call) no longer declare Alloc/Dealloc methods on the
base class at all. This should ensure that slots for them are not generated in
vtables, and also allow the derived class to choose the method signature (e.g.
whether it wants to take something by reference or by value).
Differential Revision: https://phabricator.services.mozilla.com/D18131
--HG--
extra : moz-landing-system : lando
When calling a Recv/Alloc/Dealloc method on most types, cast `this` to the
derived class.
There is a heuristic to figure out what the correct derived type is. There is a
blacklist of types which we can't do direct calls on for the moment, as well as
an override for types that do work with direct calls but which don't match the
heuristic.
Differential Revision: https://phabricator.services.mozilla.com/D16492
--HG--
extra : moz-landing-system : lando
This is a supplement to further increase coverage of IPC fuzzing and to fulfill support for Faulty on all platforms.
Differential Revision: https://phabricator.services.mozilla.com/D16888
--HG--
extra : moz-landing-system : lando
Launching processes takes enough time that we should avoid blocking the
parent process's IPC I/O thread for it; it's less bad for responsiveness
than blocking the main thread, but it's not good.
On Windows we need to use a dedicated thread, because the sandbox isn't
thread-safe and it asserts that the same thread is used for every
launch. Otherwise, a thread pool is used. (Or, in the Web Replay
middleman process, where there isn't enough of XPCOM for any of this,
launching the actual content processes remains on the I/O thread.)
Depends on D18011
Differential Revision: https://phabricator.services.mozilla.com/D8946
--HG--
extra : moz-landing-system : lando
In order to enable asynchronous launch, destruction of
GeckoChildProcessHost (and its subclasses) has to be delayed until after
launching (or anything else that might be made asynchronous in the
future) has completed, to prevent use-after-free. However, there are
other dependencies on process hosts always being destroyed on the I/O
thread, so refcounting would be difficult to use.
Instead, GeckoChildProcessHost now may not be destroyed directly, but
must go through a method that handles the scheduling.
There are also some minor cleanups to the affected headers (removed
duplicate access modifiers, and made PluginProcessParent final).
Depends on D18010
Differential Revision: https://phabricator.services.mozilla.com/D18011
--HG--
extra : moz-landing-system : lando
This file has text-substitution placeholders that aren't part of normal
C++ syntax; they were broken by auto-inserted whitespace. This patch
restores the original formatting and protects them from further change.
Differential Revision: https://phabricator.services.mozilla.com/D18010
--HG--
extra : moz-landing-system : lando
The total size of an IPC inputStream message must be less than 1mb. When we
compose the message for the multiplex stream, each sub stream collaborates with
its own size, deciding if it's better to be a pipe stream (IPCRemoteStream) or
a full serialized one.
Differential Revision: https://phabricator.services.mozilla.com/D18543
--HG--
extra : moz-landing-system : lando
This includes deleting several unused functions. Our own code does a better job
of using the preferred platform APIs for random numbers.
Differential Revision: https://phabricator.services.mozilla.com/D18120
--HG--
extra : moz-landing-system : lando
ProcessTypeRequiresWinEventHook was added when attempting to turn on win32k
lockdown for GMP processes. Having a less specific, but globally accessible,
function will make it more useful while applying win32k lockdown to other
process types.
Before this patch, IPCStream was an union containing IPCRemoteSteam or an
InputStreamParamsWithFds. Now InputStreamParamsWithFds is renamed IPCStream and
IPCRemoteSteam is one of the possible InputStreamParams structs.
Before this set of patches, the decision of exposing the stream as a pipe was
centralized in IPCStreamUtils, based on the total expectation size of the IPC
message. This triggers issues when multiplex inputStreams contain something
that cannot be sent as a pipe (IPCBlobInputStream, for instance), or something
that it's better to do not set as a pipe (nsFileInputStream), together with
memory streams (nsStringInputStream), which could make the IPC message greater
then what accepted (1mb).
These patches move the "pipe vs non-pipe" choice into the single inputStream
implementation.
This removes all .flake8 files except for the one at the root of the repo.
Instead we use the new 'per-file-ignores' config introduced in 3.7. To ignore
specific errors in a subdirectory, add a line like this to the root .flake8:
[per-file-ignores]
path/to/subdir/*: E100, F200, ...
The reasons for this change are:
1. Unblock flake8 blacklist (bug 1367092).
2. Simplify configuration and code.
3. Encourage more consistent styling.
4. Improve performance.
5. Greater editor consistency.
Differential Revision: https://phabricator.services.mozilla.com/D18354
--HG--
extra : moz-landing-system : lando
This bumps flake8 to version 3.7.5.
This also ignores the new lint rules that were added in the new versions.
These rules are de-marked via comment so we know that they should be enabled at
some point (as opposed to the other rules that are (presumably) ignored
intentionally.
Differential Revision: https://phabricator.services.mozilla.com/D18353
--HG--
extra : moz-landing-system : lando
This is handy when performing process swaps, as it provides useful & important
information to parent-process callers.
Depends on D15608
Differential Revision: https://phabricator.services.mozilla.com/D15609
--HG--
extra : moz-landing-system : lando
This commit adds categories to all markers. This way the profiler's
marker categories and frame label categories agree. There are a few
duplicate category properties on some of the marker payloads, but
this could be cleaned up in a follow-up if needed.
Differential Revision: https://phabricator.services.mozilla.com/D16864
--HG--
extra : moz-landing-system : lando
Avoiding handle duplication for certain kinds of processes and allowing
it for everything else seems to be what we're already doing, so let's
make it easier to add new process types with that scheme in mind.