[Webkit-unassigned] [Bug 231472] New: IOCache::read and IOCache::write should be called with a serial workqueue

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Oct 9 00:30:20 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=231472

            Bug ID: 231472
           Summary: IOCache::read and IOCache::write should be called with
                    a serial workqueue
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jean-yves.avenard at apple.com
                CC: beidson at apple.com

Seen while going over bug 231418

IOCache::read and IOCache::write are called with a WorkQueue as parameter [1]

In Engine::readFile [2] and Caches::retrieveOriginFromDirectory [3]; it is called with the main WorkQueue which is a serial work queue

In Storage::dispatchReadOperation [4] however it is called using the ioQueue which is the a concurrent one, only to be called again using the main thread one in Storage::traverse [5]

The use of a concurrent WorkQueue is dangerous as there's no guarantee in the order of execution of the tasks queued, and they could run simultaneously on different thread.

The glibc implementation in particular, doesn't guarantee that the completion handler will be called in the right order should there be multiple call to read. For now however, the glibc WorkQueue is always a serial one, but should this change in the future, it could cause undefined behaviour.

[1] https://webkit-search.igalia.com/webkit/rev/db21dfc9fcff4b8205577497cc74941727528dfb/Source/WebKit/NetworkProcess/cache/NetworkCacheIOChannel.h#52-53
[2] https://webkit-search.igalia.com/webkit/rev/db21dfc9fcff4b8205577497cc74941727528dfb/Source/WebKit/NetworkProcess/cache/CacheStorageEngine.cpp#505
[3] https://webkit-search.igalia.com/webkit/rev/db21dfc9fcff4b8205577497cc74941727528dfb/Source/WebKit/NetworkProcess/cache/CacheStorageEngineCaches.cpp#87
[4] https://webkit-search.igalia.com/webkit/rev/db21dfc9fcff4b8205577497cc74941727528dfb/Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp#752
[5] https://webkit-search.igalia.com/webkit/rev/db21dfc9fcff4b8205577497cc74941727528dfb/Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp#1000

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211009/a6d97da9/attachment-0001.htm>

More information about the webkit-unassigned mailing list