Failures from mach port reference handling should be fatal
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Apr 2018 19:43:01 +0000 (19:43 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Apr 2018 19:43:01 +0000 (19:43 +0000)
https://bugs.webkit.org/show_bug.cgi?id=184202
<rdar://problem/37771114>

Reviewed by Anders Carlsson.

Source/WebCore:

We may corrupt the Mach port space by improperly matching the equivalent of reference counting
retains (mach_port_mod_refs) with releases (mach_port_deallocate).

Our current implementation of MachSendRights::create does not grab a reference if the passed
port is MACH_PORT_DEAD, but we unconditionally call mach_port_deallocate on the port, which
could lead to a reference count mismatch.

Likewise, our MachSendRight destructor does not release the port if it has changed to MACH_PORT_DEAD
(e.g., if a child process dies), again leading to a mismatch in retain/releases.

Finally, failures in mach_port_deallocate should be fatal because they indicate that the
application was attempting to remove an unowned right. This is a fatal condition for Mach, and
should lead to an abort.

This patch does the following:

1. It creates a helper function that does the right thing for safely deallocating a mach port.
2. It uses it in multiple places.
3. It revises 'MachSendRight::create" so that it properly handles the condition of a dead port.
4. It revises the MachSendRight destructor to properly handle the condition of a dead port.

No new tests, no change in behavior expected.

* SourcesCocoa.txt: Update for move of MachSendRight files.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* page/cocoa/ResourceUsageThreadCocoa.mm:
(WebCore::getMachThreads): Added.
(WebCore::cpuUsage): Use the new cleanup helper function.
* platform/cocoa/MachSendRight.cpp: Removed.
* platform/cocoa/MachSendRight.h: Removed.
* platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.mm:
(WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenLayer):
* platform/graphics/cocoa/IOSurface.h:
* platform/graphics/cocoa/IOSurface.mm:

Source/WebKit:

Update for new location of MachSendRight.h. Switch to
#pragma once in a few places.

* Platform/IPC/mac/ConnectionMac.mm:
(IPC::Connection::platformInvalidate): Adopt new 'safe mach_port_t deallocation' function.
(IPC::Connection::initializeSendSource): Ditto.
(IPC::Connection::receiveSourceEventHandler): Ditto.
* Platform/SharedMemory.h:
* Platform/cocoa/SharedMemoryCocoa.cpp:
(WebKit::SharedMemory::Handle::clear): Ditto.
(WebKit::makeMemoryEntry): Ditto.
(WebKit::SharedMemory::createSendRight const): Ditto.
* Platform/mac/LayerHostingContext.h:
* Platform/mac/LayerHostingContext.mm:
* PluginProcess/PluginControllerProxy.h:
* PluginProcess/PluginProcess.h:
(WebKit::PluginProcess::compositingRenderServerPort const):
* Scripts/messages.py:
(headers_for_type): Update for new location of MachSendRight.
* Shared/Plugins/PluginProcessCreationParameters.h:
* Shared/RemoteLayerTree/RemoteLayerBackingStore.h:
* Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::encode const):
* Shared/WebCoreArgumentCoders.h:
* Shared/WebProcessCreationParameters.h:
* Shared/mac/WebCoreArgumentCodersMac.mm:
* UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
* UIProcess/DrawingAreaProxy.cpp:
* UIProcess/DrawingAreaProxy.h:
* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::ProcessLauncher::launchProcess): Ditto. Remove uneeded mach_port_dealloc called after
xpc_dictionary_set_mach_send. While '..._set_mach_send' retains the send right, it gets automatically
released when the message is handled. We only want to manually deallocate the send right if
the message failed to send.
* UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
* UIProcess/WebPageProxy.cpp:
* UIProcess/WebPageProxy.h:
* UIProcess/WebPageProxy.messages.in:
* UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.h:
* UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm:
* UIProcess/mac/WKViewLayoutStrategy.mm:
* WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:
* WebProcess/Plugins/Netscape/NetscapePlugin.h:
* WebProcess/Plugins/Netscape/mac/NetscapePluginMac.mm:
* WebProcess/Plugins/PluginController.h:
* WebProcess/Plugins/PluginView.h:
* WebProcess/WebPage/DrawingArea.h:
(WebKit::DrawingArea::addFence):
(WebKit::DrawingArea::updateGeometry):
* WebProcess/WebPage/DrawingArea.messages.in:
* WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
* WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:
(WebKit::RemoteLayerTreeDrawingArea::updateGeometry):
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::setTopContentInsetFenced):
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
* WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
(WebKit::TiledCoreAnimationDrawingArea::updateGeometry):
* WebProcess/WebProcess.h:
(WebKit::WebProcess::compositingRenderServerPort const):
* WebProcess/cocoa/VideoFullscreenManager.mm:
(WebKit::VideoFullscreenManager::setVideoLayerFrameFenced):

Source/WebKitLegacy/mac:

* Plugins/Hosted/NetscapePluginHostManager.mm:
(WebKit::NetscapePluginHostManager::spawnPluginHost): Adopt new 'safe mach_port_t deallocation' function.

Source/WTF:

* WTF.xcodeproj/project.pbxproj:
* wtf/MachSendRight.h: Copied from WebCore/platform/cocoa/MachSendRight.h.
(WebCore::MachSendRight::operator bool const): Deleted.
(WebCore::MachSendRight::sendRight const): Deleted.
* wtf/PlatformMac.cmake:
* wtf/cocoa/CPUTimeCocoa.mm:
(WTF::CPUTime::forCurrentThread): Do proper cleanup if the port is invalid.
* wtf/cocoa/MachSendRight.cpp: Copied from WebCore/platform/cocoa/MachSendRight.cpp.
(WTF::retainSendRight):
(WTF::releaseSendRight):
(WTF::deallocateSendRightSafely):
(WebCore::retainSendRight): Deleted.
(WebCore::releaseSendRight): Deleted.
(WebCore::MachSendRight::adopt): Deleted.
(WebCore::MachSendRight::create): Deleted.
(WebCore::MachSendRight::MachSendRight): Deleted.
(WebCore::MachSendRight::~MachSendRight): Deleted.
(WebCore::MachSendRight::operator=): Deleted.
(WebCore::MachSendRight::copySendRight const): Deleted.
(WebCore::MachSendRight::leakSendRight): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230269 268f45cc-cd09-0410-ab3c-d52691b4dbfc

56 files changed:
Source/WTF/ChangeLog
Source/WTF/WTF.xcodeproj/project.pbxproj
Source/WTF/wtf/CMakeLists.txt
Source/WTF/wtf/MachSendRight.h [moved from Source/WebCore/platform/cocoa/MachSendRight.h with 70% similarity]
Source/WTF/wtf/PlatformMac.cmake
Source/WTF/wtf/cocoa/CPUTimeCocoa.mm
Source/WTF/wtf/cocoa/MachSendRight.cpp [moved from Source/WebCore/platform/cocoa/MachSendRight.cpp with 72% similarity]
Source/WebCore/ChangeLog
Source/WebCore/SourcesCocoa.txt
Source/WebCore/WebCore.xcodeproj/project.pbxproj
Source/WebCore/page/cocoa/ResourceUsageThreadCocoa.mm
Source/WebCore/platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.mm
Source/WebCore/platform/graphics/cocoa/IOSurface.h
Source/WebCore/platform/graphics/cocoa/IOSurface.mm
Source/WebKit/ChangeLog
Source/WebKit/Platform/IPC/mac/ConnectionMac.mm
Source/WebKit/Platform/SharedMemory.h
Source/WebKit/Platform/cocoa/SharedMemoryCocoa.cpp
Source/WebKit/Platform/mac/LayerHostingContext.h
Source/WebKit/Platform/mac/LayerHostingContext.mm
Source/WebKit/PluginProcess/PluginControllerProxy.h
Source/WebKit/PluginProcess/PluginProcess.h
Source/WebKit/Scripts/webkit/messages.py
Source/WebKit/Shared/Plugins/PluginProcessCreationParameters.h
Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.h
Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm
Source/WebKit/Shared/WebCoreArgumentCoders.h
Source/WebKit/Shared/WebProcessCreationParameters.h
Source/WebKit/Shared/mac/WebCoreArgumentCodersMac.mm
Source/WebKit/UIProcess/Cocoa/VideoFullscreenManagerProxy.mm
Source/WebKit/UIProcess/DrawingAreaProxy.cpp
Source/WebKit/UIProcess/DrawingAreaProxy.h
Source/WebKit/UIProcess/Launcher/mac/ProcessLauncherMac.mm
Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm
Source/WebKit/UIProcess/WebPageProxy.cpp
Source/WebKit/UIProcess/WebPageProxy.h
Source/WebKit/UIProcess/WebPageProxy.messages.in
Source/WebKit/UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.h
Source/WebKit/UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm
Source/WebKit/UIProcess/mac/WKViewLayoutStrategy.mm
Source/WebKit/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp
Source/WebKit/WebProcess/Plugins/Netscape/NetscapePlugin.h
Source/WebKit/WebProcess/Plugins/Netscape/mac/NetscapePluginMac.mm
Source/WebKit/WebProcess/Plugins/PluginController.h
Source/WebKit/WebProcess/Plugins/PluginView.h
Source/WebKit/WebProcess/WebPage/DrawingArea.h
Source/WebKit/WebProcess/WebPage/DrawingArea.messages.in
Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h
Source/WebKit/WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm
Source/WebKit/WebProcess/WebPage/WebPage.cpp
Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h
Source/WebKit/WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm
Source/WebKit/WebProcess/WebProcess.h
Source/WebKit/WebProcess/cocoa/VideoFullscreenManager.mm
Source/WebKitLegacy/mac/ChangeLog
Source/WebKitLegacy/mac/Plugins/Hosted/NetscapePluginHostManager.mm

index 90bf614..6477a09 100644 (file)
@@ -1,3 +1,32 @@
+2018-04-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Failures from mach port reference handling should be fatal
+        https://bugs.webkit.org/show_bug.cgi?id=184202
+        <rdar://problem/37771114>
+
+        Reviewed by Anders Carlsson.
+
+        * WTF.xcodeproj/project.pbxproj:
+        * wtf/MachSendRight.h: Copied from WebCore/platform/cocoa/MachSendRight.h.
+        (WebCore::MachSendRight::operator bool const): Deleted.
+        (WebCore::MachSendRight::sendRight const): Deleted.
+        * wtf/PlatformMac.cmake:
+        * wtf/cocoa/CPUTimeCocoa.mm:
+        (WTF::CPUTime::forCurrentThread): Do proper cleanup if the port is invalid.
+        * wtf/cocoa/MachSendRight.cpp: Copied from WebCore/platform/cocoa/MachSendRight.cpp.
+        (WTF::retainSendRight):
+        (WTF::releaseSendRight):
+        (WTF::deallocateSendRightSafely):
+        (WebCore::retainSendRight): Deleted.
+        (WebCore::releaseSendRight): Deleted.
+        (WebCore::MachSendRight::adopt): Deleted.
+        (WebCore::MachSendRight::create): Deleted.
+        (WebCore::MachSendRight::MachSendRight): Deleted.
+        (WebCore::MachSendRight::~MachSendRight): Deleted.
+        (WebCore::MachSendRight::operator=): Deleted.
+        (WebCore::MachSendRight::copySendRight const): Deleted.
+        (WebCore::MachSendRight::leakSendRight): Deleted.
+
 2018-04-04  Youenn Fablet  <youenn@apple.com>
 
         Introduce a ThreadSafeRefCounted parameter to ensure being destroyed on the main thread
index f0b0f72..3c6cf32 100644 (file)
@@ -78,6 +78,7 @@
                70A993FE1AD7151300FA615B /* SymbolRegistry.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 70A993FC1AD7151300FA615B /* SymbolRegistry.cpp */; };
                70ECA60D1B02426800449739 /* AtomicStringImpl.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 70ECA60A1B02426800449739 /* AtomicStringImpl.cpp */; };
                7A05093F1FB9DCC500B33FB8 /* JSONValues.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A05093E1FB9DCC500B33FB8 /* JSONValues.cpp */; };
+               7A6EBA3420746C34004F9C44 /* MachSendRight.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A6EBA3320746C34004F9C44 /* MachSendRight.cpp */; };
                7AF023B52061E17000A8EFD6 /* ProcessPrivilege.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7AF023B42061E16F00A8EFD6 /* ProcessPrivilege.cpp */; };
                7AFEC6B11EB22B5900DADE36 /* UUID.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7AFEC6B01EB22B5900DADE36 /* UUID.cpp */; };
                8134013815B092FD001FF0B8 /* Base64.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 8134013615B092FD001FF0B8 /* Base64.cpp */; };
                0FFBCBFA1FD37E0F0072AAF0 /* CountingLock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CountingLock.h; sourceTree = "<group>"; };
                0FFF19DA1BB334EB00886D91 /* ParallelHelperPool.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ParallelHelperPool.cpp; sourceTree = "<group>"; };
                0FFF19DB1BB334EB00886D91 /* ParallelHelperPool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ParallelHelperPool.h; sourceTree = "<group>"; };
+               132743924FC54E469F5A8E6E /* StdUnorderedSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdUnorderedSet.h; sourceTree = "<group>"; };
                14022F4018F5C3FC007FF0EB /* libbmalloc.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libbmalloc.a; sourceTree = BUILT_PRODUCTS_DIR; };
                143F611D1565F0F900DB514A /* RAMSize.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RAMSize.cpp; sourceTree = "<group>"; };
                143F611E1565F0F900DB514A /* RAMSize.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RAMSize.h; sourceTree = "<group>"; };
                3137E1D7DBD84AC38FAE4D34 /* IndexSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = IndexSet.h; sourceTree = "<group>"; };
                313EDEC9778E49C9BEA91CFC /* StackTrace.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StackTrace.cpp; sourceTree = "<group>"; };
                37C7CC291EA40A73007BD956 /* WeakLinking.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WeakLinking.h; sourceTree = "<group>"; };
+               391BD6BA4D164FD294F9A93D /* StdMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdMap.h; sourceTree = "<group>"; };
                413FE8F51F8D2EAB00F6D7D7 /* CallbackAggregator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CallbackAggregator.h; sourceTree = "<group>"; };
                430B47871AAAAC1A001223DA /* StringCommon.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StringCommon.h; sourceTree = "<group>"; };
                46BA9EAB1F4CD61E009A2BBC /* CompletionHandler.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CompletionHandler.h; sourceTree = "<group>"; };
                53534F291EC0E10E00141B2F /* MachExceptions.defs */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.mig; path = MachExceptions.defs; sourceTree = "<group>"; };
                539EB0621D55284200C82EF7 /* LEBDecoder.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = LEBDecoder.h; sourceTree = "<group>"; };
                53EC253C1E95AD30000831B9 /* PriorityQueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PriorityQueue.h; sourceTree = "<group>"; };
+               53F08A1BA39D49A8BAD369A1 /* StdSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdSet.h; sourceTree = "<group>"; };
                53F1D98620477B9800EBC6BF /* FunctionTraits.h */ = {isa = PBXFileReference; explicitFileType = sourcecode.cpp.h; path = FunctionTraits.h; sourceTree = "<group>"; };
                553071C91C40427200384898 /* TinyLRUCache.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TinyLRUCache.h; sourceTree = "<group>"; };
                5597F82C1D94B9970066BC21 /* SynchronizedFixedQueue.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SynchronizedFixedQueue.h; sourceTree = "<group>"; };
                70ECA60B1B02426800449739 /* SymbolImpl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SymbolImpl.h; sourceTree = "<group>"; };
                70ECA60C1B02426800449739 /* UniquedStringImpl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UniquedStringImpl.h; sourceTree = "<group>"; };
                7936D6A91C99F8AE000D1AED /* SmallPtrSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SmallPtrSet.h; sourceTree = "<group>"; };
+               793BFADD9CED44B8B9FBCA16 /* StdUnorderedMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdUnorderedMap.h; sourceTree = "<group>"; };
                795212021F42588800BD6421 /* SingleRootGraph.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SingleRootGraph.h; sourceTree = "<group>"; };
                7A05093D1FB9DCC500B33FB8 /* JSONValues.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSONValues.h; sourceTree = "<group>"; };
                7A05093E1FB9DCC500B33FB8 /* JSONValues.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSONValues.cpp; sourceTree = "<group>"; };
+               7A6EBA3220746C33004F9C44 /* MachSendRight.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MachSendRight.h; sourceTree = "<group>"; };
+               7A6EBA3320746C34004F9C44 /* MachSendRight.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MachSendRight.cpp; sourceTree = "<group>"; };
                7AF023B32061E16C00A8EFD6 /* ProcessPrivilege.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ProcessPrivilege.h; sourceTree = "<group>"; };
                7AF023B42061E16F00A8EFD6 /* ProcessPrivilege.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ProcessPrivilege.cpp; sourceTree = "<group>"; };
                7AFEC6AE1EB22AC600DADE36 /* UUID.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UUID.h; sourceTree = "<group>"; };
                A8A4730E151A825B004123FF /* StackBounds.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StackBounds.cpp; sourceTree = "<group>"; };
                A8A4730F151A825B004123FF /* StackBounds.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackBounds.h; sourceTree = "<group>"; };
                A8A47311151A825B004123FF /* StdLibExtras.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdLibExtras.h; sourceTree = "<group>"; };
-               FF0A436588954F3CB07DBECA /* StdList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdList.h; sourceTree = "<group>"; };
-               391BD6BA4D164FD294F9A93D /* StdMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdMap.h; sourceTree = "<group>"; };
-               53F08A1BA39D49A8BAD369A1 /* StdSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdSet.h; sourceTree = "<group>"; };
-               793BFADD9CED44B8B9FBCA16 /* StdUnorderedMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdUnorderedMap.h; sourceTree = "<group>"; };
-               132743924FC54E469F5A8E6E /* StdUnorderedSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdUnorderedSet.h; sourceTree = "<group>"; };
                A8A47313151A825B004123FF /* StringExtras.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StringExtras.h; sourceTree = "<group>"; };
                A8A47314151A825B004123FF /* Hasher.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Hasher.h; sourceTree = "<group>"; };
                A8A4731A151A825B004123FF /* SetForScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SetForScope.h; sourceTree = "<group>"; };
                FEB6B035201BE0B600B958C1 /* PointerPreparations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PointerPreparations.h; sourceTree = "<group>"; };
                FEDACD3B1630F83F00C69634 /* StackStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StackStats.cpp; sourceTree = "<group>"; };
                FEDACD3C1630F83F00C69634 /* StackStats.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackStats.h; sourceTree = "<group>"; };
+               FF0A436588954F3CB07DBECA /* StdList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdList.h; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
                                0F30BA8D1E78708E002CA847 /* LoggingHashMap.h */,
                                0F30BA8E1E78708E002CA847 /* LoggingHashSet.h */,
                                0F30BA8F1E78708E002CA847 /* LoggingHashTraits.h */,
+                               7A6EBA3220746C33004F9C44 /* MachSendRight.h */,
                                A8A472C6151A825A004123FF /* MainThread.cpp */,
                                A8A472C7151A825B004123FF /* MainThread.h */,
                                1A233C7C17DAA6E300A93ACF /* MallocPtr.h */,
                        isa = PBXGroup;
                        children = (
                                E38C41241EB4E04C0042957D /* CPUTimeCocoa.mm */,
+                               7A6EBA3320746C34004F9C44 /* MachSendRight.cpp */,
                                ADF2CE651E39F106006889DB /* MemoryFootprintCocoa.cpp */,
                                AD89B6B91E64150F0090707F /* MemoryPressureHandlerCocoa.mm */,
                                A30D412C1F0DE0BA00B71954 /* SoftLinking.h */,
                                0FE1646A1B6FFC9600400E7C /* Lock.cpp in Sources */,
                                0F60F32F1DFCBD1B00416D6C /* LockedPrintStream.cpp in Sources */,
                                53534F2A1EC0E10E00141B2F /* MachExceptions.defs in Sources */,
+                               7A6EBA3420746C34004F9C44 /* MachSendRight.cpp in Sources */,
                                A8A473E5151A825B004123FF /* MainThread.cpp in Sources */,
                                A8A473E4151A825B004123FF /* MainThreadMac.mm in Sources */,
                                A8A473E9151A825B004123FF /* MD5.cpp in Sources */,
index 341401e..ea7ee7d 100644 (file)
@@ -119,6 +119,7 @@ set(WTF_PUBLIC_HEADERS
     LoggingHashSet.h
     LoggingHashTraits.h
     MD5.h
+    MachSendRight.h
     MainThread.h
     MallocPtr.h
     MathExtras.h
similarity index 70%
rename from Source/WebCore/platform/cocoa/MachSendRight.h
rename to Source/WTF/wtf/MachSendRight.h
index cded9dc..0d46aea 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef MachSendRight_h
-#define MachSendRight_h
+#pragma once
+
+#if PLATFORM(COCOA)
 
 #include <mach/mach_port.h>
 
-namespace WebCore {
+namespace WTF {
 
 class MachSendRight {
 public:
-    WEBCORE_EXPORT static MachSendRight adopt(mach_port_t);
-    WEBCORE_EXPORT static MachSendRight create(mach_port_t);
+    WTF_EXPORT_PRIVATE static MachSendRight adopt(mach_port_t);
+    WTF_EXPORT_PRIVATE static MachSendRight create(mach_port_t);
 
     MachSendRight() = default;
-    WEBCORE_EXPORT MachSendRight(MachSendRight&&);
-    WEBCORE_EXPORT ~MachSendRight();
+    WTF_EXPORT_PRIVATE MachSendRight(MachSendRight&&);
+    WTF_EXPORT_PRIVATE ~MachSendRight();
 
-    WEBCORE_EXPORT MachSendRight& operator=(MachSendRight&&);
+    WTF_EXPORT_PRIVATE MachSendRight& operator=(MachSendRight&&);
 
     explicit operator bool() const { return m_port != MACH_PORT_NULL; }
 
     mach_port_t sendRight() const { return m_port; }
 
-    WEBCORE_EXPORT MachSendRight copySendRight() const;
-    WEBCORE_EXPORT mach_port_t leakSendRight() WARN_UNUSED_RETURN;
+    WTF_EXPORT_PRIVATE MachSendRight copySendRight() const;
+    WTF_EXPORT_PRIVATE mach_port_t leakSendRight() WARN_UNUSED_RETURN;
 
 private:
     explicit MachSendRight(mach_port_t);
@@ -54,6 +55,11 @@ private:
     mach_port_t m_port { MACH_PORT_NULL };
 };
 
+WTF_EXPORT_PRIVATE void deallocateSendRightSafely(mach_port_t);
+
 }
 
-#endif // MachSendRight_h
+using WTF::MachSendRight;
+using WTF::deallocateSendRightSafely;
+
+#endif
index 4548390..74b8dd9 100644 (file)
@@ -10,6 +10,7 @@ list(APPEND WTF_LIBRARIES
 list(APPEND WTF_PUBLIC_HEADERS
     cf/TypeCastsCF.h
 
+    cocoa/MachSendRight.h
     cocoa/SoftLinking.h
 
     darwin/WeakLinking.h
@@ -42,6 +43,7 @@ list(APPEND WTF_SOURCES
     text/mac/TextBreakIteratorInternalICUMac.mm
 
     cocoa/CPUTimeCocoa.mm
+    cocoa/MachSendRight.cpp
     cocoa/MemoryFootprintCocoa.cpp
     cocoa/MemoryPressureHandlerCocoa.mm
     cocoa/WorkQueueCocoa.cpp
index f787709..e42c7e1 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -26,6 +26,7 @@
 #import "config.h"
 #import "CPUTime.h"
 
+#import "MachSendRight.h"
 #import <mach/mach.h>
 #import <mach/mach_time.h>
 #import <mach/task.h>
@@ -75,10 +76,9 @@ Seconds CPUTime::forCurrentThread()
     mach_msg_type_number_t infoCount = THREAD_BASIC_INFO_COUNT;
     thread_basic_info_data_t info;
 
-    mach_port_t threadPort = mach_thread_self();
-    auto ret = thread_info(threadPort, THREAD_BASIC_INFO, reinterpret_cast<thread_info_t>(&info), &infoCount);
+    auto threadPort = MachSendRight::adopt(mach_thread_self());
+    auto ret = thread_info(threadPort.sendRight(), THREAD_BASIC_INFO, reinterpret_cast<thread_info_t>(&info), &infoCount);
     RELEASE_ASSERT(ret == KERN_SUCCESS);
-    mach_port_deallocate(mach_task_self(), threadPort);
 
     return Seconds(info.user_time.seconds + info.system_time.seconds) + Seconds::fromMicroseconds(info.user_time.microseconds + info.system_time.microseconds);
 }
similarity index 72%
rename from Source/WebCore/platform/cocoa/MachSendRight.cpp
rename to Source/WTF/wtf/cocoa/MachSendRight.cpp
index 0e9ebc7..8e4d5cb 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #include <mach/mach_init.h>
 #include <utility>
 
-namespace WebCore {
+namespace WTF {
 
 static void retainSendRight(mach_port_t port)
 {
-    if (!MACH_PORT_VALID(port))
+    if (port == MACH_PORT_NULL)
         return;
 
-    auto kr = mach_port_mod_refs(mach_task_self(), port, MACH_PORT_RIGHT_SEND, 1);
-    if (kr != KERN_SUCCESS)
-        LOG_ERROR("mach_port_mod_refs error: %s (%x)", mach_error_string(kr), kr);
+    auto kr = KERN_SUCCESS;
+    if (port != MACH_PORT_DEAD)
+        kr = mach_port_mod_refs(mach_task_self(), port, MACH_PORT_RIGHT_SEND, 1);
+
+    if (kr == KERN_INVALID_RIGHT || port == MACH_PORT_DEAD)
+        kr = mach_port_mod_refs(mach_task_self(), port, MACH_PORT_RIGHT_DEAD_NAME, 1);
+
+    if (kr != KERN_SUCCESS) {
+        LOG_ERROR("mach_port_mod_refs error for port %d: %s (%x)", port, mach_error_string(kr), kr);
+        if (kr == KERN_INVALID_RIGHT)
+            CRASH();
+    }
 }
 
 static void releaseSendRight(mach_port_t port)
 {
-    if (!MACH_PORT_VALID(port))
+    if (port == MACH_PORT_NULL)
         return;
 
+    deallocateSendRightSafely(port);
+}
+
+void deallocateSendRightSafely(mach_port_t port)
+{
     auto kr = mach_port_deallocate(mach_task_self(), port);
-    if (kr != KERN_SUCCESS)
-        LOG_ERROR("mach_port_deallocate error: %s (%x)", mach_error_string(kr), kr);
+    if (kr == KERN_SUCCESS)
+        return;
+
+    LOG_ERROR("mach_port_deallocate error for port %d: %s (%#x)", port, mach_error_string(kr), kr);
+    if (kr == KERN_INVALID_RIGHT)
+        CRASH();
 }
 
 MachSendRight MachSendRight::adopt(mach_port_t port)
index a0eead5..1d7d600 100644 (file)
@@ -1,3 +1,46 @@
+2018-04-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Failures from mach port reference handling should be fatal
+        https://bugs.webkit.org/show_bug.cgi?id=184202
+        <rdar://problem/37771114>
+
+        Reviewed by Anders Carlsson.
+
+        We may corrupt the Mach port space by improperly matching the equivalent of reference counting
+        retains (mach_port_mod_refs) with releases (mach_port_deallocate).
+
+        Our current implementation of MachSendRights::create does not grab a reference if the passed
+        port is MACH_PORT_DEAD, but we unconditionally call mach_port_deallocate on the port, which
+        could lead to a reference count mismatch.
+
+        Likewise, our MachSendRight destructor does not release the port if it has changed to MACH_PORT_DEAD
+        (e.g., if a child process dies), again leading to a mismatch in retain/releases.
+
+        Finally, failures in mach_port_deallocate should be fatal because they indicate that the
+        application was attempting to remove an unowned right. This is a fatal condition for Mach, and
+        should lead to an abort. 
+
+        This patch does the following:
+
+        1. It creates a helper function that does the right thing for safely deallocating a mach port.
+        2. It uses it in multiple places.
+        3. It revises 'MachSendRight::create" so that it properly handles the condition of a dead port.
+        4. It revises the MachSendRight destructor to properly handle the condition of a dead port.
+
+        No new tests, no change in behavior expected.
+
+        * SourcesCocoa.txt: Update for move of MachSendRight files.
+        * WebCore.xcodeproj/project.pbxproj: Ditto.
+        * page/cocoa/ResourceUsageThreadCocoa.mm:
+        (WebCore::getMachThreads): Added.
+        (WebCore::cpuUsage): Use the new cleanup helper function.
+        * platform/cocoa/MachSendRight.cpp: Removed.
+        * platform/cocoa/MachSendRight.h: Removed.
+        * platform/graphics/avfoundation/objc/VideoFullscreenLayerManagerObjC.mm:
+        (WebCore::VideoFullscreenLayerManagerObjC::setVideoFullscreenLayer):
+        * platform/graphics/cocoa/IOSurface.h:
+        * platform/graphics/cocoa/IOSurface.mm:
+
 2018-04-04  Youenn Fablet  <youenn@apple.com>
 
         Remove unused HTTP header names
index 08ed554..a036330 100644 (file)
@@ -196,7 +196,6 @@ platform/cocoa/FileSystemCocoa.mm
 platform/cocoa/KeyEventCocoa.mm
 platform/cocoa/LocalizedStringsCocoa.mm
 platform/cocoa/LocalAuthenticationSoftLink.mm
-platform/cocoa/MachSendRight.cpp
 platform/cocoa/MIMETypeRegistryCocoa.mm
 platform/cocoa/NetworkExtensionContentFilter.mm
 platform/cocoa/ParentalControlsContentFilter.mm
index 84260c5..092d682 100644 (file)
                1921327511C0E6BB00456238 /* SVGFEConvolveMatrixElement.h in Headers */ = {isa = PBXBuildFile; fileRef = 1921327211C0E6BB00456238 /* SVGFEConvolveMatrixElement.h */; };
                197B180C1506353200E4ADA8 /* SVGRenderingContext.h in Headers */ = {isa = PBXBuildFile; fileRef = 197B180B150634C000E4ADA8 /* SVGRenderingContext.h */; };
                19BFF64F11C0F2AC00B8C04D /* JSSVGFEConvolveMatrixElement.h in Headers */ = {isa = PBXBuildFile; fileRef = 19BFF64A11C0F2AC00B8C04D /* JSSVGFEConvolveMatrixElement.h */; };
-               1A0409DC1A4360B5009E47F3 /* MachSendRight.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A0409DB1A4360B5009E47F3 /* MachSendRight.h */; settings = {ATTRIBUTES = (Private, ); }; };
                1A08FEDD1D592B8B008BA8CB /* PluginInfoProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A08FEDB1D592B8B008BA8CB /* PluginInfoProvider.h */; settings = {ATTRIBUTES = (Private, ); }; };
                1A0D57370A5C77FE007EDD4C /* OverflowEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A0D57350A5C77FE007EDD4C /* OverflowEvent.h */; settings = {ATTRIBUTES = (Private, ); }; };
                1A0D57410A5C7867007EDD4C /* JSOverflowEvent.h in Headers */ = {isa = PBXBuildFile; fileRef = 1A0D573F0A5C7867007EDD4C /* JSOverflowEvent.h */; };
                197B180B150634C000E4ADA8 /* SVGRenderingContext.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SVGRenderingContext.h; sourceTree = "<group>"; };
                19BFF64911C0F2AC00B8C04D /* JSSVGFEConvolveMatrixElement.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSVGFEConvolveMatrixElement.cpp; sourceTree = "<group>"; };
                19BFF64A11C0F2AC00B8C04D /* JSSVGFEConvolveMatrixElement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSSVGFEConvolveMatrixElement.h; sourceTree = "<group>"; };
-               1A0409DB1A4360B5009E47F3 /* MachSendRight.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MachSendRight.h; sourceTree = "<group>"; };
-               1A0409F21A43675C009E47F3 /* MachSendRight.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MachSendRight.cpp; sourceTree = "<group>"; };
                1A08FEDA1D592B8B008BA8CB /* PluginInfoProvider.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PluginInfoProvider.cpp; sourceTree = "<group>"; };
                1A08FEDB1D592B8B008BA8CB /* PluginInfoProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PluginInfoProvider.h; sourceTree = "<group>"; };
                1A0D57340A5C77FE007EDD4C /* OverflowEvent.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = OverflowEvent.cpp; sourceTree = "<group>"; };
                                5721214E20535D710062AA1F /* LocalAuthenticationSoftLink.h */,
                                57212150205361D20062AA1F /* LocalAuthenticationSoftLink.mm */,
                                1A4832B21A953BA6008B4DFE /* LocalizedStringsCocoa.mm */,
-                               1A0409F21A43675C009E47F3 /* MachSendRight.cpp */,
-                               1A0409DB1A4360B5009E47F3 /* MachSendRight.h */,
                                C53D39331C97892D007F3AE9 /* MIMETypeRegistryCocoa.mm */,
                                A19D93491AA11B1E00B46C24 /* NetworkExtensionContentFilter.h */,
                                A19D93481AA11B1E00B46C24 /* NetworkExtensionContentFilter.mm */,
                                0FDCD7F31D47E655009F08BC /* LogInitialization.h in Headers */,
                                93A806171E03B51C008A1F26 /* LongRange.h in Headers */,
                                46EFAF121E5FB9F100E7F34B /* LowPowerModeNotifier.h in Headers */,
-                               1A0409DC1A4360B5009E47F3 /* MachSendRight.h in Headers */,
                                7AE6C93C1BE0C60100E19E03 /* MainThreadSharedTimer.h in Headers */,
                                1A8F6BC60DB55CDC001DB794 /* ManifestParser.h in Headers */,
                                CE1866451F72E5B400A0CAB6 /* MarkedText.h in Headers */,
index 620c057..7e48224 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015, 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -34,6 +34,7 @@
 #include <mach/mach.h>
 #include <mach/vm_statistics.h>
 #include <pal/spi/cocoa/MachVMSPI.h>
+#include <wtf/MachSendRight.h>
 
 namespace WebCore {
 
@@ -138,36 +139,42 @@ std::array<TagInfo, 256> pagesPerVMTag()
     return tags;
 }
 
-static float cpuUsage()
+static Vector<MachSendRight> threadSendRights()
 {
-    thread_array_t threadList;
-    mach_msg_type_number_t threadCount;
+    thread_array_t threadList = nullptr;
+    mach_msg_type_number_t threadCount = 0;
     kern_return_t kr = task_threads(mach_task_self(), &threadList, &threadCount);
     if (kr != KERN_SUCCESS)
-        return -1;
+        return { };
+
+    Vector<MachSendRight> machThreads;
+    for (mach_msg_type_number_t i = 0; i < threadCount; ++i)
+        machThreads.append(MachSendRight::adopt(threadList[i]));
+
+    kr = vm_deallocate(mach_task_self(), (vm_offset_t)threadList, threadCount * sizeof(thread_t));
+    ASSERT(kr == KERN_SUCCESS);
+
+    return machThreads;
+}
+
+static float cpuUsage()
+{
+    auto machThreads = threadSendRights();
 
     float usage = 0;
 
-    for (mach_msg_type_number_t i = 0; i < threadCount; ++i) {
+    for (auto& machThread : machThreads) {
         thread_info_data_t threadInfo;
-        thread_basic_info_t threadBasicInfo;
-
         mach_msg_type_number_t threadInfoCount = THREAD_INFO_MAX;
-        kr = thread_info(threadList[i], THREAD_BASIC_INFO, static_cast<thread_info_t>(threadInfo), &threadInfoCount);
+        auto kr = thread_info(machThread.sendRight(), THREAD_BASIC_INFO, static_cast<thread_info_t>(threadInfo), &threadInfoCount);
         if (kr != KERN_SUCCESS)
             return -1;
 
-        threadBasicInfo = reinterpret_cast<thread_basic_info_t>(threadInfo);
-
+        auto threadBasicInfo = reinterpret_cast<thread_basic_info_t>(threadInfo);
         if (!(threadBasicInfo->flags & TH_FLAGS_IDLE))
             usage += threadBasicInfo->cpu_usage / static_cast<float>(TH_USAGE_SCALE) * 100.0;
-
-        mach_port_deallocate(mach_task_self(), threadList[i]);
     }
 
-    kr = vm_deallocate(mach_task_self(), (vm_offset_t)threadList, threadCount * sizeof(thread_t));
-    ASSERT(kr == KERN_SUCCESS);
-
     return usage;
 }
 
index c86133a..f9ff45d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -33,6 +33,7 @@
 #import <mach/mach_port.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
 #import <wtf/BlockPtr.h>
+#import <wtf/MachSendRight.h>
 
 @interface WebVideoContainerLayer : CALayer
 @end
@@ -124,9 +125,8 @@ void VideoFullscreenLayerManagerObjC::setVideoFullscreenLayer(PlatformLayer *vid
             oldContext.commitPriority = 0;
             newContext.commitPriority = 1;
 #endif
-            mach_port_t fencePort = [oldContext createFencePort];
-            [newContext setFencePort:fencePort];
-            mach_port_deallocate(mach_task_self(), fencePort);
+            auto fencePort = MachSendRight::adopt([oldContext createFencePort]);
+            [newContext setFencePort:fencePort.sendRight()];
         }
     }
 
index 879bebb..f68220e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #include "IntSize.h"
 
 namespace WTF {
+class MachSendRight;
 class TextStream;
 }
 
 namespace WebCore {
 
-class MachSendRight;
-
 class IOSurface final {
     WTF_MAKE_FAST_ALLOCATED;
 public:
@@ -84,7 +83,7 @@ public:
 
     WEBCORE_EXPORT static std::unique_ptr<IOSurface> create(IntSize, CGColorSpaceRef, Format = Format::RGBA);
     WEBCORE_EXPORT static std::unique_ptr<IOSurface> create(IntSize, IntSize contextSize, CGColorSpaceRef, Format = Format::RGBA);
-    WEBCORE_EXPORT static std::unique_ptr<IOSurface> createFromSendRight(const MachSendRight&&, CGColorSpaceRef);
+    WEBCORE_EXPORT static std::unique_ptr<IOSurface> createFromSendRight(const WTF::MachSendRight&&, CGColorSpaceRef);
     static std::unique_ptr<IOSurface> createFromSurface(IOSurfaceRef, CGColorSpaceRef);
     WEBCORE_EXPORT static std::unique_ptr<IOSurface> createFromImage(CGImageRef);
     
@@ -96,7 +95,7 @@ public:
 
     static IntSize maximumSize();
 
-    WEBCORE_EXPORT MachSendRight createSendRight() const;
+    WEBCORE_EXPORT WTF::MachSendRight createSendRight() const;
 
     // Any images created from a surface need to be released before releasing
     // the surface, or an expensive GPU readback can result.
index 61a2e02..5b21eda 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #import "ImageBuffer.h"
 #import "ImageBufferDataCG.h"
 #import "Logging.h"
-#import "MachSendRight.h"
 #import <pal/spi/cg/CoreGraphicsSPI.h>
 #import <pal/spi/cocoa/IOSurfaceSPI.h>
 #import <wtf/Assertions.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/MathExtras.h>
 #import <wtf/text/TextStream.h>
 
index 86a02ca..1e2fd46 100644 (file)
@@ -1,4 +1,75 @@
-2018-04-03  Beth Dakin  <bdakin@apple.com>
+2018-04-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Failures from mach port reference handling should be fatal
+        https://bugs.webkit.org/show_bug.cgi?id=184202
+        <rdar://problem/37771114>
+
+        Reviewed by Anders Carlsson.
+
+        Update for new location of MachSendRight.h. Switch to
+        #pragma once in a few places.
+
+        * Platform/IPC/mac/ConnectionMac.mm:
+        (IPC::Connection::platformInvalidate): Adopt new 'safe mach_port_t deallocation' function.
+        (IPC::Connection::initializeSendSource): Ditto.
+        (IPC::Connection::receiveSourceEventHandler): Ditto.
+        * Platform/SharedMemory.h:
+        * Platform/cocoa/SharedMemoryCocoa.cpp:
+        (WebKit::SharedMemory::Handle::clear): Ditto.
+        (WebKit::makeMemoryEntry): Ditto.
+        (WebKit::SharedMemory::createSendRight const): Ditto.
+        * Platform/mac/LayerHostingContext.h:
+        * Platform/mac/LayerHostingContext.mm:
+        * PluginProcess/PluginControllerProxy.h:
+        * PluginProcess/PluginProcess.h:
+        (WebKit::PluginProcess::compositingRenderServerPort const):
+        * Scripts/messages.py:
+        (headers_for_type): Update for new location of MachSendRight.
+        * Shared/Plugins/PluginProcessCreationParameters.h:
+        * Shared/RemoteLayerTree/RemoteLayerBackingStore.h:
+        * Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
+        (WebKit::RemoteLayerBackingStore::encode const):
+        * Shared/WebCoreArgumentCoders.h:
+        * Shared/WebProcessCreationParameters.h:
+        * Shared/mac/WebCoreArgumentCodersMac.mm:
+        * UIProcess/Cocoa/VideoFullscreenManagerProxy.mm:
+        * UIProcess/DrawingAreaProxy.cpp:
+        * UIProcess/DrawingAreaProxy.h:
+        * UIProcess/Launcher/mac/ProcessLauncherMac.mm:
+        (WebKit::ProcessLauncher::launchProcess): Ditto. Remove uneeded mach_port_dealloc called after
+        xpc_dictionary_set_mach_send. While '..._set_mach_send' retains the send right, it gets automatically
+        released when the message is handled. We only want to manually deallocate the send right if
+        the message failed to send.
+        * UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
+        * UIProcess/WebPageProxy.cpp:
+        * UIProcess/WebPageProxy.h:
+        * UIProcess/WebPageProxy.messages.in:
+        * UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.h:
+        * UIProcess/mac/TiledCoreAnimationDrawingAreaProxy.mm:
+        * UIProcess/mac/WKViewLayoutStrategy.mm:
+        * WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:
+        * WebProcess/Plugins/Netscape/NetscapePlugin.h:
+        * WebProcess/Plugins/Netscape/mac/NetscapePluginMac.mm:
+        * WebProcess/Plugins/PluginController.h:
+        * WebProcess/Plugins/PluginView.h:
+        * WebProcess/WebPage/DrawingArea.h:
+        (WebKit::DrawingArea::addFence):
+        (WebKit::DrawingArea::updateGeometry):
+        * WebProcess/WebPage/DrawingArea.messages.in:
+        * WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.h:
+        * WebProcess/WebPage/RemoteLayerTree/RemoteLayerTreeDrawingArea.mm:
+        (WebKit::RemoteLayerTreeDrawingArea::updateGeometry):
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::setTopContentInsetFenced):
+        * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.h:
+        * WebProcess/WebPage/mac/TiledCoreAnimationDrawingArea.mm:
+        (WebKit::TiledCoreAnimationDrawingArea::updateGeometry):
+        * WebProcess/WebProcess.h:
+        (WebKit::WebProcess::compositingRenderServerPort const):
+        * WebProcess/cocoa/VideoFullscreenManager.mm:
+        (WebKit::VideoFullscreenManager::setVideoLayerFrameFenced):
+
+2018-04-04  Beth Dakin  <bdakin@apple.com>
 
         Fix the print formatter build
         https://bugs.webkit.org/show_bug.cgi?id=184289
index 3415c63..a0edd4f 100644 (file)
@@ -36,6 +36,7 @@
 #import <mach/mach_error.h>
 #import <mach/vm_map.h>
 #import <sys/mman.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/RunLoop.h>
 #import <wtf/spi/darwin/XPCSPI.h>
 
@@ -115,7 +116,7 @@ void Connection::platformInvalidate()
 {
     if (!m_isConnected) {
         if (m_sendPort) {
-            mach_port_deallocate(mach_task_self(), m_sendPort);
+            deallocateSendRightSafely(m_sendPort);
             m_sendPort = MACH_PORT_NULL;
         }
 
@@ -396,7 +397,7 @@ void Connection::initializeSendSource()
     mach_port_t sendPort = m_sendPort;
     dispatch_source_set_cancel_handler(m_sendSource, ^{
         // Release our send right.
-        mach_port_deallocate(mach_task_self(), sendPort);
+        deallocateSendRightSafely(sendPort);
     });
 }
 
@@ -549,7 +550,7 @@ void Connection::receiveSourceEventHandler()
             }
 
             if (previousNotificationPort != MACH_PORT_NULL)
-                mach_port_deallocate(mach_task_self(), previousNotificationPort);
+                deallocateSendRightSafely(previousNotificationPort);
 
             initializeSendSource();
             dispatch_resume(m_sendSource);
index cbb72fe..3eadb15 100644 (file)
@@ -45,7 +45,7 @@ class Encoder;
 }
 
 #if OS(DARWIN)
-namespace WebCore {
+namespace WTF {
 class MachSendRight;
 }
 #endif
@@ -119,7 +119,7 @@ public:
 
 private:
 #if OS(DARWIN)
-    WebCore::MachSendRight createSendRight(Protection) const;
+    WTF::MachSendRight createSendRight(Protection) const;
 #endif
 
     size_t m_size;
index 918499a..363ad32 100644 (file)
 #include "Encoder.h"
 #include "Logging.h"
 #include "MachPort.h"
-#include <WebCore/MachSendRight.h>
 #include <WebCore/SharedBuffer.h>
 #include <mach/mach_error.h>
 #include <mach/mach_port.h>
 #include <mach/vm_map.h>
 #include <pal/spi/cocoa/MachVMSPI.h>
+#include <wtf/MachSendRight.h>
 #include <wtf/RefPtr.h>
 
 namespace WebKit {
@@ -59,7 +59,7 @@ bool SharedMemory::Handle::isNull() const
 void SharedMemory::Handle::clear()
 {
     if (m_port)
-        mach_port_deallocate(mach_task_self(), m_port);
+        deallocateSendRightSafely(m_port);
 
     m_port = MACH_PORT_NULL;
     m_size = 0;
@@ -137,7 +137,7 @@ static inline vm_prot_t machProtection(SharedMemory::Protection protection)
     return VM_PROT_NONE;
 }
 
-static WebCore::MachSendRight makeMemoryEntry(size_t size, vm_offset_t offset, SharedMemory::Protection protection, mach_port_t parentEntry)
+static WTF::MachSendRight makeMemoryEntry(size_t size, vm_offset_t offset, SharedMemory::Protection protection, mach_port_t parentEntry)
 {
     memory_object_size_t memoryObjectSize = round_page(size);
 
@@ -154,7 +154,7 @@ static WebCore::MachSendRight makeMemoryEntry(size_t size, vm_offset_t offset, S
 
     RELEASE_ASSERT(memoryObjectSize >= size);
 
-    return WebCore::MachSendRight::adopt(port);
+    return WTF::MachSendRight::adopt(port);
 }
 
 RefPtr<SharedMemory> SharedMemory::create(void* data, size_t size, Protection protection)
@@ -250,13 +250,13 @@ unsigned SharedMemory::systemPageSize()
     return vm_page_size;
 }
 
-WebCore::MachSendRight SharedMemory::createSendRight(Protection protection) const
+WTF::MachSendRight SharedMemory::createSendRight(Protection protection) const
 {
     ASSERT(m_protection == protection || m_protection == Protection::ReadWrite && protection == Protection::ReadOnly);
     ASSERT(!!m_data ^ !!m_port);
 
     if (m_port && m_protection == protection)
-        return WebCore::MachSendRight::create(m_port);
+        return WTF::MachSendRight::create(m_port);
 
     ASSERT(m_data);
     return makeMemoryEntry(m_size, toVMAddress(m_data), protection, MACH_PORT_NULL);
index 84a04f8..62c7770 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef LayerHostingContext_h
-#define LayerHostingContext_h
+#pragma once
 
 #include "LayerTreeContext.h"
 #include <wtf/Forward.h>
@@ -34,7 +33,7 @@
 OBJC_CLASS CALayer;
 OBJC_CLASS CAContext;
 
-namespace WebCore {
+namespace WTF {
 class MachSendRight;
 }
 
@@ -43,7 +42,7 @@ namespace WebKit {
 class LayerHostingContext {
     WTF_MAKE_NONCOPYABLE(LayerHostingContext); WTF_MAKE_FAST_ALLOCATED;
 public:
-    static std::unique_ptr<LayerHostingContext> createForPort(const WebCore::MachSendRight& serverPort);
+    static std::unique_ptr<LayerHostingContext> createForPort(const WTF::MachSendRight& serverPort);
 #if HAVE(OUT_OF_PROCESS_LAYER_HOSTING)
     static std::unique_ptr<LayerHostingContext> createForExternalHostingProcess();
 #if PLATFORM(MAC)
@@ -76,7 +75,7 @@ public:
     // createFencePort does not install the fence port on the LayerHostingContext's
     // CAContext; call setFencePort() with the newly created port if synchronization
     // with this context is desired.
-    WebCore::MachSendRight createFencePort();
+    WTF::MachSendRight createFencePort();
 
 private:
     LayerHostingMode m_layerHostingMode;
@@ -85,4 +84,3 @@ private:
 
 } // namespace WebKit
 
-#endif // LayerHostingContext_h
index 643febd..8508aaf 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #import "config.h"
 #import "LayerHostingContext.h"
 
-#import <WebCore/MachSendRight.h>
 #import <pal/spi/cg/CoreGraphicsSPI.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
-
-using namespace WebCore;
+#import <wtf/MachSendRight.h>
 
 namespace WebKit {
 
index 514a21b..82366d8 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef PluginControllerProxy_h
-#define PluginControllerProxy_h
+#pragma once
 
 #if ENABLE(NETSCAPE_PLUGIN_API)
 
@@ -102,7 +101,7 @@ private:
 #if PLATFORM(COCOA)
     void pluginFocusOrWindowFocusChanged(bool) override;
     void setComplexTextInputState(PluginComplexTextInputState) override;
-    const WebCore::MachSendRight& compositingRenderServerPort() override;
+    const WTF::MachSendRight& compositingRenderServerPort() override;
 #endif
 
     float contentsScaleFactor() override;
@@ -237,5 +236,3 @@ private:
 } // namespace WebKit
 
 #endif // ENABLE(NETSCAPE_PLUGIN_API)
-
-#endif // PluginControllerProxy_h
index 7a27cd5..40d37e6 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -33,7 +33,7 @@
 #include <wtf/text/WTFString.h>
 
 #if PLATFORM(COCOA)
-#include <WebCore/MachSendRight.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 namespace WebKit {
@@ -60,7 +60,7 @@ public:
     void setModalWindowIsShowing(bool);
     void setFullscreenWindowIsShowing(bool);
 
-    const WebCore::MachSendRight& compositingRenderServerPort() const { return m_compositingRenderServerPort; }
+    const WTF::MachSendRight& compositingRenderServerPort() const { return m_compositingRenderServerPort; }
 
     bool launchProcess(const String& launchPath, const Vector<String>& arguments);
     bool launchApplicationAtURL(const String& urlString, const Vector<String>& arguments);
@@ -121,7 +121,7 @@ private:
 
 #if PLATFORM(COCOA)
     // The Mach port used for accelerated compositing.
-    WebCore::MachSendRight m_compositingRenderServerPort;
+    WTF::MachSendRight m_compositingRenderServerPort;
 
     String m_nsurlCacheDirectory;
 #endif
index b7a4c96..ea067c0 100644 (file)
@@ -176,6 +176,7 @@ def forward_declarations_and_headers(receiver):
     ])
 
     non_template_wtf_types = frozenset([
+        'MachSendRight',
         'String',
     ])
 
@@ -185,6 +186,7 @@ def forward_declarations_and_headers(receiver):
             types_by_namespace['IPC'].update([('class', 'Connection')])
 
     no_forward_declaration_types = frozenset([
+        'MachSendRight',
         'String',
         'WebCore::DocumentIdentifier',
         'WebCore::ServiceWorkerIdentifier',
@@ -365,6 +367,7 @@ def headers_for_type(type):
     header_infos_and_types = class_template_headers(type)
 
     special_cases = {
+        'MachSendRight': ['<wtf/MachSendRight.h>'],
         'MonotonicTime': ['<wtf/MonotonicTime.h>'],
         'Seconds': ['<wtf/Seconds.h>'],
         'WallTime': ['<wtf/WallTime.h>'],
index 43c4c98..186cb3b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef PluginProcessCreationParameters_h
-#define PluginProcessCreationParameters_h
+#pragma once
 
 #if ENABLE(NETSCAPE_PLUGIN_API)
 
@@ -33,7 +32,7 @@
 #include <wtf/Seconds.h>
 
 #if PLATFORM(COCOA)
-#include <WebCore/MachSendRight.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 namespace IPC {
@@ -56,7 +55,7 @@ struct PluginProcessCreationParameters {
     Seconds terminationTimeout;
 
 #if PLATFORM(COCOA)
-    WebCore::MachSendRight acceleratedCompositingPort;
+    WTF::MachSendRight acceleratedCompositingPort;
     RetainPtr<CFDataRef> networkATSContext;
 #endif
 #if OS(LINUX)
@@ -67,5 +66,3 @@ struct PluginProcessCreationParameters {
 } // namespace WebKit
 
 #endif // ENABLE(NETSCAPE_PLUGIN_API)
-
-#endif // PluginProcessCreationParameters_h
index 885b06c..d86601e 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -28,8 +28,8 @@
 #include "ShareableBitmap.h"
 #include <WebCore/FloatRect.h>
 #include <WebCore/IOSurface.h>
-#include <WebCore/MachSendRight.h>
 #include <WebCore/Region.h>
+#include <wtf/MachSendRight.h>
 #include <wtf/MonotonicTime.h>
 
 OBJC_CLASS CALayer;
@@ -139,7 +139,7 @@ private:
     Buffer m_backBuffer;
 #if HAVE(IOSURFACE)
     Buffer m_secondaryBackBuffer;
-    WebCore::MachSendRight m_frontBufferSendRight;
+    WTF::MachSendRight m_frontBufferSendRight;
 #endif
 
     RetainPtr<CGContextRef> m_frontContextPendingFlush;
index 04ebcd6..3dd5afc 100644 (file)
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -114,7 +114,7 @@ void RemoteLayerBackingStore::encode(IPC::Encoder& encoder) const
         if (m_frontBuffer.surface)
             encoder << m_frontBuffer.surface->createSendRight();
         else
-            encoder << WebCore::MachSendRight();
+            encoder << WTF::MachSendRight();
         return;
     }
 #endif
index 3df7535..1252d69 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #include <WebCore/PaymentHeaders.h>
 #endif
 
+#if PLATFORM(COCOA)
+namespace WTF {
+class MachSendRight;
+}
+#endif
+
 namespace WebCore {
 class AffineTransform;
 class AuthenticationChallenge;
@@ -116,7 +122,6 @@ template <typename> class RectEdges;
 using FloatBoxExtent = RectEdges<float>;
 
 #if PLATFORM(COCOA)
-class MachSendRight;
 struct KeypressCommand;
 #endif
 
@@ -378,10 +383,10 @@ template<> struct ArgumentCoder<WebCore::DragData> {
 #endif
 
 #if PLATFORM(COCOA)
-template<> struct ArgumentCoder<WebCore::MachSendRight> {
-    static void encode(Encoder&, const WebCore::MachSendRight&);
-    static void encode(Encoder&, WebCore::MachSendRight&&);
-    static bool decode(Decoder&, WebCore::MachSendRight&);
+template<> struct ArgumentCoder<WTF::MachSendRight> {
+    static void encode(Encoder&, const WTF::MachSendRight&);
+    static void encode(Encoder&, WTF::MachSendRight&&);
+    static bool decode(Decoder&, WTF::MachSendRight&);
 };
 
 template<> struct ArgumentCoder<WebCore::KeypressCommand> {
index 9af2ef6..21f9151 100644 (file)
@@ -38,7 +38,7 @@
 #include <wtf/text/WTFString.h>
 
 #if PLATFORM(COCOA)
-#include <WebCore/MachSendRight.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 #if USE(SOUP)
@@ -146,7 +146,7 @@ struct WebProcessCreationParameters {
     ProcessID presentingApplicationPID { 0 };
 
 #if PLATFORM(COCOA)
-    WebCore::MachSendRight acceleratedCompositingPort;
+    WTF::MachSendRight acceleratedCompositingPort;
 
     String uiProcessBundleResourcePath;
     SandboxExtension::Handle uiProcessBundleResourcePathExtensionHandle;
index 092b4bc..19cd2ae 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  * Copyright (C) 2013 Company 100 Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
 #import <WebCore/ContentFilterUnblockHandler.h>
 #import <WebCore/Credential.h>
 #import <WebCore/KeyboardEvent.h>
-#import <WebCore/MachSendRight.h>
 #import <WebCore/ProtectionSpace.h>
 #import <WebCore/ResourceError.h>
 #import <WebCore/ResourceRequest.h>
 #import <pal/spi/cf/CFNetworkSPI.h>
 #import <pal/spi/cocoa/NSKeyedArchiverSPI.h>
+#import <wtf/MachSendRight.h>
 
 #if ENABLE(WIRELESS_PLAYBACK_TARGET)
 #import <WebCore/MediaPlaybackTargetContext.h>
index f7101c3..59886da 100644 (file)
 #import "WebPageProxy.h"
 #import "WebProcessProxy.h"
 #import <QuartzCore/CoreAnimation.h>
-#import <WebCore/MachSendRight.h>
 #import <WebCore/MediaPlayerEnums.h>
 #import <WebCore/TimeRanges.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
+#import <wtf/MachSendRight.h>
 
 #if PLATFORM(IOS)
 #import "RemoteLayerTreeDrawingAreaProxy.h"
index fb2eb42..a755d17 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010, 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,7 +32,7 @@
 #include "WebProcessProxy.h"
 
 #if PLATFORM(COCOA)
-#include <WebCore/MachSendRight.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 using namespace WebCore;
index 04c52af..284c98c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  * Portions Copyright (c) 2010 Motorola Mobility, Inc.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -38,7 +38,7 @@
 #include <wtf/TypeCasts.h>
 
 #if PLATFORM(COCOA)
-namespace WebCore {
+namespace WTF {
 class MachSendRight;
 }
 #endif
@@ -101,7 +101,7 @@ public:
     virtual void prepareForAppSuspension() { }
 
 #if PLATFORM(COCOA)
-    virtual WebCore::MachSendRight createFence();
+    virtual WTF::MachSendRight createFence();
 #endif
 
     virtual void dispatchPresentationCallbacksAfterFlushingLayers(const Vector<CallbackID>&) { }
index bebd207..0e07262 100644 (file)
@@ -34,6 +34,7 @@
 #import <spawn.h>
 #import <sys/param.h>
 #import <sys/stat.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/RunLoop.h>
 #import <wtf/SoftLinking.h>
 #import <wtf/Threading.h>
@@ -182,7 +183,6 @@ void ProcessLauncher::launchProcess()
     xpc_dictionary_set_string(bootstrapMessage.get(), "message-name", "bootstrap");
 
     xpc_dictionary_set_mach_send(bootstrapMessage.get(), "server-port", listeningPort);
-    mach_port_deallocate(mach_task_self(), listeningPort);
 
     xpc_dictionary_set_string(bootstrapMessage.get(), "client-identifier", !clientIdentifier.isEmpty() ? clientIdentifier.utf8().data() : *_NSGetProgname());
     xpc_dictionary_set_string(bootstrapMessage.get(), "process-identifier", String::number(m_launchOptions.processIdentifier.toUInt64()).utf8().data());
@@ -212,8 +212,14 @@ void ProcessLauncher::launchProcess()
         if (!processLauncher->isLaunching())
             return;
 
+#ifndef _NDEBUG
+        mach_port_urefs_t sendRightCount = 0;
+        mach_port_get_refs(mach_task_self(), listeningPort, MACH_PORT_RIGHT_SEND, &sendRightCount);
+        ASSERT(sendRightCount == 1);
+#endif
+
         // We failed to launch. Release the send right.
-        mach_port_deallocate(mach_task_self(), listeningPort);
+        deallocateSendRightSafely(listeningPort);
 
         // And the receive right.
         mach_port_mod_refs(mach_task_self(), listeningPort, MACH_PORT_RIGHT_RECEIVE, -1);
@@ -234,6 +240,14 @@ void ProcessLauncher::launchProcess()
             ASSERT(xpc_get_type(reply) == XPC_TYPE_DICTIONARY);
             ASSERT(!strcmp(xpc_dictionary_get_string(reply, "message-name"), "process-finished-launching"));
 
+#ifndef _NDEBUG
+            mach_port_urefs_t sendRightCount = 0;
+            mach_port_get_refs(mach_task_self(), listeningPort, MACH_PORT_RIGHT_SEND, &sendRightCount);
+            ASSERT(sendRightCount == 1);
+#endif
+
+            deallocateSendRightSafely(listeningPort);
+
             if (!m_xpcConnection) {
                 // The process was terminated.
                 didFinishLaunchingProcess(0, IPC::Connection::Identifier());
index 88e3ad4..c0bdfe5 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -36,8 +36,8 @@
 #import <QuartzCore/QuartzCore.h>
 #import <WebCore/GraphicsContextCG.h>
 #import <WebCore/IOSurfacePool.h>
-#import <WebCore/MachSendRight.h>
 #import <WebCore/WebActionDisablingCALayerDelegate.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/SystemTracing.h>
 
 using namespace IPC;
index 03b0c6c..0b41249 100644 (file)
 #include "VideoFullscreenManagerProxy.h"
 #include "VideoFullscreenManagerProxyMessages.h"
 #include "ViewSnapshotStore.h"
-#include <WebCore/MachSendRight.h>
 #include <WebCore/RunLoopObserver.h>
 #include <WebCore/TextIndicatorWindow.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 #if PLATFORM(GTK)
index cc0c0f9..166bf90 100644 (file)
@@ -305,7 +305,7 @@ using DrawToPDFCallback = GenericCallback<const IPC::DataReference&>;
 #endif
 
 #if PLATFORM(COCOA)
-typedef GenericCallback<const WebCore::MachSendRight&> MachSendRightCallback;
+typedef GenericCallback<const WTF::MachSendRight&> MachSendRightCallback;
 typedef GenericCallback<bool, bool, String, double, double, uint64_t> NowPlayingInfoCallback;
 #endif
 
@@ -1566,7 +1566,7 @@ private:
     void applicationManifestCallback(const std::optional<WebCore::ApplicationManifest>&, CallbackID);
 #endif
 #if PLATFORM(COCOA)
-    void machSendRightCallback(const WebCore::MachSendRight&, CallbackID);
+    void machSendRightCallback(const WTF::MachSendRight&, CallbackID);
 #endif
     void rectForCharacterRangeCallback(const WebCore::IntRect&, const EditingRange&, CallbackID);
 #if PLATFORM(MAC)
index a92cd37..e262277 100644 (file)
@@ -1,4 +1,4 @@
-# Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+# Copyright (C) 2010-2018 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -203,7 +203,7 @@ messages -> WebPageProxy {
     PrintFinishedCallback(WebCore::ResourceError error, WebKit::CallbackID callbackID)
 #endif
 #if PLATFORM(COCOA)
-    MachSendRightCallback(WebCore::MachSendRight sendRight, WebKit::CallbackID callbackID)
+    MachSendRightCallback(MachSendRight sendRight, WebKit::CallbackID callbackID)
     NowPlayingInfoCallback(bool active, bool registeredAsNowPlayingApplication, String title, double duration, double elapsedTime, uint64_t uniqueIdentifier, WebKit::CallbackID callbackID)
 #endif
 
index f6eb62e..40b1c9c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -56,7 +56,7 @@ private:
 
     void willSendUpdateGeometry() override;
 
-    WebCore::MachSendRight createFence() override;
+    WTF::MachSendRight createFence() override;
 
     // Message handlers.
     void didUpdateGeometry() override;
index 6c72796..323b5dc 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -34,9 +34,9 @@
 #import "LayerTreeContext.h"
 #import "WebPageProxy.h"
 #import "WebProcessProxy.h"
-#import <WebCore/MachSendRight.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
 #import <wtf/BlockPtr.h>
+#import <wtf/MachSendRight.h>
 
 using namespace IPC;
 using namespace WebCore;
index 6c79534..08fcc96 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,8 +30,8 @@
 
 #import "WebPageProxy.h"
 #import "WebViewImpl.h"
-#import <WebCore/MachSendRight.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
+#import <wtf/MachSendRight.h>
 
 using namespace WebCore;
 using namespace WebKit;
index 3be4f48..0bccfaf 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -42,7 +42,7 @@
 #include <wtf/text/StringBuilder.h>
 
 #if PLATFORM(COCOA)
-#include <WebCore/MachSendRight.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 #if PLATFORM(X11)
index 6004cc1..bcb3d7f 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef NetscapePlugin_h
-#define NetscapePlugin_h
+#pragma once
 
 #if ENABLE(NETSCAPE_PLUGIN_API)
 
 #include <wtf/text/CString.h>
 #include <wtf/text/StringHash.h>
 
-namespace WebCore {
+namespace WTF {
 class MachSendRight;
+}
+
+namespace WebCore {
 class HTTPHeaderMap;
 class ProtectionSpace;
 class SharedBuffer;
@@ -71,7 +73,7 @@ public:
 
     bool hasHandledAKeyDownEvent() const { return m_hasHandledAKeyDownEvent; }
 
-    const WebCore::MachSendRight& compositingRenderServerPort();
+    const WTF::MachSendRight& compositingRenderServerPort();
 
     // Computes an affine transform from the given coordinate space to the screen coordinate space.
     bool getScreenTransform(NPCoordinateSpace sourceSpace, WebCore::AffineTransform&);
@@ -396,5 +398,3 @@ private:
 SPECIALIZE_TYPE_TRAITS_PLUGIN(NetscapePlugin, NetscapePluginType)
 
 #endif // ENABLE(NETSCAPE_PLUGIN_API)
-
-#endif // NetscapePlugin_h
index e9ba29e..ec3ca5d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #import "WebEvent.h"
 #import <Carbon/Carbon.h>
 #import <WebCore/GraphicsContext.h>
-#import <WebCore/MachSendRight.h>
 #import <WebCore/NotImplemented.h>
 #import <objc/runtime.h>
 #import <pal/spi/mac/HIToolboxSPI.h>
 #import <pal/spi/mac/NSMenuSPI.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/NeverDestroyed.h>
 #import <wtf/text/StringView.h>
 
index 4d18822..a5c6fa0 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef PluginController_h
-#define PluginController_h
+#pragma once
 
 #include <wtf/Forward.h>
 
@@ -36,10 +35,13 @@ struct NPObject;
 typedef struct _NPVariant NPVariant;
 typedef void* NPIdentifier;
 
+namespace WTF {
+class MachSendRight;
+}
+
 namespace WebCore {
 class HTTPHeaderMap;
 class IntRect;
-class MachSendRight;
 class ProtectionSpace;
 class URL;
 }
@@ -107,7 +109,7 @@ public:
     virtual void setComplexTextInputState(PluginComplexTextInputState) = 0;
 
     // Returns the mach port of the compositing render server.
-    virtual const WebCore::MachSendRight& compositingRenderServerPort() = 0;
+    virtual const WTF::MachSendRight& compositingRenderServerPort() = 0;
 #endif
 
     // Returns the contents scale factor.
@@ -179,5 +181,3 @@ protected:
 };
 
 } // namespace WebKit
-
-#endif // PluginController_h
index f5c2f50..58960ca 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010, 2012, 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,8 +23,7 @@
  * THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef PluginView_h
-#define PluginView_h
+#pragma once
 
 #include "LayerTreeContext.h"
 #include "NPRuntimeObjectMap.h"
@@ -51,10 +50,13 @@ OBJC_CLASS NSDictionary;
 OBJC_CLASS PDFSelection;
 #endif
 
+namespace WTF {
+class MachSendRight;
+}
+
 namespace WebCore {
 class Frame;
 class HTMLPlugInElement;
-class MachSendRight;
 class MouseEvent;
 }
 
@@ -211,7 +213,7 @@ private:
 #if PLATFORM(COCOA)
     void pluginFocusOrWindowFocusChanged(bool pluginHasFocusAndWindowHasFocus) override;
     void setComplexTextInputState(PluginComplexTextInputState) override;
-    const WebCore::MachSendRight& compositingRenderServerPort() override;
+    const WTF::MachSendRight& compositingRenderServerPort() override;
 #endif
     float contentsScaleFactor() override;
     String proxiesForURL(const String&) override;
@@ -294,5 +296,3 @@ private:
 };
 
 } // namespace WebKit
-
-#endif // PluginView_h
index d2e2541..db1c01c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #include <wtf/Noncopyable.h>
 #include <wtf/TypeCasts.h>
 
+namespace WTF {
+class MachSendRight;
+}
+
 namespace IPC {
 class Connection;
 class Decoder;
@@ -50,7 +54,6 @@ class Frame;
 class FrameView;
 class GraphicsLayer;
 class GraphicsLayerFactory;
-class MachSendRight;
 struct ViewportAttributes;
 }
 
@@ -93,7 +96,7 @@ public:
 
     virtual void acceleratedAnimationDidStart(uint64_t /*layerID*/, const String& /*key*/, MonotonicTime /*startTime*/) { }
     virtual void acceleratedAnimationDidEnd(uint64_t /*layerID*/, const String& /*key*/) { }
-    virtual void addFence(const WebCore::MachSendRight&) { }
+    virtual void addFence(const WTF::MachSendRight&) { }
 #endif
 #if PLATFORM(IOS)
     virtual WebCore::FloatRect exposedContentRect() const = 0;
@@ -131,7 +134,7 @@ public:
 
 #if PLATFORM(COCOA)
     // Used by TiledCoreAnimationDrawingArea.
-    virtual void updateGeometry(const WebCore::IntSize& viewSize, bool flushSynchronously, const WebCore::MachSendRight& fencePort) { }
+    virtual void updateGeometry(const WebCore::IntSize& viewSize, bool flushSynchronously, const WTF::MachSendRight& fencePort) { }
 #endif
 
     virtual void layerHostDidFlushLayers() { };
index aa615e7..8ed52f2 100644 (file)
@@ -1,4 +1,4 @@
-# Copyright (C) 2010, 2011 Apple Inc. All rights reserved.
+# Copyright (C) 2010-2018 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -26,7 +26,7 @@ messages -> DrawingArea {
 
 #if PLATFORM(COCOA)
     // Used by TiledCoreAnimationDrawingArea.
-    UpdateGeometry(WebCore::IntSize viewSize, bool flushSynchronously, WebCore::MachSendRight fencePort)
+    UpdateGeometry(WebCore::IntSize viewSize, bool flushSynchronously, MachSendRight fencePort)
     SetDeviceScaleFactor(float deviceScaleFactor)
     SetColorSpace(struct WebKit::ColorSpaceData colorSpace)
     SetViewExposedRect(std::optional<WebCore::FloatRect> viewExposedRect)
index 7c53cc0..9af5cb3 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -61,7 +61,7 @@ private:
     void setNeedsDisplay() override;
     void setNeedsDisplayInRect(const WebCore::IntRect&) override;
     void scroll(const WebCore::IntRect& scrollRect, const WebCore::IntSize& scrollDelta) override;
-    void updateGeometry(const WebCore::IntSize& viewSize, bool flushSynchronously, const WebCore::MachSendRight& fencePort) override;
+    void updateGeometry(const WebCore::IntSize& viewSize, bool flushSynchronously, const WTF::MachSendRight& fencePort) override;
 
     WebCore::GraphicsLayerFactory* graphicsLayerFactory() override;
     void setRootCompositingLayer(WebCore::GraphicsLayer*) override;
index 09c92f1..3bb6b00 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -142,7 +142,7 @@ void RemoteLayerTreeDrawingArea::setRootCompositingLayer(GraphicsLayer* rootLaye
     scheduleCompositingLayerFlush();
 }
 
-void RemoteLayerTreeDrawingArea::updateGeometry(const IntSize& viewSize, bool flushSynchronously, const WebCore::MachSendRight&)
+void RemoteLayerTreeDrawingArea::updateGeometry(const IntSize& viewSize, bool flushSynchronously, const WTF::MachSendRight&)
 {
     m_viewSize = viewSize;
     m_webPage.setSize(viewSize);
index 6b9b968..d6f5293 100644 (file)
 #include "VideoFullscreenManager.h"
 #include "WKStringCF.h"
 #include <WebCore/LegacyWebArchive.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 #if PLATFORM(GTK)
@@ -2661,7 +2662,7 @@ void WebPage::setTopContentInsetFenced(float contentInset, IPC::Attachment fence
 
     setTopContentInset(contentInset);
 
-    mach_port_deallocate(mach_task_self(), fencePort.port());
+    deallocateSendRightSafely(fencePort.port());
 }
 #endif
 
index b9cc751..6aefa0c 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -92,13 +92,13 @@ private:
     bool flushLayers() override;
 
     // Message handlers.
-    void updateGeometry(const WebCore::IntSize& viewSize, bool flushSynchronously, const WebCore::MachSendRight& fencePort) override;
+    void updateGeometry(const WebCore::IntSize& viewSize, bool flushSynchronously, const WTF::MachSendRight& fencePort) override;
     void setDeviceScaleFactor(float) override;
     void suspendPainting();
     void resumePainting();
     void setLayerHostingMode(LayerHostingMode) override;
     void setColorSpace(const ColorSpaceData&) override;
-    void addFence(const WebCore::MachSendRight&) override;
+    void addFence(const WTF::MachSendRight&) override;
 
     void addTransactionCallbackID(CallbackID) override;
     void setShouldScaleViewToFitDocument(bool) override;
index 54d5c9d..73ba324 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -46,7 +46,6 @@
 #import <WebCore/GraphicsContext.h>
 #import <WebCore/GraphicsLayerCA.h>
 #import <WebCore/InspectorController.h>
-#import <WebCore/MachSendRight.h>
 #import <WebCore/Page.h>
 #import <WebCore/PlatformCAAnimationCocoa.h>
 #import <WebCore/RenderLayerBacking.h>
@@ -57,6 +56,7 @@
 #import <WebCore/TiledBacking.h>
 #import <WebCore/WebActionDisablingCALayerDelegate.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/MainThread.h>
 
 #if ENABLE(ASYNC_SCROLLING)
@@ -539,7 +539,7 @@ void TiledCoreAnimationDrawingArea::updateScrolledExposedRect()
     frameView->setViewExposedRect(m_scrolledViewExposedRect);
 }
 
-void TiledCoreAnimationDrawingArea::updateGeometry(const IntSize& viewSize, bool flushSynchronously, const WebCore::MachSendRight& fencePort)
+void TiledCoreAnimationDrawingArea::updateGeometry(const IntSize& viewSize, bool flushSynchronously, const WTF::MachSendRight& fencePort)
 {
     m_inUpdateGeometry = true;
 
index 11360c5..8d4ec6d 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -49,7 +49,7 @@
 
 #if PLATFORM(COCOA)
 #include <dispatch/dispatch.h>
-#include <WebCore/MachSendRight.h>
+#include <wtf/MachSendRight.h>
 #endif
 
 #if PLATFORM(IOS)
@@ -135,7 +135,7 @@ public:
     InjectedBundle* injectedBundle() const { return m_injectedBundle.get(); }
 
 #if PLATFORM(COCOA)
-    const WebCore::MachSendRight& compositingRenderServerPort() const { return m_compositingRenderServerPort; }
+    const WTF::MachSendRight& compositingRenderServerPort() const { return m_compositingRenderServerPort; }
 #endif
 
     bool shouldPlugInAutoStartFromOrigin(WebPage&, const String& pageOrigin, const String& pluginOrigin, const String& mimeType);
@@ -397,7 +397,7 @@ private:
     CacheModel m_cacheModel { CacheModelDocumentViewer };
 
 #if PLATFORM(COCOA)
-    WebCore::MachSendRight m_compositingRenderServerPort;
+    WTF::MachSendRight m_compositingRenderServerPort;
 #endif
 
     bool m_fullKeyboardAccessEnabled { false };
index f1cb097..a80883a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2018 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -51,6 +51,7 @@
 #import <WebCore/TimeRanges.h>
 #import <WebCore/WebActionDisablingCALayerDelegate.h>
 #import <mach/mach_port.h>
+#import <wtf/MachSendRight.h>
 
 using namespace WebCore;
 
@@ -575,7 +576,7 @@ void VideoFullscreenManager::setVideoLayerFrameFenced(uint64_t contextId, WebCor
     if (interface->layerHostingContext())
         interface->layerHostingContext()->setFencePort(fencePort.port());
     model->setVideoLayerFrame(bounds);
-    mach_port_deallocate(mach_task_self(), fencePort.port());
+    deallocateSendRightSafely(fencePort.port());
 }
 
 } // namespace WebKit
index f928bc2..d962c8d 100644 (file)
@@ -1,3 +1,14 @@
+2018-04-04  Brent Fulgham  <bfulgham@apple.com>
+
+        Failures from mach port reference handling should be fatal
+        https://bugs.webkit.org/show_bug.cgi?id=184202
+        <rdar://problem/37771114>
+
+        Reviewed by Anders Carlsson.
+
+        * Plugins/Hosted/NetscapePluginHostManager.mm:
+        (WebKit::NetscapePluginHostManager::spawnPluginHost): Adopt new 'safe mach_port_t deallocation' function.
+
 2018-04-03  Andy Estes  <aestes@apple.com>
 
         [Mac] Prioritize file promises over filenames during drag and drop
index 6ea2b6f..d328862 100644 (file)
@@ -37,6 +37,7 @@
 #import <pal/spi/cocoa/ServersSPI.h>
 #import <spawn.h>
 #import <wtf/Assertions.h>
+#import <wtf/MachSendRight.h>
 #import <wtf/NeverDestroyed.h>
 #import <wtf/RetainPtr.h>
 #import <wtf/StdLibExtras.h>
@@ -197,8 +198,8 @@ bool NetscapePluginHostManager::spawnPluginHost(const String& pluginPath, cpu_ty
                                     &pluginHostPSN.highLongOfPSN, &pluginHostPSN.lowLongOfPSN);
     
     if (kr != KERN_SUCCESS) {
-        mach_port_deallocate(mach_task_self(), pluginHostPort);
         LOG_ERROR("Failed to check in with plug-in host, error %x", kr);
+        deallocateSendRightSafely(pluginHostPort);
 
         return false;
     }