Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: cherry-pick 72ee7c437c88 from chromium #25243

Merged
merged 3 commits into from Sep 2, 2020

Conversation

nornagon
Copy link
Member

@nornagon nornagon commented Aug 31, 2020

[Merge to M84] Worker: Fix a race condition on task runner handling

WebSharedWorkerImpl accesses WorkerScheduler from the main thread to
take a task runner, and then dispatches a connect event to
SharedWorkerGlobalScope using the task runner.

This causes a race condition if close() is called on the global scope
on the worker thread while the task runner is being taken on the main
thread: close() call disposes of WorkerScheduler, and accessing the
scheduler after that is not allowed. See the issue for details.

To fix this, this CL makes WebSharedWorkerImpl capture the task runner
between starting a worker thread (initializing WorkerScheduler) and
posting a task to evaluate worker scripts that may call close(). This
ensures that WebSharedWorkerImpl accesses WorkerScheduler before the
scheduler is disposed of.

(cherry picked from commit c7bbec3e595c4359e36e5472b7265c4b6d047f2c)

Bug: 1104046
Change-Id: I145cd39f706019c33220fcb01ed81f76963ffff0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2308550
Commit-Queue: Hiroki Nakagawa nhiroki@chromium.org
Reviewed-by: Kenichi Ishibashi bashi@chromium.org
Cr-Original-Commit-Position: refs/heads/master@{#790284}
Tbr: bashi@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2342337
Reviewed-by: Hiroki Nakagawa nhiroki@chromium.org
Cr-Commit-Position: refs/branch-heads/4147@{#1050}
Cr-Branched-From: 16307825352720ae04d898f37efa5449ad68b606-refs/heads/master@{#768962}

Notes: Security: backported fix for 1104046.

@nornagon nornagon requested a review from a team as a code owner Aug 31, 2020
@nornagon nornagon added 8-x-y backport-check-skip Skip trop's backport validity checking labels Aug 31, 2020
@electron-cation electron-cation bot added the new-pr 🌱 PR opened in the last 24 hours label Aug 31, 2020
@electron-cation electron-cation bot removed the new-pr 🌱 PR opened in the last 24 hours label Sep 1, 2020
@nornagon nornagon merged commit 656ae25 into 8-x-y Sep 2, 2020
6 of 13 checks passed
@release-clerk
Copy link

release-clerk bot commented Sep 2, 2020

Release Notes Persisted

Security: backported fix for 1104046.

@nornagon nornagon deleted the cherry-pick/8-x-y/chromium/72ee7c437c88 branch Sep 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8-x-y backport-check-skip Skip trop's backport validity checking
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants