[webkit-changes] [WebKit/WebKit] ea2439: Versioning.

Keith Miller noreply at github.com
Wed May 22 15:30:43 PDT 2024 

  Branch: refs/heads/safari-7618.2.12.13-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: ea2439209d9fe9154b5f04fb3bba08379bfc8d72
      https://github.com/WebKit/WebKit/commit/ea2439209d9fe9154b5f04fb3bba08379bfc8d72
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-04-15 (Mon, 15 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.12.13.1

Canonical link: https://commits.webkit.org/272448.932@safari-7618.2.12.13-branch


  Commit: b76830ca75df8b00dbdb36c592ad84f7ed110866
      https://github.com/WebKit/WebKit/commit/b76830ca75df8b00dbdb36c592ad84f7ed110866
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-04-16 (Tue, 16 Apr 2024)

  Changed paths:
    M Source/WebKit/Shared/AuxiliaryProcess.h
    M Source/WebKit/Shared/AuxiliaryProcess.messages.in
    M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm

  Log Message:
  -----------
  Cherry-pick d6540a38e780. rdar://126492909

    Regression(277427 at main) Crash under AuxiliaryProcessProxy::notifyPreferencesChanged()
    https://bugs.webkit.org/show_bug.cgi?id=272695
    rdar://126492909

    Reviewed by Per Arne Vollan.

    We were using a HashMap to store preferences whose key was a std::pair<String, String>.
    The first String was the domain and the second the preference name. However, for global
    preferences, the domain is null, causing a crash when hashing the key.

    To address an issue, we now store global preferences in a separate HashMap.

    * Source/WebKit/Shared/AuxiliaryProcess.h:
    * Source/WebKit/Shared/AuxiliaryProcess.messages.in:
    * Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm:
    (WebKit::AuxiliaryProcess::preferencesDidUpdate):
    * Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
    (WebKit::AuxiliaryProcessProxy::didChangeThrottleState):
    * Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
    * Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
    (WebKit::AuxiliaryProcessProxy::notifyPreferencesChanged):

    Canonical link: https://commits.webkit.org/277514@main


  Commit: c4b640fbedbee2518b1fb4b1847657a91df811ed
      https://github.com/WebKit/WebKit/commit/c4b640fbedbee2518b1fb4b1847657a91df811ed
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.2.12.13.2

Canonical link: https://commits.webkit.org/272448.934@safari-7618.2.12.13-branch


  Commit: d7e2f94c57ea9901695253d7882747b6f62b6ab8
      https://github.com/WebKit/WebKit/commit/d7e2f94c57ea9901695253d7882747b6f62b6ab8
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/XPCUtilities.h
    M Source/WebKit/Platform/cocoa/XPCUtilities.mm
    M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
    M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
    M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm

  Log Message:
  -----------
  Cherry-pick 3c2c899f692d. rdar://126479653

    WebKit process termination with xpc_connection_kill does not always work
    https://bugs.webkit.org/show_bug.cgi?id=272669
    rdar://126479653

    Reviewed by Chris Dumez.

    WebKit process termination with xpc_connection_kill does not always work. We are currently seeing flaky
    termination behavior on macOS, where the child processes are not always terminated successfully.
    Additionally, on iOS, the XPC connection has become anonymous due to migration to extensions for WebKit
    processes, and xpc_connection_kill does not support anonymous connections. This patch addresses this
    issue by creating and sending a XPC message to the child process to request termination. This has a
    high chance of success, since we know that the XPC connection termination watchdog is holding a
    background assertion on the process, so it is not suspended. Additionally, the XPC message is being
    handled on the XPC event handler thread, which is handling very few messages, so it is very unlikely
    that it is blocked and cannot handle the message. This gives the process a chance to exit cleanly and
    send a reply back. If the UI process does not receive the expected reply, it will try calling
    xpc_connection_kill.

    * Source/WebKit/Platform/cocoa/XPCUtilities.h:
    * Source/WebKit/Platform/cocoa/XPCUtilities.mm:
    (WebKit::terminateWithReason):
    (WebKit::handleXPCExitMessage):
    * Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm:
    (WebKit::AuthenticationManager::initializeConnection):
    * Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:
    (WebKit::XPCEndpoint::XPCEndpoint):
    * Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
    (WebKit::XPCServiceEventHandler):

    Canonical link: https://commits.webkit.org/277509@main


  Commit: 66b2665acc10dd7202645d8b212f647aada6762e
      https://github.com/WebKit/WebKit/commit/66b2665acc10dd7202645d8b212f647aada6762e
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/XPCUtilities.mm

  Log Message:
  -----------
  Cherry-pick 1bfeac262aa5. rdar://126479653

    Compile fix after <https://commits.webkit.org/277509@main>
    https://bugs.webkit.org/show_bug.cgi?id=272824
    rdar://126479653

    Unreviewed compile fix.

    * Source/WebKit/Platform/cocoa/XPCUtilities.mm:

    Canonical link: https://commits.webkit.org/277621@main


  Commit: 92b8d408b1f9658808dd21758df668195f20c3c6
      https://github.com/WebKit/WebKit/commit/92b8d408b1f9658808dd21758df668195f20c3c6
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/Sources.txt
    M Source/JavaScriptCore/bytecode/ExpressionInfo.h
    M Source/JavaScriptCore/runtime/CachedTypes.cpp
    M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
    A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
    R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
    M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
    M Source/WTF/wtf/spi/darwin/dyldSPI.h

  Log Message:
  -----------
  Apply patch. rdar://126195542


  Commit: a6f1d0aa1f343e915ba446d337ec720ba8310b1f
      https://github.com/WebKit/WebKit/commit/a6f1d0aa1f343e915ba446d337ec720ba8310b1f
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/Sources.txt
    M Source/JavaScriptCore/bytecode/ExpressionInfo.h
    M Source/JavaScriptCore/runtime/CachedTypes.cpp
    M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
    R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
    A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
    M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
    M Source/WTF/wtf/spi/darwin/dyldSPI.h

  Log Message:
  -----------
  Revert "Apply patch. rdar://126195542"

This reverts commit 92b8d408b1f9658808dd21758df668195f20c3c6.


  Commit: e7cb80cb98d995a71bb29eae929183aa008ead5f
      https://github.com/WebKit/WebKit/commit/e7cb80cb98d995a71bb29eae929183aa008ead5f
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/XPCUtilities.mm

  Log Message:
  -----------
  Revert "Cherry-pick 1bfeac262aa5. rdar://126479653"

This reverts commit 66b2665acc10dd7202645d8b212f647aada6762e.


  Commit: dbfb1cdd989125f7c728d08c0a2d00cb3c117dfe
      https://github.com/WebKit/WebKit/commit/dbfb1cdd989125f7c728d08c0a2d00cb3c117dfe
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/WebKit/Platform/cocoa/XPCUtilities.h
    M Source/WebKit/Platform/cocoa/XPCUtilities.mm
    M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
    M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
    M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm

  Log Message:
  -----------
  Revert "Cherry-pick 3c2c899f692d. rdar://126479653"

This reverts commit d7e2f94c57ea9901695253d7882747b6f62b6ab8.


  Commit: 6ce501a2bff07d473dc2f57cbbde83e6c88108d1
      https://github.com/WebKit/WebKit/commit/6ce501a2bff07d473dc2f57cbbde83e6c88108d1
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-04-22 (Mon, 22 Apr 2024)

  Changed paths:
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h
    M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
    M Source/JavaScriptCore/jit/ThunkGenerators.cpp
    M Source/JavaScriptCore/llint/LLIntThunks.cpp
    M Source/JavaScriptCore/runtime/Options.cpp
    M Source/JavaScriptCore/runtime/OptionsList.h
    M Source/WTF/wtf/PtrTag.h
    M Source/WebKit/WebProcess/WebProcess.cpp
    M Tools/Scripts/run-jsc-stress-tests

  Log Message:
  -----------
  Cherry-pick f442fbe222f3. rdar://125596635

    Make it harder to get a PAC signing gadget in JIT code.
    https://bugs.webkit.org/show_bug.cgi?id=272750
    rdar://125596635

    Reviewed by Yusuke Suzuki.

    Right now if an attacker can control where code is allocated they can overlap code to create a PAC bypass.
    This patch makes that harder (in the WebContent process) by only allowing pacibsp and pacizb. This means
    that during arity fixup we now tag the return PC with pacizb. This is ok because we don't use the zero
    diversifier for anything. For reifying inlined call frames during OSR exit things are a bit more complicated.
    First we have be careful to only move signed return addresses into lr then untag them there. Also, we have
    to shuffle SP to point to where it would in reified frame. This means that there is technically live data
    below our SP, which on many OSes causes problems. Talking to our kernel folks however this isn't a problem
    as long as we don't have any signal handlers or run lldb expressions in this window. We don't use signal
    handlers in the WebContent process and this patch tries to limit/document the window of JIT code where lldb
    would trash the stack.

    * Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:
    (JSC::MacroAssemblerARM64E::tagPtr):
    * Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
    (JSC::DFG::reifyInlinedCallFrames):
    (JSC::AssemblyHelpers::transferReturnPC):
    * Source/JavaScriptCore/jit/ThunkGenerators.cpp:
    (JSC::arityFixupGenerator):
    * Source/JavaScriptCore/llint/LLIntThunks.cpp:
    (JSC::LLInt::tagGateThunk):
    (JSC::LLInt::untagGateThunk):
    * Source/JavaScriptCore/runtime/OptionsList.h:
    * Source/WTF/wtf/PtrTag.h:
    * Source/WebKit/WebProcess/WebProcess.cpp:
    (WebKit::WebProcess::initializeProcess):
    * Tools/Scripts/run-jsc-stress-tests:

    Canonical link: https://commits.webkit.org/272448.948@safari-7618-branch

Canonical link: https://commits.webkit.org/272448.941@safari-7618.2.12.13-branch


Compare: https://github.com/WebKit/WebKit/compare/ea2439209d9f%5E...6ce501a2bff0

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list