Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-23 10:15:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
581,571 Commits 615 Branches 98 Tags 5.9 GiB
384f6ede78
Commit Graph

4664 Commits

Author SHA1 Message Date
James Teh
752cda7b26 Bug 1433046: mscom::Interceptor: Don't destroy an aggregated interceptor before releasing its interface. r=aklotz 
When an object is aggregated, doing a QI to anything other than IUnknown on the inner object AddRefs the outer object.
Thus, before releasing our reference to the inner IUnknown (and thus destroying it), we *must* release any references to interfaces queried from it.
Otherwise, any pointers to interfaces of the inner object would be invalidated.

MozReview-Commit-ID: KXsA8Sagx6G

--HG--
extra : rebase_source : f1dca4ee71f2ed49c8ba19c12862f2b4f9881fca
 2018-02-08 15:53:20 +10:00
James Teh
d557fc0b1d Bug 1431404: Remove some accessibility related diagnostic crashes on Nightly. r=aklotz 
These conditions are rare and do indicate a problem which breaks accessibility.
However, we aren't getting any closer to diagnosing these as a result of these crashes, so they cause user pain without any gain to us.

MozReview-Commit-ID: D9U4et3Bg7d

--HG--
extra : rebase_source : a81263a0ef97a8ed87129d15ef30ded3005e740c
 2018-02-09 15:28:13 +10:00
Andreea Pavel
3d2179915d Backed out changeset e68169412c0b (bug 1431404) for failing mochitest browser chrome at browser/base/content/test/general/browser_datachoices_notification.js on a CLOSED TREE 2018-02-13 03:28:44 +02:00
James Teh
3f381e616f Bug 1431404: Remove some accessibility related diagnostic crashes on Nightly. r=aklotz 
These conditions are rare and do indicate a problem which breaks accessibility.
However, we aren't getting any closer to diagnosing these as a result of these crashes, so they cause user pain without any gain to us.

MozReview-Commit-ID: D9U4et3Bg7d

--HG--
extra : rebase_source : a81263a0ef97a8ed87129d15ef30ded3005e740c
 2018-02-09 15:28:13 +10:00
Alex Gaynor
de20b74dc4 Bug 1407693 - Part 2 - when a child process crashes, write extra annotation data to a pre-opened file descriptor instead of creating a new file; r=gsvelto,rbarker 
This removes the need for the content process to have permissions to create new
files on macOS, allowing more aggressive sandboxing.

MozReview-Commit-ID: 8agL5jwxDSL

--HG--
extra : rebase_source : 17ebcef3e9d24f3d4e7515e3fae95e65cef76a79
 2017-11-27 14:37:34 -06:00
Alex Gaynor
0d04153faf Bug 1407693 - Part 1 - Expose method for sharing a HANDLE to a child process in the sandboxing API; r=bobowen 
MozReview-Commit-ID: 3LBCzPS6Mzg

--HG--
extra : rebase_source : 7e1ea157eeea5810ad21d781e93b7046aebf2bd6
 2017-11-27 14:34:48 -06:00
Andreea Pavel
93f2f80c9d Backed out 2 changesets (bug 1407693) for windows mingw32 bustages at /builds/worker/workspace/build/src/ipc/glue/GeckoChildProcessHost.cpp:1032 on a CLOSED TREE 
Backed out changeset 9c3346021c21 (bug 1407693)
Backed out changeset f18e1e557cf6 (bug 1407693)
 2018-02-07 21:42:47 +02:00
Alex Gaynor
c190a71600 Bug 1407693 - Part 2 - when a child process crashes, write extra annotation data to a pre-opened file descriptor instead of creating a new file; r=gsvelto 
This removes the need for the content process to have permissions to create new
files on macOS, allowing more aggressive sandboxing.

MozReview-Commit-ID: 8agL5jwxDSL

--HG--
extra : rebase_source : 215577cd5ced3994a4c3345377b3feedea07e886
 2017-11-27 14:37:34 -06:00
Alex Gaynor
fe879d087a Bug 1407693 - Part 1 - Expose method for sharing a HANDLE to a child process in the sandboxing API; r=bobowen 
MozReview-Commit-ID: 3LBCzPS6Mzg

--HG--
extra : rebase_source : 70b31bde82bfd3721b75cc9dc7171b2c1efc5f9f
 2017-11-27 14:34:48 -06:00
Dorel Luca
112cc1ff6b Backed out 3 changesets (bug 1430857) for breaking tests on Windows Code Coverage builds a=backout 
Backed out changeset a992887a6060 (bug 1430857)
Backed out changeset cc9b0ac5f66b (bug 1430857)
Backed out changeset 4bdd6d82f993 (bug 1430857)
 2018-02-07 15:02:58 +02:00
Aaron Klotz
200eb77750 Bug 1430857: Part 1 - Refactor DllServices to make it possible to obtain them from anywhere in Gecko; r=jimm 
MozReview-Commit-ID: GfWata0eCc5

--HG--
extra : rebase_source : 3a5b4a6f0412311f0b9080a2b3b3a31e45d15b75
 2018-01-30 14:23:10 -07:00
Andrew McCreight
5dec0e0beb Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian 
This patch was autogenerated by my decomponents.py

It covers almost every file with the extension js, jsm, html, py,
xhtml, or xul.

It removes blank lines after removed lines, when the removed lines are
preceded by either blank lines or the start of a new block. The "start
of a new block" is defined fairly hackily: either the line starts with
//, ends with */, ends with {, <![CDATA[, """ or '''. The first two
cover comments, the third one covers JS, the fourth covers JS embedded
in XUL, and the final two cover JS embedded in Python. This also
applies if the removed line was the first line of the file.

It covers the pattern matching cases like "var {classes: Cc,
interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove
the entire thing if they are all either Ci, Cr, Cc or Cu, or it will
remove the appropriate ones and leave the residue behind. If there's
only one behind, then it will turn it into a normal, non-pattern
matching variable definition. (For instance, "const { classes: Cc,
Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes
"const CC = Components.Constructor".)

MozReview-Commit-ID: DeSHcClQ7cG

--HG--
extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b
 2018-02-06 09:36:57 -08:00
Andrea Marchesini
8cdf705535 Bug 1435174 - Remove the renaming 'using namespace workers', r=bkelly 2018-02-05 19:55:07 +01:00
Nika Layzell
785a14270e Bug 1431867 - Part 2: Add move constructors and assignment operators to IPDL unions, r=mccr8 
MozReview-Commit-ID: IQVODEfMGi9
 2018-02-01 11:30:50 -05:00
Nika Layzell
a1e4513e2a Bug 1431867 - Part 1: Remove some unnecessary complexity from generated IPDL structs, r=mccr8 
MozReview-Commit-ID: HvX4ZF8t9Eg
 2018-02-01 11:30:49 -05:00
Gian-Carlo Pascutto
d959ea23b4 Bug 1386404 - Don't try to fetch the content process tmpdir if sandboxing is disabled. r=jld 
MozReview-Commit-ID: zaWPy4rt1J

--HG--
extra : rebase_source : 2b4fcf210c986ae9c0f74619df3290e7cd9fbfd0
extra : histedit_source : e2ef0fa68e9a0d544e11ac4475cab4e6e97f74fc
 2018-01-09 17:51:55 +01:00
Gian-Carlo Pascutto
7fd8a36d1c Bug 1386404 - Intercept access to /tmp and rewrite to content process tempdir. r=jld 
MozReview-Commit-ID: 2h9hw6opYof

--HG--
extra : rebase_source : 73c677be84d62ed958d07b0aca0947dd0e9448c7
extra : histedit_source : 499d483f58372b7b06a36da3fdf0ea3afc12feeb
 2017-10-26 17:50:49 +02:00
Gian-Carlo Pascutto
6520179659 Bug 1386404 - Enable content-process specific tmpdir on Linux. r=jld 
MozReview-Commit-ID: 6Hijq0to9MG

--HG--
extra : rebase_source : 8435b8e39d9723c52b0176a7686895185136aa6e
extra : histedit_source : 50c41172788fddead6357f1d566d0e48de8c90d6
 2018-01-09 16:29:40 +01:00
Noemi Erli
7df180b6ad Backed out 2 changesets (bug 1431867) for build bustages on ClientSourceOpChild.cpp:57:12 on a CLOSED TREE 
Backed out changeset 4cdb114a46f9 (bug 1431867)
Backed out changeset b5a46d76193b (bug 1431867)
 2018-01-31 22:15:54 +02:00
Nika Layzell
08119d282a Bug 1431867 - Part 2: Add move constructors and assignment operators to IPDL unions, r=mccr8 
MozReview-Commit-ID: IQVODEfMGi9
 2018-01-31 14:40:36 -05:00
Nika Layzell
c9e0af69b6 Bug 1431867 - Part 1: Remove some unnecessary complexity from generated IPDL structs, r=mccr8 
MozReview-Commit-ID: HvX4ZF8t9Eg
 2018-01-31 14:40:35 -05:00
Bogdan Tara
1f15df5f24 Merge mozilla-central to mozilla-inbound. a=merge CLOSED TREE 2018-01-31 12:11:39 +02:00
Andrea Marchesini
26352bfee1 Bug 1432963 - Fixing workers headers - part 17 - no LIBS=[workers] in moz.build files, r=smaug 2018-01-31 08:25:30 +01:00
Andrea Marchesini
a5bed23bd8 Bug 1432963 - Fixing workers headers - part 15 - static function in a workers namespace, r=smaug 2018-01-31 08:24:30 +01:00
Andrea Marchesini
2c7c69af24 Bug 1432963 - Fixing workers headers - part 14 - WorkerPrivate without workers namespace, r=smaug 2018-01-31 08:24:08 +01:00
Andrea Marchesini
063723a1f0 Bug 1432963 - Fixing workers headers - part 13 - WorkerHolder without workers namespace, r=smaug 2018-01-31 08:23:44 +01:00
arthur.iakab
c4dd80eca3 Merge mozilla-central to autoland 2018-01-31 00:41:58 +02:00
Jim Chen
ffe5a4900b Bug 1428182 - 5. Update libevent patch for Android builds; r=froydnj 
Support for accept4 and arc4random_buf depends on which set of NDK
headers we're using. accept4 is supported for API >= 21 for unified and
non-unified headers. arc4random_buf is supported for API >= 21 if using
non-unified headers, and it's always supported if using unified headers
(the unified headers provide shims for API < 21).

MozReview-Commit-ID: FY8n5jWXB1K

--HG--
rename : ipc/chromium/src/third_party/libevent/patches/android-arc4random-buf.patch => ipc/chromium/src/third_party/libevent/patches/android-api-level.patch
extra : rebase_source : 45ec28ca03ba877d9e0911bde081df7d9cb2d3d2
 2018-01-30 14:08:23 -05:00
Petr Sumbera
6c6e2604c1 Bug 1434328 - process_util_linux.cc with fork_delegate should build on Solaris too r=jld 2018-01-30 08:47:26 -08:00
Gurzau Raul
c380dfe905 Merge inbound to mozilla-central. a=merge 2018-01-30 12:01:49 +02:00
Cosmin Sabou
c6a0d55423 Backed out 11 changesets (bug 1428182) for build bustages on pixman-inlines.h:29:10 on a CLOSED TREE 
Backed out changeset 84c767de6202 (bug 1428182)
Backed out changeset 429433caa78c (bug 1428182)
Backed out changeset c576e9d1f68f (bug 1428182)
Backed out changeset 092662eab5eb (bug 1428182)
Backed out changeset 4dd7eaff3ab5 (bug 1428182)
Backed out changeset fbbb0745b139 (bug 1428182)
Backed out changeset 1d1278b289b7 (bug 1428182)
Backed out changeset 55891ffb3768 (bug 1428182)
Backed out changeset 4655e1b1b237 (bug 1428182)
Backed out changeset 377eada51b3c (bug 1428182)
Backed out changeset 17c0e373d921 (bug 1428182)

--HG--
rename : ipc/chromium/src/third_party/libevent/patches/android-api-level.patch => ipc/chromium/src/third_party/libevent/patches/android-arc4random-buf.patch
 2018-01-30 01:22:33 +02:00
Jim Chen
dbaea867e2 Bug 1428182 - 5. Update libevent patch for Android builds; r=froydnj 
Support for accept4 and arc4random_buf depends on which set of NDK
headers we're using. accept4 is supported for API >= 21 for unified and
non-unified headers. arc4random_buf is supported for API >= 21 if using
non-unified headers, and it's always supported if using unified headers
(the unified headers provide shims for API < 21).

MozReview-Commit-ID: FY8n5jWXB1K

--HG--
rename : ipc/chromium/src/third_party/libevent/patches/android-arc4random-buf.patch => ipc/chromium/src/third_party/libevent/patches/android-api-level.patch
extra : rebase_source : a8974cb1e8e71a8c951754ca9902fff28c099031
 2018-01-29 17:38:13 -05:00
Aaron Klotz
1559fd3d00 Bug 1433046: Use WeakReferenceSupport::StabilizeRefCount instead of regular kung-fu death grips when aggregating; r=Jamie 
This fix is completely speculative, but I have strong reason to believe that
we are having lifetime issues, and that refcount stabilization might be coming
into play.

The situation is this:

Suppose we're aggregating an object, so we pass |this| as the outer IUnknown.
The inner object might perform AddRef() and Release() on |this| during its
initialization.

But if we're in the process of creating the outer object, that refcount might
not yet have been incremented by 1, so the inner object's invocation of the
outer object's Release() could trigger a deletion.

The way around this is to temporarily bump the refcount when aggregating another
object. The key, though, is to not do this via AddRef() and Release(), but by
direct maniuplation of the refcount variable, so that we don't trigger any of
the self-deletion stuff.

MozReview-Commit-ID: 3WA2AJvb6jY

--HG--
extra : rebase_source : ab05a52760541a4ab11f1245a5ddeae938998047
 2018-01-25 13:45:21 -07:00
Daniel Zielas
e80f2e7469 Bug 1427229 - Perform validation when sending an EnumSet over IPC. r=botond,froydnj 
MozReview-Commit-ID: Cmugi1ldc1Z

--HG--
extra : amend_source : 88b792772ce7948172a68fda03d6d61de66347de
 2018-01-21 21:23:21 +01:00
David Parks
cc15f3d517 Bug 1382251: Part 8 - Migrate some previously hooked functions to FunctionHook/Broker; r=jimm,froydnj 
Moves GetWindowInfo, GetKeyState, SetCursorPos, GetSaveFileNameW and GetOpenFileNameW to the new FunctionHook and FunctionBroker systems.
 2017-11-06 11:07:16 -08:00
David Parks
9a40a70447 Bug 1382251: Part 7 - Add mechanism for automatically brokering DLL functions; r=jimm 
The FunctionBroker is a special kind of FunctionHook that brokers the hooked function on another process.  In the child process, it uses the FunctionBrokerChild to request that the FunctionBrokerParent run a function and return the response.  It handles most cases of parameter, return value and error marshaling on its own.  It also guarantees that requests are issued from the proper thread.
 2017-11-06 10:34:47 -08:00
David Parks
93bbbac8e4 Bug 1382251: Part 6 - Start/stop new top-level brokering actors on their own threads; r=jld 
The FunctionBroker actors allow the NPAPI process (child) to run methods on the main process (parent).  Both the parent and the child run dedicated threads for this task -- this is a top-level protocol.
 2017-11-06 10:29:15 -08:00
Ben Kelly
e71d8db226 Bug 1430139 P3 Remove workers namespace from service worker code. r=asuth 2018-01-26 13:08:59 -08:00
Ben Kelly
0325169284 Bug 1430139 P2 Make the tree compile again after moving the code to dom/serviceworkers. r=asuth 2018-01-26 13:08:58 -08:00
Narcis Beleuzu
9279994eae Merge inbound to mozilla-central. a=merge 2018-01-24 23:56:14 +02:00
Alex Gaynor
8fed0e13dc Bug 1432811 - remove duplicative #if clauses in process spawning; r=bobowen 
MozReview-Commit-ID: FcvqEBbBxcW

--HG--
extra : rebase_source : 411ae9778642bee88482fe2e423b47b6387bdbd4
 2018-01-24 10:48:33 -05:00
Sebastian Hengst
78d2a3c1db Merge mozilla-central to mozilla-inbound 2018-01-24 14:24:05 +02:00
Aaron Klotz
1baadb6673 Bug 1404482: Remove crash report annotation that was being made before the crash reporter initialized; r=Jamie 
MozReview-Commit-ID: 2Nn0Bzxrvd2

--HG--
extra : rebase_source : 9d967f226ec34c76bbcee00bf7632e45822da5f6
 2018-01-23 12:06:58 -07:00
Aaron Klotz
37fc167ff3 Bug 1428759: Remove mutual exclusion from WeakReferenceSupport interface queries; r=Jamie 
--HG--
extra : rebase_source : 1626509510d4f6018381b3f183ca40f2085f46d5
 2018-01-12 14:17:18 -07:00
Ben Kelly
9225189e3a Bug 1231211 P3 Serialize LoadInfo's mClientInfo, mReservedClientInfo, and mReservedClientInfo members across IPC. r=valentin 2018-01-23 10:38:52 -05:00
Ben Kelly
8e535f8460 Bug 1231211 P2 Pass the controller ServiceWorkerDescriptor on the channel LoadInfo and back in PHttpChannel's OnStartRequest message. r=valentin 2018-01-23 10:38:52 -05:00
Ben Kelly
8d4bfc7c66 Bug 1231211 P1 Allow docshell reload state to be set on LoadInfo. r=valentin 2018-01-23 10:38:51 -05:00
Jed Davis
6cc01043ce Bug 1401062 - Create Linux child processes with clone() for namespace/chroot sandboxing. r=gcp 
Namespace isolation is now handled by using clone() at process creation
time, rather than calling unshare.

pthread_atfork will no longer apply to sandboxed child processes.
The two significant uses of it in Firefox currently are to (1) make
malloc work post-fork, which we already avoid depending on in IPC and
sandboxing, and (2) block SIGPROF while forking, which is taken care of;
see SandboxFork::Fork for details.  Note that if we need pthread_atfork
in the future it could be emulated by symbol interposition.

clone() is called via glibc's wrapper, for increased compatibility vs.
invoking the syscall directly, using longjmp to recover the syscall's
fork-like semantics the same way Chromium does; see comments for details.

The chroot helper is reimplemented; the general approach is similar,
but instead of a thread it's a process cloned with CLONE_FS (so the
filesystem root is shared) from the child process before it calls
exec, so that it still holds CAP_SYS_CHROOT in the newly created user
namespace.  This does mean that it will retain a CoW copy of the
parent's address space until the child starts sandboxing, but that is a
relatively short period of time, so the memory overhead should be small
and short-lived.

The chrooting now happens *after* the seccomp-bpf policy is applied;
previously this wasn't possible because the chroot thread would have
become seccomp-restricted and unable to chroot.  This fixes a potential
race condition where a thread could try to access the filesystem after
chrooting but before having its syscalls intercepted for brokering,
causing spurious failure.  (This failure mode hasn't been observed in
practice, but we may not be looking for it.)

This adds a hidden bool pref, security.sandbox.content.force-namespace,
which unshares the user namespace (if possible) even if no sandboxing
requires it.  It defaults to true on Nightly and false otherwise, to
get test coverage; the default will change to false once we're using
namespaces by default with content.

MozReview-Commit-ID: JhCXF9EgOt6

--HG--
rename : security/sandbox/linux/LinuxCapabilities.cpp => security/sandbox/linux/launch/LinuxCapabilities.cpp
rename : security/sandbox/linux/LinuxCapabilities.h => security/sandbox/linux/launch/LinuxCapabilities.h
extra : rebase_source : f37acacd4f79b0d6df0bcb9d1d5ceb4b9c5e6371
 2017-10-06 17:16:41 -06:00
Heiher
245134e169 Bug 1430745 - IPC: Fix unaligned accesses in DirReaderLinux. r=froydnj 
---
 ipc/chromium/src/base/dir_reader_linux.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 2018-01-17 23:17:28 +08:00
Chris Peterson
1a33f28694 Bug 1428984 - Part 3: Remove unused inline flag. r=froydnj 
inline is never set so cgen never emits inline.

MozReview-Commit-ID: BDL6BV8906t

--HG--
extra : rebase_source : aa51cda34db36ba08622d9940402cea14617c74a
 2018-01-12 21:14:53 -08:00