Bug 1541934 - mozStorageConnection can crash on shutdown, r=asuth

Differential Revision: https://phabricator.services.mozilla.com/D26491 --HG-- extra : moz-landing-system : lando
2019-04-11 16:43:13 +00:00 · 2019-04-11 16:43:13 +00:00 · 85f93c4ddc
commit 85f93c4ddc
parent 67f9ca11b8
15 changed files with 86 additions and 100 deletions
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@ -50,6 +50,10 @@
 static mozilla::StaticRefPtr<nsPermissionManager> gPermissionManager;
 // Initially, |false|. Set to |true| once shutdown has started, to avoid
 // reopening the database.
 static bool gIsShuttingDown = false;
 using namespace mozilla;
 using namespace mozilla::dom;
@ -285,27 +289,6 @@ already_AddRefed<nsIPrincipal> GetNextSubDomainPrincipal(
  return principal.forget();
 }
 class ClearOriginDataObserver final : public nsIObserver {
  ~ClearOriginDataObserver() {}
 public:
  NS_DECL_ISUPPORTS
  // nsIObserver implementation.
  NS_IMETHOD
  Observe(nsISupports* aSubject, const char* aTopic,
          const char16_t* aData) override {
    MOZ_ASSERT(!nsCRT::strcmp(aTopic, "clear-origin-attributes-data"));
    nsCOMPtr<nsIPermissionManager> permManager =
        do_GetService("@mozilla.org/permissionmanager;1");
    return permManager->RemovePermissionsWithAttributes(
        nsDependentString(aData));
  }
 };
 NS_IMPL_ISUPPORTS(ClearOriginDataObserver, nsIObserver)
 class MOZ_STACK_CLASS UpgradeHostToOriginHelper {
 public:
  virtual nsresult Insert(const nsACString& aOrigin, const nsCString& aType,
@ -838,7 +821,7 @@ NS_IMETHODIMP
 CloseDatabaseListener::Complete(nsresult, nsISupports*) {
  // Help breaking cycles
  RefPtr<nsPermissionManager> manager = mManager.forget();
-  if (mRebuildOnSuccess && !manager->mIsShuttingDown) {
+  if (mRebuildOnSuccess && !gIsShuttingDown) {
    return manager->InitDB(true);
  }
  return NS_OK;
@ -897,12 +880,9 @@ NS_IMETHODIMP DeleteFromMozHostListener::HandleCompletion(uint16_t aReason) {
 }
 /* static */
-void nsPermissionManager::ClearOriginDataObserverInit() {
+void nsPermissionManager::Startup() {
-  nsCOMPtr<nsIObserverService> observerService =
+  nsCOMPtr<nsIPermissionManager> permManager =
-      mozilla::services::GetObserverService();
+      do_GetService("@mozilla.org/permissionmanager;1");
  observerService->AddObserver(new ClearOriginDataObserver(),
                               "clear-origin-attributes-data",
                               /* ownsWeak= */ false);
 }
 ////////////////////////////////////////////////////////////////////////////////
@ -923,7 +903,7 @@ NS_IMPL_ISUPPORTS(nsPermissionManager, nsIPermissionManager, nsIObserver,
                  nsISupportsWeakReference)
 nsPermissionManager::nsPermissionManager()
-    : mMemoryOnlyDB(false), mLargestID(0), mIsShuttingDown(false) {}
+    : mMemoryOnlyDB(false), mLargestID(0) {}
 nsPermissionManager::~nsPermissionManager() {
  // NOTE: Make sure to reject each of the promises in mPermissionKeyPromiseMap
@ -949,6 +929,10 @@ nsPermissionManager::GetXPCOMSingleton() {
    return do_AddRef(gPermissionManager);
  }
  if (gIsShuttingDown) {
    return nullptr;
  }
  // Create a new singleton nsPermissionManager.
  // We AddRef only once since XPCOM has rules about the ordering of module
  // teardowns - by the time our module destructor is called, it's too late to
@ -1002,6 +986,9 @@ nsresult nsPermissionManager::Init() {
  if (observerService) {
    observerService->AddObserver(this, "profile-before-change", true);
    observerService->AddObserver(this, "profile-do-change", true);
    observerService->AddObserver(this, "testonly-reload-permissions-from-disk",
                                 true);
    observerService->AddObserver(this, "clear-origin-attributes-data", true);
  }
  // ignore failure here, since it's non-fatal (we can run fine without
@ -2687,12 +2674,25 @@ NS_IMETHODIMP nsPermissionManager::Observe(nsISupports* aSubject,
  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
    // The profile is about to change,
    // or is going away because the application is shutting down.
-    mIsShuttingDown = true;
+    gIsShuttingDown = true;
    RemoveAllFromMemory();
    CloseDB(false);
  } else if (!nsCRT::strcmp(aTopic, "profile-do-change")) {
    // the profile has already changed; init the db from the new location
    InitDB(false);
  } else if (!nsCRT::strcmp(aTopic, "testonly-reload-permissions-from-disk")) {
    // Testing mechanism to reload all permissions from disk. Because the
    // permission manager automatically initializes itself at startup, tests
    // that directly manipulate the permissions database need some way to reload
    // the database for their changes to have any effect. This mechanism was
    // introduced when moving the permissions manager from on-demand startup to
    // always being initialized. This is not guarded by a pref because it's not
    // dangerous to reload permissions from disk, just bad for performance.
    RemoveAllFromMemory();
    CloseDB(false);
    InitDB(false);
  } else if (!nsCRT::strcmp(aTopic, "clear-origin-attributes-data")) {
    return RemovePermissionsWithAttributes(nsDependentString(someData));
  }
  return NS_OK;
--- a/extensions/cookie/nsPermissionManager.h
+++ b/extensions/cookie/nsPermissionManager.h
@ -193,12 +193,13 @@ class nsPermissionManager final : public nsIPermissionManager,
  }
  /**
-   * Initialize the "clear-origin-attributes-data" observing.
+   * Initialize the permission-manager service.
-   * Will create a nsPermissionManager instance if needed.
+   * The permission manager is always initialized at startup because when it was
-   * That way, we can prevent have nsPermissionManager created at startup just
+   * lazy-initialized on demand, it was possible for it to be created once
-   * to be able to clear data when an application is uninstalled.
+   * shutdown had begun, resulting in the manager failing to correctly shutdown
   * because it missed its shutdown observer notification.
   */
-  static void ClearOriginDataObserverInit();
+  static void Startup();
  nsresult RemovePermissionsWithAttributes(
      mozilla::OriginAttributesPattern& aAttrs);
@ -518,10 +519,6 @@ class nsPermissionManager final : public nsIPermissionManager,
  // a unique, monotonically increasing id used to identify each database entry
  int64_t mLargestID;
  // Initially, |false|. Set to |true| once shutdown has started, to avoid
  // reopening the database.
  bool mIsShuttingDown;
  nsCOMPtr<nsIPrefBranch> mDefaultPrefBranch;
  // NOTE: Ensure this is the last member since it has a large inline buffer.
--- a/extensions/cookie/test/unit/test_permmanager_defaults.js
+++ b/extensions/cookie/test/unit/test_permmanager_defaults.js
@ -45,7 +45,9 @@ add_task(async function do_test() {
  // Set the preference used by the permission manager so the file is read.
  Services.prefs.setCharPref("permissions.manager.defaultsUrl", "file://" + file.path);
-  // initialize the permission manager service - it will read that default.
+  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  let pm = Cc["@mozilla.org/permissionmanager;1"].
           getService(Ci.nsIPermissionManager);
--- a/extensions/cookie/test/unit/test_permmanager_load_invalid_entries.js
+++ b/extensions/cookie/test/unit/test_permmanager_load_invalid_entries.js
@ -19,6 +19,8 @@ function run_test() {
  Assert.ok(file.exists());
  connection.schemaVersion = 3;
  connection.executeSimpleSQL(
    "DROP TABLE moz_hosts");
  connection.executeSimpleSQL(
    "CREATE TABLE moz_hosts (" +
      " id INTEGER PRIMARY KEY" +
@ -113,6 +115,9 @@ function run_test() {
    );
  }
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  let earliestNow = Number(Date.now());
  // Initialize the permission manager service
  var pm = Cc["@mozilla.org/permissionmanager;1"]
--- a/extensions/cookie/test/unit/test_permmanager_migrate_4-7.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_4-7.js
@ -20,6 +20,8 @@ add_task(async function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 4;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  db.executeSimpleSQL(
    "CREATE TABLE moz_hosts (" +
@ -159,6 +161,9 @@ add_task(async function test() {
  await PlacesTestUtils.addVisits(Services.io.newURI("https://foo.com/some/other/subdirectory"));
  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory"));
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/extensions/cookie/test/unit/test_permmanager_migrate_4-7_no_history.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_4-7_no_history.js
@ -56,6 +56,8 @@ add_task(function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 4;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  db.executeSimpleSQL(
    "CREATE TABLE moz_hosts (" +
@ -175,6 +177,9 @@ add_task(function test() {
  let found = expected.map((it) => 0);
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/extensions/cookie/test/unit/test_permmanager_migrate_5-7a.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_5-7a.js
@ -20,6 +20,8 @@ add_task(async function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 5;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  /*
   * V5 table
@ -218,6 +220,9 @@ add_task(async function test() {
  await PlacesTestUtils.addVisits(Services.io.newURI("https://foo.com/some/other/subdirectory"));
  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory"));
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/extensions/cookie/test/unit/test_permmanager_migrate_5-7b.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_5-7b.js
@ -20,6 +20,8 @@ add_task(function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 5;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  /*
   * V5 table
@ -100,6 +102,9 @@ add_task(function test() {
  let found = expected.map((it) => 0);
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/extensions/cookie/test/unit/test_permmanager_migrate_6-7a.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_6-7a.js
@ -20,6 +20,8 @@ add_task(async function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 6;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  /*
   * V5 table
@ -218,6 +220,9 @@ add_task(async function test() {
  await PlacesTestUtils.addVisits(Services.io.newURI("https://foo.com/some/other/subdirectory"));
  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory"));
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/extensions/cookie/test/unit/test_permmanager_migrate_6-7b.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_6-7b.js
@ -20,6 +20,8 @@ add_task(function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 6;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  /*
   * V5 table
@ -94,6 +96,9 @@ add_task(function test() {
  let found = expected.map((it) => 0);
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/extensions/cookie/test/unit/test_permmanager_migrate_7-8.js
+++ b/extensions/cookie/test/unit/test_permmanager_migrate_7-8.js
@ -20,6 +20,8 @@ add_task(async function test() {
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 7;
  db.executeSimpleSQL("DROP TABLE moz_perms");
  db.executeSimpleSQL("DROP TABLE moz_hosts");
  /*
   * V5 table
@ -198,6 +200,9 @@ add_task(async function test() {
  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://127.0.0.1:8080"));
  await PlacesTestUtils.addVisits(Services.io.newURI("https://localhost:8080"));
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk", "");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.enumerator) {
    let isExpected = false;
--- a/layout/build/nsLayoutStatics.cpp
+++ b/layout/build/nsLayoutStatics.cpp
@ -256,7 +256,8 @@ nsresult nsLayoutStatics::Initialize() {
  ProcessPriorityManager::Init();
-  nsPermissionManager::ClearOriginDataObserverInit();
+  nsPermissionManager::Startup();
  nsCookieService::AppClearDataObserverInit();
  nsApplicationCacheService::AppClearDataObserverInit();
--- a/storage/test/gtest/moz.build
+++ b/storage/test/gtest/moz.build
@ -11,7 +11,6 @@ UNIFIED_SOURCES += [
    'test_binding_params.cpp',
    'test_file_perms.cpp',
    'test_mutex.cpp',
    'test_service_init_background_thread.cpp',
    'test_spinningSynchronousClose.cpp',
    'test_statement_scoper.cpp',
    'test_StatementCache.cpp',
--- a/storage/test/gtest/test_service_init_background_thread.cpp
+++ b/storage/test/gtest/test_service_init_background_thread.cpp
@ -1,56 +0,0 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim set:sw=2 ts=2 et lcs=trail\:.,tab\:>~ : */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "storage_test_harness.h"
 #include "nsThreadUtils.h"
 /**
 * This file tests that the storage service cannot be initialized off the main
 * thread.
 */
 ////////////////////////////////////////////////////////////////////////////////
 //// Helpers
 class ServiceInitializer : public mozilla::Runnable {
 public:
  ServiceInitializer() : mozilla::Runnable("ServiceInitializer") {}
  NS_IMETHOD Run() override {
    // Use an explicit do_GetService instead of getService so that the check in
    // getService doesn't blow up.
    nsCOMPtr<mozIStorageService> service =
        do_GetService("@mozilla.org/storage/service;1");
    do_check_false(service);
    return NS_OK;
  }
 };
 ////////////////////////////////////////////////////////////////////////////////
 //// Test Functions
 // HACK ALERT: this test fails if it runs after any of the other storage tests
 // because the storage service will have been initialized and the
 // do_GetService() call in ServiceInitializer::Run will succeed. So we need a
 // way to force it to run before all the other storage gtests. As it happens,
 // gtest has a concept of "death tests" that, among other things, run before
 // all non-death tests. By merely using a "DeathTest" suffix here this becomes
 // a death test -- even though it doesn't use any of the normal death test
 // features -- which ensures this is the first storage test to run.
 TEST(storage_service_init_background_thread_DeathTest, Test)
 {
  nsCOMPtr<nsIRunnable> event = new ServiceInitializer();
  do_check_true(event);
  nsCOMPtr<nsIThread> thread;
  do_check_success(NS_NewNamedThread("StorageService", getter_AddRefs(thread)));
  do_check_success(thread->Dispatch(event, NS_DISPATCH_NORMAL));
  // Shutting down the thread will spin the event loop until all work in its
  // event queue is completed.  This will act as our thread synchronization.
  do_check_success(thread->Shutdown());
 }
--- a/toolkit/forgetaboutsite/test/unit/head_forgetaboutsite.js
+++ b/toolkit/forgetaboutsite/test/unit/head_forgetaboutsite.js
@ -9,14 +9,13 @@ var profileDir = do_get_profile();
 /**
 * Removes any files that could make our tests fail.
 */
-function cleanUp() {
+async function cleanUp() {
  const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
  let files = [
    "places.sqlite",
    "cookies.sqlite",
    "signons.sqlite",
    "permissions.sqlite",
  ];
  for (let i = 0; i < files.length; i++) {
@ -25,5 +24,9 @@ function cleanUp() {
    if (file.exists())
      file.remove(false);
  }
  await new Promise(resolve => {
    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_PERMISSIONS, value => resolve());
  });
 }
 cleanUp();