Bug 1466877 Part 2 - Child side changes for sandboxing, r=mccr8.
authorBrian Hackett <bhackett1024@gmail.com>
Sun, 22 Jul 2018 11:54:55 +0000
changeset 427736 f8e773fd295e830d2e715667e1727f06056c0ff1
parent 427735 601b20ba619baff88c910f3a5edb1482be798585
child 427737 e331895810fba7f631b1c67abe8e861c783a4abc
push id34314
push usercsabou@mozilla.com
push dateMon, 23 Jul 2018 09:31:12 +0000
treeherdermozilla-central@143984185dce [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmccr8
bugs1466877
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1466877 Part 2 - Child side changes for sandboxing, r=mccr8.
toolkit/recordreplay/ipc/Channel.cpp
toolkit/recordreplay/ipc/ChildIPC.cpp
toolkit/recordreplay/ipc/ChildIPC.h
toolkit/xre/nsEmbedFunctions.cpp
--- a/toolkit/recordreplay/ipc/Channel.cpp
+++ b/toolkit/recordreplay/ipc/Channel.cpp
@@ -170,17 +170,16 @@ Channel::WaitForMessage()
       MOZ_RELEASE_ASSERT(errno == EAGAIN);
       continue;
     } else if (nbytes == 0) {
       // The other side of the channel has shut down.
       if (IsMiddleman()) {
         return nullptr;
       }
       PrintSpew("Channel disconnected, exiting...\n");
-      DeleteSnapshotFiles();
       _exit(0);
     }
 
     mMessageBytes += nbytes;
   }
 
   Message* res = ((Message*)mMessageBuffer.begin())->Clone();
 
--- a/toolkit/recordreplay/ipc/ChildIPC.cpp
+++ b/toolkit/recordreplay/ipc/ChildIPC.cpp
@@ -181,34 +181,39 @@ ListenForCheckpointThreadMain(void*)
       MOZ_RELEASE_ASSERT(errno == EINTR);
     }
   }
 }
 
 void* gGraphicsShmem;
 
 void
-InitRecordingOrReplayingProcess(base::ProcessId aParentPid,
-                                int* aArgc, char*** aArgv)
+InitRecordingOrReplayingProcess(int* aArgc, char*** aArgv)
 {
   if (!IsRecordingOrReplaying()) {
     return;
   }
 
-  gMiddlemanPid = aParentPid;
-
+  Maybe<int> middlemanPid;
   Maybe<int> channelID;
   for (int i = 0; i < *aArgc; i++) {
+    if (!strcmp((*aArgv)[i], gMiddlemanPidOption)) {
+      MOZ_RELEASE_ASSERT(middlemanPid.isNothing() && i + 1 < *aArgc);
+      middlemanPid.emplace(atoi((*aArgv)[i + 1]));
+    }
     if (!strcmp((*aArgv)[i], gChannelIDOption)) {
       MOZ_RELEASE_ASSERT(channelID.isNothing() && i + 1 < *aArgc);
       channelID.emplace(atoi((*aArgv)[i + 1]));
     }
   }
+  MOZ_RELEASE_ASSERT(middlemanPid.isSome());
   MOZ_RELEASE_ASSERT(channelID.isSome());
 
+  gMiddlemanPid = middlemanPid.ref();
+
   Maybe<AutoPassThroughThreadEvents> pt;
   pt.emplace();
 
   gMonitor = new Monitor();
   gChannel = new Channel(channelID.ref(), ChannelMessageHandler);
 
   pt.reset();
 
@@ -327,17 +332,16 @@ ReportFatalError(const char* aFormat, ..
 
   // Don't take the message lock when sending this, to avoid touching the heap.
   gChannel->SendMessage(*msg);
 
   DirectPrint("***** Fatal Record/Replay Error *****\n");
   DirectPrint(buf);
   DirectPrint("\n");
 
-  DeleteSnapshotFiles();
   UnrecoverableSnapshotFailure();
 
   // Block until we get a terminate message and die.
   Thread::WaitForeverNoIdle();
 }
 
 void
 NotifyFlushedRecording()
--- a/toolkit/recordreplay/ipc/ChildIPC.h
+++ b/toolkit/recordreplay/ipc/ChildIPC.h
@@ -28,19 +28,18 @@ namespace child {
 // IPC with the middleman process, and IPDL actors are created up front for use
 // in communicating with the middleman using the PReplay protocol.
 
 ///////////////////////////////////////////////////////////////////////////////
 // Public API
 ///////////////////////////////////////////////////////////////////////////////
 
 // Initialize replaying IPC state. This is called once during process startup,
-// and is a no-op if the process is not replaying.
-void InitRecordingOrReplayingProcess(base::ProcessId aParentPid,
-                                     int* aArgc, char*** aArgv);
+// and is a no-op if the process is not recording/replaying.
+void InitRecordingOrReplayingProcess(int* aArgc, char*** aArgv);
 
 // Get the contents of the prefs shmem as conveyed to the middleman process.
 char* PrefsShmemContents(size_t aPrefsLen);
 
 base::ProcessId MiddlemanProcessId();
 base::ProcessId ParentProcessId();
 
 // Notify the middleman that the recording was flushed.
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -622,20 +622,17 @@ XRE_InitChildProcess(int aArgc,
         // If we don't have a valid tmp dir we can probably still run ok, but
         // crash report .extra files might not get picked up by the parent
         // process. Debug-assert because this shouldn't happen in practice.
         MOZ_ASSERT(false, "GPU process started without valid tmp dir!");
       }
     }
   }
 
-  // During replay we need to keep track of both the actual parent pid and the
-  // original parent pid which was in use during the recording. Replayed
-  // content uses the original pid, while IPC we perform uses the actual pid.
-  base::ProcessId actualParentPID = parentPID;
+  // While replaying, use the parent PID that existed while recording.
   parentPID = recordreplay::RecordReplayValue(parentPID);
 
 #ifdef XP_MACOSX
   mozilla::ipc::SharedMemoryBasic::SetupMachMemory(parentPID, ports_in_receiver, ports_in_sender,
                                                    ports_out_sender, ports_out_receiver, true);
 #endif
 
 #if defined(XP_WIN)
@@ -678,17 +675,17 @@ XRE_InitChildProcess(int aArgc,
       uiLoopType = MessageLoop::TYPE_UI;
       break;
   }
 
   // If we are recording or replaying, initialize state and update arguments
   // according to those which were captured by the MiddlemanProcessChild in the
   // middleman process. No argument manipulation should happen between this
   // call and the point where the process child is initialized.
-  recordreplay::child::InitRecordingOrReplayingProcess(actualParentPID, &aArgc, &aArgv);
+  recordreplay::child::InitRecordingOrReplayingProcess(&aArgc, &aArgv);
 
   {
     // This is a lexical scope for the MessageLoop below.  We want it
     // to go out of scope before NS_LogTerm() so that we don't get
     // spurious warnings about XPCOM objects being destroyed from a
     // static context.
 
     // Associate this thread with a UI MessageLoop