[webkit-changes] [WebKit/WebKit] ea2439: Versioning.
Keith Miller
noreply at github.com
Wed May 22 15:30:43 PDT 2024
Branch: refs/heads/safari-7618.2.12.13-branch
Home: https://github.com/WebKit/WebKit
Commit: ea2439209d9fe9154b5f04fb3bba08379bfc8d72
https://github.com/WebKit/WebKit/commit/ea2439209d9fe9154b5f04fb3bba08379bfc8d72
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-04-15 (Mon, 15 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.13.1
Canonical link: https://commits.webkit.org/272448.932@safari-7618.2.12.13-branch
Commit: b76830ca75df8b00dbdb36c592ad84f7ed110866
https://github.com/WebKit/WebKit/commit/b76830ca75df8b00dbdb36c592ad84f7ed110866
Author: Chris Dumez <cdumez at apple.com>
Date: 2024-04-16 (Tue, 16 Apr 2024)
Changed paths:
M Source/WebKit/Shared/AuxiliaryProcess.h
M Source/WebKit/Shared/AuxiliaryProcess.messages.in
M Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
Log Message:
-----------
Cherry-pick d6540a38e780. rdar://126492909
Regression(277427 at main) Crash under AuxiliaryProcessProxy::notifyPreferencesChanged()
https://bugs.webkit.org/show_bug.cgi?id=272695
rdar://126492909
Reviewed by Per Arne Vollan.
We were using a HashMap to store preferences whose key was a std::pair<String, String>.
The first String was the domain and the second the preference name. However, for global
preferences, the domain is null, causing a crash when hashing the key.
To address an issue, we now store global preferences in a separate HashMap.
* Source/WebKit/Shared/AuxiliaryProcess.h:
* Source/WebKit/Shared/AuxiliaryProcess.messages.in:
* Source/WebKit/Shared/Cocoa/AuxiliaryProcessCocoa.mm:
(WebKit::AuxiliaryProcess::preferencesDidUpdate):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::didChangeThrottleState):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
* Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
(WebKit::AuxiliaryProcessProxy::notifyPreferencesChanged):
Canonical link: https://commits.webkit.org/277514@main
Commit: c4b640fbedbee2518b1fb4b1847657a91df811ed
https://github.com/WebKit/WebKit/commit/c4b640fbedbee2518b1fb4b1847657a91df811ed
Author: Dan Robson <dtr_bugzilla at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7618.2.12.13.2
Canonical link: https://commits.webkit.org/272448.934@safari-7618.2.12.13-branch
Commit: d7e2f94c57ea9901695253d7882747b6f62b6ab8
https://github.com/WebKit/WebKit/commit/d7e2f94c57ea9901695253d7882747b6f62b6ab8
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.h
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
Log Message:
-----------
Cherry-pick 3c2c899f692d. rdar://126479653
WebKit process termination with xpc_connection_kill does not always work
https://bugs.webkit.org/show_bug.cgi?id=272669
rdar://126479653
Reviewed by Chris Dumez.
WebKit process termination with xpc_connection_kill does not always work. We are currently seeing flaky
termination behavior on macOS, where the child processes are not always terminated successfully.
Additionally, on iOS, the XPC connection has become anonymous due to migration to extensions for WebKit
processes, and xpc_connection_kill does not support anonymous connections. This patch addresses this
issue by creating and sending a XPC message to the child process to request termination. This has a
high chance of success, since we know that the XPC connection termination watchdog is holding a
background assertion on the process, so it is not suspended. Additionally, the XPC message is being
handled on the XPC event handler thread, which is handling very few messages, so it is very unlikely
that it is blocked and cannot handle the message. This gives the process a chance to exit cleanly and
send a reply back. If the UI process does not receive the expected reply, it will try calling
xpc_connection_kill.
* Source/WebKit/Platform/cocoa/XPCUtilities.h:
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
(WebKit::terminateWithReason):
(WebKit::handleXPCExitMessage):
* Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm:
(WebKit::AuthenticationManager::initializeConnection):
* Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:
(WebKit::XPCEndpoint::XPCEndpoint):
* Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
(WebKit::XPCServiceEventHandler):
Canonical link: https://commits.webkit.org/277509@main
Commit: 66b2665acc10dd7202645d8b212f647aada6762e
https://github.com/WebKit/WebKit/commit/66b2665acc10dd7202645d8b212f647aada6762e
Author: Per Arne Vollan <pvollan at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
Log Message:
-----------
Cherry-pick 1bfeac262aa5. rdar://126479653
Compile fix after <https://commits.webkit.org/277509@main>
https://bugs.webkit.org/show_bug.cgi?id=272824
rdar://126479653
Unreviewed compile fix.
* Source/WebKit/Platform/cocoa/XPCUtilities.mm:
Canonical link: https://commits.webkit.org/277621@main
Commit: 92b8d408b1f9658808dd21758df668195f20c3c6
https://github.com/WebKit/WebKit/commit/92b8d408b1f9658808dd21758df668195f20c3c6
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/ExpressionInfo.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Apply patch. rdar://126195542
Commit: a6f1d0aa1f343e915ba446d337ec720ba8310b1f
https://github.com/WebKit/WebKit/commit/a6f1d0aa1f343e915ba446d337ec720ba8310b1f
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/bytecode/ExpressionInfo.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
M Source/JavaScriptCore/runtime/FileBasedFuzzerAgentBase.h
R Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp
A Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.cpp.in
M Source/JavaScriptCore/runtime/JSCBytecodeCacheVersion.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/WTF/wtf/spi/darwin/dyldSPI.h
Log Message:
-----------
Revert "Apply patch. rdar://126195542"
This reverts commit 92b8d408b1f9658808dd21758df668195f20c3c6.
Commit: e7cb80cb98d995a71bb29eae929183aa008ead5f
https://github.com/WebKit/WebKit/commit/e7cb80cb98d995a71bb29eae929183aa008ead5f
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
Log Message:
-----------
Revert "Cherry-pick 1bfeac262aa5. rdar://126479653"
This reverts commit 66b2665acc10dd7202645d8b212f647aada6762e.
Commit: dbfb1cdd989125f7c728d08c0a2d00cb3c117dfe
https://github.com/WebKit/WebKit/commit/dbfb1cdd989125f7c728d08c0a2d00cb3c117dfe
Author: Mohsin Qureshi <mohsinq at apple.com>
Date: 2024-04-17 (Wed, 17 Apr 2024)
Changed paths:
M Source/WebKit/Platform/cocoa/XPCUtilities.h
M Source/WebKit/Platform/cocoa/XPCUtilities.mm
M Source/WebKit/Shared/Authentication/cocoa/AuthenticationManagerCocoa.mm
M Source/WebKit/Shared/Cocoa/XPCEndpoint.mm
M Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
Log Message:
-----------
Revert "Cherry-pick 3c2c899f692d. rdar://126479653"
This reverts commit d7e2f94c57ea9901695253d7882747b6f62b6ab8.
Commit: 6ce501a2bff07d473dc2f57cbbde83e6c88108d1
https://github.com/WebKit/WebKit/commit/6ce501a2bff07d473dc2f57cbbde83e6c88108d1
Author: Keith Miller <keith_miller at apple.com>
Date: 2024-04-22 (Mon, 22 Apr 2024)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
M Source/JavaScriptCore/llint/LLIntThunks.cpp
M Source/JavaScriptCore/runtime/Options.cpp
M Source/JavaScriptCore/runtime/OptionsList.h
M Source/WTF/wtf/PtrTag.h
M Source/WebKit/WebProcess/WebProcess.cpp
M Tools/Scripts/run-jsc-stress-tests
Log Message:
-----------
Cherry-pick f442fbe222f3. rdar://125596635
Make it harder to get a PAC signing gadget in JIT code.
https://bugs.webkit.org/show_bug.cgi?id=272750
rdar://125596635
Reviewed by Yusuke Suzuki.
Right now if an attacker can control where code is allocated they can overlap code to create a PAC bypass.
This patch makes that harder (in the WebContent process) by only allowing pacibsp and pacizb. This means
that during arity fixup we now tag the return PC with pacizb. This is ok because we don't use the zero
diversifier for anything. For reifying inlined call frames during OSR exit things are a bit more complicated.
First we have be careful to only move signed return addresses into lr then untag them there. Also, we have
to shuffle SP to point to where it would in reified frame. This means that there is technically live data
below our SP, which on many OSes causes problems. Talking to our kernel folks however this isn't a problem
as long as we don't have any signal handlers or run lldb expressions in this window. We don't use signal
handlers in the WebContent process and this patch tries to limit/document the window of JIT code where lldb
would trash the stack.
* Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:
(JSC::MacroAssemblerARM64E::tagPtr):
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
(JSC::AssemblyHelpers::transferReturnPC):
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::arityFixupGenerator):
* Source/JavaScriptCore/llint/LLIntThunks.cpp:
(JSC::LLInt::tagGateThunk):
(JSC::LLInt::untagGateThunk):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/WTF/wtf/PtrTag.h:
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeProcess):
* Tools/Scripts/run-jsc-stress-tests:
Canonical link: https://commits.webkit.org/272448.948@safari-7618-branch
Canonical link: https://commits.webkit.org/272448.941@safari-7618.2.12.13-branch
Compare: https://github.com/WebKit/WebKit/compare/ea2439209d9f%5E...6ce501a2bff0
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list