This is a reland of
https://chromium-review.googlesource.com/c/chromium/src/+/1109964
Tbr'ing previous reviewers from that CL as the exact change has been
previously reviewed there.
The revert was done manually in response to flakiness of viz_browser
tests in MSAN. See issue https://crbug.com/860349 - my analysis is in
issue https://crbug.com/860445 where I disable this test. In short, I
believe my CL exposed a previously existing race condition in that test.
Instead of Chromium IPC macro-defined messages or Mojo, Chrome on Linux
uses hand-pickled IPC messages through a special purpose file descriptor
to send messages from the renderer to the browser host in order to
access FontConfig for font matching and font fallback. This system is
described in docs/linux_sandbox_ipc.md.
For the "Font Matching by Full Font Name / PS Name" effort, see issue
828317, additional out of process font methods are needed. Instead of
adding them to this legacy hand-written IPC, we modernize the Linux
Sandbox IPC mechanism and upgrade it to using Mojo interface definitions
and a service architecture, in which a font service running in an
unsandboxed utility process answers FontConfig requests from the
renderer.
Previous CLs [1], [2] prepared the Font Service to have testing and
additional font fallback and render-style-for-strike methods. Now we can
move Blink over to using this Mojo interface and remove the traditional
sandbox IPC handlers since we do not use the file descriptor based IPC
anymore for FontConfig acces.
For more details, please refer to the design doc in issue 839344.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1091754
[2] https://chromium-review.googlesource.com/c/chromium/src/+/1087951
Bug: 855021
Change-Id: I74663c5685a7797089e4d69354453146c245e20a
Tbr: skyostil@chromium.org, michaelpg@chromium.org, rsesek@chromium.org, halliwell@chromium.org, thestig@chromium.org, piman@chromium.org, eae@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/1127028
Commit-Queue: Dominik Röttsches <drott@chromium.org>
Reviewed-by: Dominik Röttsches <drott@chromium.org>
Cr-Commit-Position: refs/heads/master@{#572930}
This reverts commit b993e42cac.
Reason for revert: MSan bot failure and find-it suggested this might be the culprit. Please see crbug.com/860349 for detail.
Failing test: MaybeSetMetadata/SafeBrowsingServiceMetadataTest.MalwareImg/0
Original change's description:
> Move Blink Sandbox IPC to Mojo Calls
>
> Instead of Chromium IPC macro-defined messages or Mojo, Chrome on Linux
> uses hand-pickled IPC messages through a special purpose file descriptor
> to send messages from the renderer to the browser host in order to
> access FontConfig for font matching and font fallback. This system is
> described in docs/linux_sandbox_ipc.md.
>
> For the "Font Matching by Full Font Name / PS Name" effort, see issue
> 828317, additional out of process font methods are needed. Instead of
> adding them to this legacy hand-written IPC, we modernize the Linux
> Sandbox IPC mechanism and upgrade it to using Mojo interface definitions
> and a service architecture, in which a font service running in an
> unsandboxed utility process answers FontConfig requests from the
> renderer.
>
> Previous CLs [1], [2] prepared the Font Service to have testing and
> additional font fallback and render-style-for-strike methods. Now we can
> move Blink over to using this Mojo interface and remove the traditional
> sandbox IPC handlers since we do not use the file descriptor based IPC
> anymore for FontConfig acces.
>
> For more details, please refer to the design doc in issue 839344.
>
> [1] https://chromium-review.googlesource.com/c/chromium/src/+/1091754
> [2] https://chromium-review.googlesource.com/c/chromium/src/+/1087951
>
> Bug: 855021
> Change-Id: I0f30a726621026566f50402afed00c92940b702c
> Reviewed-on: https://chromium-review.googlesource.com/1109964
> Commit-Queue: Dominik Röttsches <drott@chromium.org>
> Reviewed-by: Sami Kyöstilä <skyostil@chromium.org>
> Reviewed-by: Michael Giuffrida <michaelpg@chromium.org>
> Reviewed-by: Robert Sesek <rsesek@chromium.org>
> Reviewed-by: Luke Halliwell <halliwell@chromium.org>
> Reviewed-by: Lei Zhang <thestig@chromium.org>
> Reviewed-by: Antoine Labour <piman@chromium.org>
> Reviewed-by: Emil A Eklund <eae@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#572540}
TBR=rkc@chromium.org,thestig@chromium.org,michaelpg@chromium.org,eae@chromium.org,skyostil@chromium.org,servolk@chromium.org,slan@chromium.org,drott@chromium.org,halliwell@chromium.org,rsesek@chromium.org,piman@chromium.org
Change-Id: I290a80ed3f36443d91ec7e082d42f01871ffdba9
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: 855021, 860349
Reviewed-on: https://chromium-review.googlesource.com/1126719
Reviewed-by: Makoto Shimazu <shimazu@chromium.org>
Commit-Queue: Makoto Shimazu <shimazu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#572709}
Instead of Chromium IPC macro-defined messages or Mojo, Chrome on Linux
uses hand-pickled IPC messages through a special purpose file descriptor
to send messages from the renderer to the browser host in order to
access FontConfig for font matching and font fallback. This system is
described in docs/linux_sandbox_ipc.md.
For the "Font Matching by Full Font Name / PS Name" effort, see issue
828317, additional out of process font methods are needed. Instead of
adding them to this legacy hand-written IPC, we modernize the Linux
Sandbox IPC mechanism and upgrade it to using Mojo interface definitions
and a service architecture, in which a font service running in an
unsandboxed utility process answers FontConfig requests from the
renderer.
Previous CLs [1], [2] prepared the Font Service to have testing and
additional font fallback and render-style-for-strike methods. Now we can
move Blink over to using this Mojo interface and remove the traditional
sandbox IPC handlers since we do not use the file descriptor based IPC
anymore for FontConfig acces.
For more details, please refer to the design doc in issue 839344.
[1] https://chromium-review.googlesource.com/c/chromium/src/+/1091754
[2] https://chromium-review.googlesource.com/c/chromium/src/+/1087951
Bug: 855021
Change-Id: I0f30a726621026566f50402afed00c92940b702c
Reviewed-on: https://chromium-review.googlesource.com/1109964
Commit-Queue: Dominik Röttsches <drott@chromium.org>
Reviewed-by: Sami Kyöstilä <skyostil@chromium.org>
Reviewed-by: Michael Giuffrida <michaelpg@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Luke Halliwell <halliwell@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Emil A Eklund <eae@chromium.org>
Cr-Commit-Position: refs/heads/master@{#572540}
This patch does the following:
- Renames render_sandbox_host_linux to sandbox_host_linux
- Moves it from content/browser/renderer_host/ to content/browser/
- Moves sandbox_ipc_linux from content/browser/renderer_host/ to content/browser/
- Updates names in those classes to refer to "sandboxed process" instead of "renderer"
This patch does not affect any behavior.
The motivation for this is the development of out of process rasterization, which
will start rasterizing content on the gpu process. This means that similar access
will be needed from the gpu process as is now required from the renderer process
(specifically font access via FontConfigIPC). Renaming these classes makes it
more clear that there are other processes other than the renderer that use it.
Change-Id: I4d78f3f186f03cc7ad72dab41a7065cc97827180
Reviewed-on: https://chromium-review.googlesource.com/656063
Commit-Queue: Vladimir Levin <vmpstr@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#501084}
