Tie the lifetime of each DedicatedWorkerHost to their RenderProcessHost

Bug: 1035555 Change-Id: Ic4e977a2b0aa3952eef1f54bd1ada62bdd07d4fa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1988741 Commit-Queue: Patrick Monette <pmonette@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#729841}

Tie the lifetime of each DedicatedWorkerHost to their RenderProcessHost
Bug: 1035555 Change-Id: Ic4e977a2b0aa3952eef1f54bd1ada62bdd07d4fa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1988741 Commit-Queue: Patrick Monette <pmonette@chromium.org> Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#729841}
2f901908 · Patrick Monette · Commit Bot · 3dfe7895 · 2f901908 · 2f901908
Commit 2f901908 authored Jan 09, 2020 by Patrick Monette Committed by Commit Bot Jan 09, 2020
2 changed files
--- a/content/browser/worker_host/dedicated_worker_host.cc
+++ b/content/browser/worker_host/dedicated_worker_host.cc
@@ -39,17 +39,21 @@
 namespace content {

 DedicatedWorkerHost::DedicatedWorkerHost(
-    int worker_process_id,
+    RenderProcessHost* worker_process_host,
    int ancestor_render_frame_id,
    int creator_render_frame_id,
    const url::Origin& origin,
    mojo::PendingReceiver<blink::mojom::DedicatedWorkerHost> host)
-    : worker_process_id_(worker_process_id),
+    : worker_process_host_(worker_process_host),
+      scoped_process_host_observer_(this),
      ancestor_render_frame_id_(ancestor_render_frame_id),
      creator_render_frame_id_(creator_render_frame_id),
      origin_(origin),
      host_receiver_(this, std::move(host)) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  DCHECK(worker_process_host_);
+
+  scoped_process_host_observer_.Add(worker_process_host_);
 }

 DedicatedWorkerHost::~DedicatedWorkerHost() = default;
@@ -85,6 +89,13 @@ void DedicatedWorkerHost::LifecycleStateChanged(
  }
 }

+void DedicatedWorkerHost::RenderProcessHostDestroyed(
+    RenderProcessHost* render_process_host) {
+  DCHECK_EQ(worker_process_host_, render_process_host);
+
+  delete this;
+}
+
 void DedicatedWorkerHost::StartScriptLoad(
    const GURL& script_url,
    const url::Origin& request_initiator_origin,
@@ -100,14 +111,8 @@ void DedicatedWorkerHost::StartScriptLoad(
  DCHECK(client);
  client_ = std::move(client);

-  // Get a storage partition.
-  auto* worker_process_host = RenderProcessHost::FromID(worker_process_id_);
-  if (!worker_process_host) {
-    client_->OnScriptLoadStartFailed();
-    return;
-  }
  auto* storage_partition_impl = static_cast<StoragePartitionImpl*>(
-      worker_process_host->GetStoragePartition());
+      worker_process_host_->GetStoragePartition());

  // Get nearest ancestor render frame host in order to determine the
  // top-frame origin to use for the network isolation key.
@@ -153,10 +158,10 @@ void DedicatedWorkerHost::StartScriptLoad(
  // If this is a nested worker, there is no creator frame.
  RenderFrameHostImpl* creator_render_frame_host = nullptr;
  if (creator_render_frame_id_ != MSG_ROUTING_NONE) {
-    // Use |worker_process_id_| as the creator render frame's process ID as the
-    // frame surely lives in the same process for dedicated workers.
+    // Use |worker_process_host_->GetID()| as the creator render frame's process
+    // ID as the frame surely lives in the same process for dedicated workers.
    creator_render_frame_host = RenderFrameHostImpl::FromID(
-        worker_process_id_, creator_render_frame_id_);
+        worker_process_host_->GetID(), creator_render_frame_id_);
    if (!creator_render_frame_host) {
      client_->OnScriptLoadStartFailed();
      return;
@@ -184,7 +189,7 @@ void DedicatedWorkerHost::StartScriptLoad(
      storage_partition_impl->GetServiceWorkerContext());

  WorkerScriptFetchInitiator::Start(
-      worker_process_id_, script_url, creator_render_frame_host,
+      worker_process_host_->GetID(), script_url, creator_render_frame_host,
      request_initiator_origin, network_isolation_key_, credentials_mode,
      std::move(outside_fetch_client_settings_object), ResourceType::kWorker,
      storage_partition_impl->GetServiceWorkerContext(),
@@ -215,12 +220,6 @@ void DedicatedWorkerHost::DidStartScriptLoad(
  // TODO(https://crbug.com/986188): Check if the main script's final response
  // URL is commitable.

-  auto* worker_process_host = RenderProcessHost::FromID(worker_process_id_);
-  if (!worker_process_host) {
-    client_->OnScriptLoadStartFailed();
-    return;
-  }
-
  // TODO(cammie): Change this approach when we support shared workers
  // creating dedicated workers, as there might be no ancestor frame.
  RenderFrameHostImpl* ancestor_render_frame_host =
@@ -233,14 +232,13 @@ void DedicatedWorkerHost::DidStartScriptLoad(
  // Start observing Network Service crash when it's running out-of-process.
  if (IsOutOfProcessNetworkService()) {
    ObserveNetworkServiceCrash(static_cast<StoragePartitionImpl*>(
-        worker_process_host->GetStoragePartition()));
+        worker_process_host_->GetStoragePartition()));
  }

  // Set up the default network loader factory.
  bool bypass_redirect_checks = false;
  subresource_loader_factories->pending_default_factory() =
-      CreateNetworkFactoryForSubresources(worker_process_host,
-                                          ancestor_render_frame_host,
+      CreateNetworkFactoryForSubresources(ancestor_render_frame_host,
                                          &bypass_redirect_checks);
  subresource_loader_factories->set_bypass_redirect_checks(
      bypass_redirect_checks);
@@ -279,11 +277,9 @@ void DedicatedWorkerHost::DidStartScriptLoad(

 mojo::PendingRemote<network::mojom::URLLoaderFactory>
 DedicatedWorkerHost::CreateNetworkFactoryForSubresources(
-    RenderProcessHost* worker_process_host,
    RenderFrameHostImpl* ancestor_render_frame_host,
    bool* bypass_redirect_checks) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  DCHECK(worker_process_host);
  DCHECK(ancestor_render_frame_host);
  DCHECK(bypass_redirect_checks);

@@ -294,10 +290,10 @@ DedicatedWorkerHost::CreateNetworkFactoryForSubresources(

  network::mojom::URLLoaderFactoryParamsPtr factory_params =
      URLLoaderFactoryParamsHelper::CreateForFrame(
-          ancestor_render_frame_host, origin_, worker_process_host);
+          ancestor_render_frame_host, origin_, worker_process_host_);
  GetContentClient()->browser()->WillCreateURLLoaderFactory(
-      worker_process_host->GetBrowserContext(),
-      /*frame=*/nullptr, worker_process_id_,
+      worker_process_host_->GetBrowserContext(),
+      /*frame=*/nullptr, worker_process_host_->GetID(),
      ContentBrowserClient::URLLoaderFactoryType::kWorkerSubResource, origin_,
      /*navigation_id=*/base::nullopt, &default_factory_receiver,
      &factory_params->header_client, bypass_redirect_checks,
@@ -306,7 +302,7 @@ DedicatedWorkerHost::CreateNetworkFactoryForSubresources(
  // TODO(nhiroki): Call devtools_instrumentation::WillCreateURLLoaderFactory()
  // here.

-  worker_process_host->CreateURLLoaderFactory(
+  worker_process_host_->CreateURLLoaderFactory(
      std::move(default_factory_receiver), std::move(factory_params));

  return pending_default_factory;
@@ -337,10 +333,11 @@ void DedicatedWorkerHost::CreateWebSocketConnector(
                             "The parent frame has already been gone.");
    return;
  }
-  mojo::MakeSelfOwnedReceiver(std::make_unique<WebSocketConnectorImpl>(
-                                  worker_process_id_, ancestor_render_frame_id_,
-                                  origin_, network_isolation_key_),
-                              std::move(receiver));
+  mojo::MakeSelfOwnedReceiver(
+      std::make_unique<WebSocketConnectorImpl>(worker_process_host_->GetID(),
+                                               ancestor_render_frame_id_,
+                                               origin_, network_isolation_key_),
+      std::move(receiver));
 }

 void DedicatedWorkerHost::CreateQuicTransportConnector(
@@ -354,15 +351,15 @@ void DedicatedWorkerHost::CreateQuicTransportConnector(
    return;
  }
  mojo::MakeSelfOwnedReceiver(
-      std::make_unique<QuicTransportConnectorImpl>(worker_process_id_, origin_,
-                                                   network_isolation_key_),
+      std::make_unique<QuicTransportConnectorImpl>(
+          worker_process_host_->GetID(), origin_, network_isolation_key_),
      std::move(receiver));
 }

 void DedicatedWorkerHost::CreateNestedDedicatedWorker(
    mojo::PendingReceiver<blink::mojom::DedicatedWorkerHostFactory> receiver) {
  DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  CreateDedicatedWorkerHostFactory(worker_process_id_,
+  CreateDedicatedWorkerHostFactory(worker_process_host_->GetID(),
                                   ancestor_render_frame_id_,
                                   /*creator_render_frame_id=*/MSG_ROUTING_NONE,
                                   origin_, std::move(receiver));
@@ -421,7 +418,7 @@ void DedicatedWorkerHost::BindSerialService(
 void DedicatedWorkerHost::ObserveNetworkServiceCrash(
    StoragePartitionImpl* storage_partition_impl) {
  auto params = network::mojom::URLLoaderFactoryParams::New();
-  params->process_id = worker_process_id_;
+  params->process_id = worker_process_host_->GetID();
  network_service_connection_error_handler_holder_.reset();
  storage_partition_impl->GetNetworkContext()->CreateURLLoaderFactory(
      network_service_connection_error_handler_holder_
@@ -438,12 +435,8 @@ void DedicatedWorkerHost::UpdateSubresourceLoaderFactories() {
  DCHECK(network_service_connection_error_handler_holder_);
  DCHECK(!network_service_connection_error_handler_holder_.is_connected());

-  // Get a storage partition.
-  auto* worker_process_host = RenderProcessHost::FromID(worker_process_id_);
-  if (!worker_process_host)
-    return;
  auto* storage_partition_impl = static_cast<StoragePartitionImpl*>(
-      worker_process_host->GetStoragePartition());
+      worker_process_host_->GetStoragePartition());

  // Get a storage domain.
  if (!GetAncestorRenderFrameHost() ||
@@ -466,13 +459,13 @@ void DedicatedWorkerHost::UpdateSubresourceLoaderFactories() {
      subresource_loader_factories =
          WorkerScriptFetchInitiator::CreateFactoryBundle(
              WorkerScriptFetchInitiator::LoaderType::kSubResource,
-              worker_process_id_, storage_partition_impl, storage_domain,
-              file_url_support_, /*filesystem_url_support=*/true);
+              worker_process_host_->GetID(), storage_partition_impl,
+              storage_domain, file_url_support_,
+              /*filesystem_url_support=*/true);

  bool bypass_redirect_checks = false;
  subresource_loader_factories->pending_default_factory() =
-      CreateNetworkFactoryForSubresources(worker_process_host,
-                                          GetAncestorRenderFrameHost(),
+      CreateNetworkFactoryForSubresources(GetAncestorRenderFrameHost(),
                                          &bypass_redirect_checks);
  subresource_loader_factories->set_bypass_redirect_checks(
      bypass_redirect_checks);
@@ -483,9 +476,9 @@ void DedicatedWorkerHost::UpdateSubresourceLoaderFactories() {

 // May return a nullptr.
 RenderFrameHostImpl* DedicatedWorkerHost::GetAncestorRenderFrameHost() {
-  // Use |worker_process_id_| as the ancestor render frame's process ID as the
-  // frame surely lives in the same process for dedicated workers.
-  const int ancestor_render_frame_process_id = worker_process_id_;
+  // Use |worker_process_host_->GetID()| as the ancestor render frame's process
+  // ID as the frame surely lives in the same process for dedicated workers.
+  const int ancestor_render_frame_process_id = worker_process_host_->GetID();
  return RenderFrameHostImpl::FromID(ancestor_render_frame_process_id,
                                     ancestor_render_frame_id_);
 }
@@ -520,13 +513,22 @@ class DedicatedWorkerHostFactoryImpl final
      return;
    }

+    // Allocate the worker in the same process as the creator.
+    auto* worker_process_host = RenderProcessHost::FromID(creator_process_id_);
+    if (!worker_process_host) {
+      // Abort if the worker's process host is gone. This means that the calling
+      // frame or worker is also either destroyed or in the process of being
+      // destroyed.
+      return;
+    }
+
    // TODO(crbug.com/729021): Once |parent_context_origin_| no longer races
    // with the request for |DedicatedWorkerHostFactory|, enforce that
    // the worker's origin either matches the origin of the creating context
    // (Document or DedicatedWorkerGlobalScope), or is unique.
    // Deletes itself on Mojo disconnection.
    auto* host = new DedicatedWorkerHost(
-        creator_process_id_, ancestor_render_frame_id_,
+        worker_process_host, ancestor_render_frame_id_,
        creator_render_frame_id_, origin, std::move(host_receiver));
    host->BindBrowserInterfaceBrokerReceiver(std::move(broker_receiver));
  }
@@ -549,16 +551,22 @@ class DedicatedWorkerHostFactoryImpl final
      return;
    }

-    // Create a worker host that will start a new dedicated worker in the
-    // renderer process whose ID is |creator_process_id_|.
-    //
+    // Allocate the worker in the same process as the creator.
+    auto* worker_process_host = RenderProcessHost::FromID(creator_process_id_);
+    if (!worker_process_host) {
+      // Abort if the worker's process host is gone. This means that the calling
+      // frame or worker is also either destroyed or in the process of being
+      // destroyed.
+      return;
+    }
+
    // TODO(crbug.com/729021): Once |parent_context_origin_| no longer races
    // with the request for |DedicatedWorkerHostFactory|, enforce that
    // the worker's origin either matches the origin of the creating context
    // (Document or DedicatedWorkerGlobalScope), or is unique.
    // Deletes itself on Mojo disconnection.
    auto* host = new DedicatedWorkerHost(
-        creator_process_id_, ancestor_render_frame_id_,
+        worker_process_host, ancestor_render_frame_id_,
        creator_render_frame_id_, request_initiator_origin,
        std::move(host_receiver));
    mojo::PendingRemote<blink::mojom::BrowserInterfaceBroker> broker;

--- a/content/browser/worker_host/dedicated_worker_host.h
+++ b/content/browser/worker_host/dedicated_worker_host.h
@@ -5,9 +5,11 @@
 #ifndef CONTENT_BROWSER_WORKER_HOST_DEDICATED_WORKER_HOST_H_
 #define CONTENT_BROWSER_WORKER_HOST_DEDICATED_WORKER_HOST_H_

+#include "base/scoped_observer.h"
 #include "build/build_config.h"
 #include "content/browser/browser_interface_broker_impl.h"
 #include "content/public/browser/render_process_host.h"
+#include "content/public/browser/render_process_host_observer.h"
 #include "media/mojo/mojom/video_decode_perf_history.mojom.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "mojo/public/cpp/bindings/pending_remote.h"
@@ -48,11 +50,13 @@ void CreateDedicatedWorkerHostFactory(
    mojo::PendingReceiver<blink::mojom::DedicatedWorkerHostFactory> receiver);

 // A host for a single dedicated worker. It deletes itself upon Mojo
-// disconnection from the worker in the renderer. This lives on the UI thread.
-class DedicatedWorkerHost final : public blink::mojom::DedicatedWorkerHost {
+// disconnection from the worker in the renderer or when the RenderProcessHost
+// of the worker is destroyed. This lives on the UI thread.
+class DedicatedWorkerHost final : public blink::mojom::DedicatedWorkerHost,
+                                  public RenderProcessHostObserver {
 public:
  DedicatedWorkerHost(
-      int worker_process_id,
+      RenderProcessHost* worker_process_host,
      int ancestor_render_frame_id,
      int creator_render_frame_id,
      const url::Origin& origin,
@@ -62,10 +66,7 @@ class DedicatedWorkerHost final : public blink::mojom::DedicatedWorkerHost {
  void BindBrowserInterfaceBrokerReceiver(
      mojo::PendingReceiver<blink::mojom::BrowserInterfaceBroker> receiver);

-  // May return nullptr.
-  RenderProcessHost* GetProcessHost() {
-    return RenderProcessHost::FromID(worker_process_id_);
-  }
+  RenderProcessHost* GetProcessHost() { return worker_process_host_; }
  const url::Origin& GetOrigin() { return origin_; }

  void CreateIdleManager(
@@ -105,6 +106,10 @@ class DedicatedWorkerHost final : public blink::mojom::DedicatedWorkerHost {
      mojo::Remote<blink::mojom::DedicatedWorkerHostFactoryClient> client);

 private:
+  // RenderProcessHostObserver:
+  void RenderProcessHostDestroyed(
+      RenderProcessHost* render_process_host) override;
+
  // Called from WorkerScriptFetchInitiator. Continues starting the dedicated
  // worker in the renderer process.
  //
@@ -134,8 +139,7 @@ class DedicatedWorkerHost final : public blink::mojom::DedicatedWorkerHost {
  // Creates a network factory for subresource requests from this worker. The
  // network factory is meant to be passed to the renderer.
  mojo::PendingRemote<network::mojom::URLLoaderFactory>
-  CreateNetworkFactoryForSubresources(RenderProcessHost* worker_process_host,
-                                      RenderFrameHostImpl* render_frame_host,
+  CreateNetworkFactoryForSubresources(RenderFrameHostImpl* render_frame_host,
                                      bool* bypass_redirect_checks);

  // Updates subresource loader factories. This is supposed to be called when
@@ -147,8 +151,11 @@ class DedicatedWorkerHost final : public blink::mojom::DedicatedWorkerHost {

  void OnMojoDisconnect();

-  // The ID of the render process host that hosts this worker.
-  const int worker_process_id_;
+  // The RenderProcessHost that hosts this worker.
+  RenderProcessHost* const worker_process_host_;
+
+  ScopedObserver<RenderProcessHost, RenderProcessHostObserver>
+      scoped_process_host_observer_;

  // The ID of the frame that owns this worker, either directly, or (in the case
  // of nested workers) indirectly via a tree of dedicated workers.