Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0b8a496385d09c0c64b41bbf04b311eaf7a43bb0
https://github.com/WebKit/WebKit/commit/0b8a496385d09c0c64b41bbf04b311eaf7a43bb0
Author: Anne van Kesteren <[email protected]>
Date: 2026-05-13 (Wed, 13 May 2026)
Changed paths:
M Source/WTF/wtf/Forward.h
M Source/WTF/wtf/ObjectIdentifier.h
M Source/WebCore/Headers.cmake
M Source/WebCore/Modules/filesystem/FileSystemDirectoryHandle.cpp
M Source/WebCore/Modules/filesystem/FileSystemDirectoryHandle.h
M Source/WebCore/Modules/filesystem/FileSystemFileHandle.cpp
M Source/WebCore/Modules/filesystem/FileSystemFileHandle.h
M Source/WebCore/Modules/filesystem/FileSystemHandle.cpp
M Source/WebCore/Modules/filesystem/FileSystemHandle.h
M Source/WebCore/Modules/filesystem/FileSystemHandleCloseScope.h
A Source/WebCore/Modules/filesystem/FileSystemHandleGlobalIdentifier.h
A Source/WebCore/Modules/filesystem/FileSystemHandleInfo.h
M Source/WebCore/Modules/filesystem/FileSystemStorageConnection.cpp
M Source/WebCore/Modules/filesystem/FileSystemStorageConnection.h
M Source/WebCore/Modules/filesystem/WorkerFileSystemStorageConnection.cpp
M Source/WebCore/Modules/filesystem/WorkerFileSystemStorageConnection.h
M Source/WebCore/Modules/storage/StorageConnection.h
M Source/WebCore/Modules/storage/StorageManager.cpp
M Source/WebCore/Modules/storage/WorkerStorageConnection.cpp
M Source/WebCore/WebCore.xcodeproj/project.pbxproj
M Source/WebCore/bindings/js/SerializedScriptValue.cpp
M Source/WebCore/bindings/js/SerializedScriptValueInternals.h
M Source/WebKit/CMakeLists.txt
M Source/WebKit/DerivedSources-input.xcfilelist
M Source/WebKit/DerivedSources.make
M Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.cpp
M Source/WebKit/NetworkProcess/storage/FileSystemStorageHandle.h
M Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/FileSystemStorageManager.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.messages.in
M Source/WebKit/Scripts/webkit/messages.py
M Source/WebKit/Scripts/webkit/tests/MessageArgumentDescriptions.cpp
A Source/WebKit/Shared/FileSystemHandleInfo.serialization.in
M Source/WebKit/Shared/WTFArgumentCoders.serialization.in
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/WebKit.xcodeproj/project.pbxproj
M Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.cpp
M Source/WebKit/WebProcess/WebCoreSupport/WebFileSystemStorageConnection.h
M Source/WebKit/WebProcess/WebCoreSupport/WebStorageConnection.cpp
Log Message:
-----------
FileSystemHandle: add global identifiers for cross-process serialization
https://bugs.webkit.org/show_bug.cgi?id=314202
Reviewed by Sihui Liu.
The previous serialization design used process-bound identifiers
with fire-and-forget reference counting. This caused a race when
transferring handles to service workers or shared workers: the
receiver could attempt to resolve the identifier before the
sender's registration arrived at the network process, since
messages from different connections have no ordering guarantee.
Replace this with a global identifier (a random UUID) that the
network process generates and registers at handle creation time as
part of the existing createHandle roundtrip. Since it is registered
before the handle exists in the web process, serialization cannot
race with resolution. The global identifier is also not guessable
by other web processes, preventing handle reference forgery.
Serialization writes the global identifier (16 bytes) into the byte
stream. A FileSystemHandleKeepAlive RAII token on the
SerializedScriptValue increments the refcount; its destructor
decrements it. Deserialization creates a handle with just the
global identifier and resolves it lazily on first use via
resolveGlobalIdentifier.
The global identifier registry lives on FileSystemStorageManager
(per-origin), keeping filesystem-specific state out of the
NetworkStorageManager routing layer. createHandle generates the
identifier and registers it with refcount 1. closeHandle decrements
the refcount. connectionClosed cleans up all handles (and their
registry entries) for the disconnecting process.
addGlobalIdentifierReference and removeGlobalIdentifierReference
take a ClientOrigin so NetworkStorageManager can route them to the
correct per-origin manager, matching the pattern used by Blob URLs
with URLKeepingBlobAlive.
Canonical link: https://commits.webkit.org/313154@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
