Site Isolation: multi-process BFCache restoration
fceeb85
Source/WebKit/UIProcess/SuspendedPageProxy.cpp
-void SuspendedPageProxy::unsuspend()
+void SuspendedPageProxy::unsuspend(WebCore::BackForwardFrameItemIdentifier mainFrameItemID)
{
sendWithAsyncReply(Messages::WebPage::SetIsSuspended(false), [](std::optional<bool> didSuspend) {
ASSERT(!didSuspend.has_value());
});
+ auto aggregator = MainRunLoopSuccessCallbackAggregator::create([weakPage = m_page](bool success) {
+ if (success) return;
+ RefPtr page = weakPage.get();
+ if (!page) return;
+ page->reload(WebCore::ReloadOption::ExpiredOnly);
+ });
+ m_browsingContextGroup->forEachRemotePage(*page, [...](auto& remotePage) {
// sends RestoreWithFrameItem to each subframe process
});
Source/WebKit/UIProcess/BrowsingContextGroup.cpp
void BrowsingContextGroup::addPage(WebPageProxy& page)
{
- ASSERT(!m_pages.contains(page));
+ if (m_pages.contains(page)) {
+ ASSERT(!hasMultiplePages());
+ return;
+ }
m_pages.add(page);
BFCache (Back-Forward Cache) preserves a full page snapshot in memory so back/forward navigation is instant. Under Site Isolation, cross-origin iframes run in separate WebContent processes, so a cached page can span N processes. SuspendedPageProxy is the UIProcess object that holds the suspended state; BrowsingContextGroup (BCG) tracks process-group membership and routes RemotePageProxy references. Previously restoration only handled the main-frame process. This commit splits the single SetIsSuspended IPC into separate SuspendWithFrameItem and RestoreWithFrameItem messages, fans RestoreWithFrameItem out to every subframe process via forEachRemotePage, and uses a MainRunLoopSuccessCallbackAggregator to trigger a full reload if any process fails to restore. The suspended page's BCG is reused for the new navigation so existing RemotePageProxy handles remain valid.
Significance
Restoration now coordinates suspend/resume across N WebContent processes simultaneously, expanding the multi-process boundary surface that has to remain consistent for cross-origin isolation to hold.
Audit directions
a Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aa Aaaaaaaaaaaaa Aa Aaaaaaa Aaaaaaa Aa Aaa Aaaaaaaaaa Aaa Aaaaa Aaaaaaa Aaa Aaaaa Aaaaaaaaa Aa Aaaaaaaa a Aaa a Aaaaaaaaaa Aaaaaaaaaa Aa a Aaaa Aaaaaaa Aaaaaaaaaa Aaa a Aaa Aaaa Aaaaaa a Aaa Aaaa Aaaaaaaa Aaaaaaa Aaa a Aaaa Aa Aaaaaaa Aa Aaa Aaa Aaaaa Aa Aaaaaaaaaa Aaaaaaaaaa Aaaaaaa Aaaaaaa Aaa Aa Aaaaaaaaa Aaaaaaa Aaa Aaaaaaaaaa Aaaaaa Aaaaa Aaaaa Aaaaaa Aa Aaaaaaaaa Aaa Aaaa Aaa Aaaaaaaaa Aaa Aa Aaaaaaaa
a Aaaaaaaaa Aaaaaaaaaaa Aaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaaaa Aa Aaa Aaaa Aaaaa Aaaaaaa Aaaaaa Aaa Aaaaaaaaaa Aa Aaaaaaa Aaa Aaaaaa Aaaaaaaa Aaaaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aaa Aaaaa Aa a Aaaaaaaa Aaaa Aaaaaa Aaa Aaaaaaaaaa Aaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaa Aa Aa Aaaaaaaaaaaa Aaaa Aaaaaa Aaa Aaaaaaaaaaa Aaaaaa Aaaaa Aaaa Aaaaa Aa Aaaaaaaa Aaa Aaaaaaaaa Aaa Aa Aa Aaaaaaa Aaaaa Aa Aaaaa Aaaaaaaaa Aaa Aaaaaaaaaa Aa Aaaaaa Aaaaaaaaa Aaaa Aaaaa Aa Aaa Aaaa
a Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aa Aaaa Aaaaa Aaaaaaa Aaa Aaaaa Aaaaaa Aaaaa Aaaaaaaaaa Aaaaaa Aaaaaaa Aaaaa Aa Aaaaaa Aaaaa Aaaaaaaaaa Aaaaaaa Aaaaaaa Aaaa Aaa Aaaaaaaaaaa Aaaaaaaa Aaaaa Aaaaaaa Aaaaaaa Aaaaa Aaaaaaaaaa Aa a Aaaaaaa Aa Aaaaaaaa Aaa Aaaaaa Aaa a Aaaaaaaaa Aaaaaaa Aaaaaaaaaaa Aaaaaaaaa Aaaaaa Aaaaa Aa Aaa Aaaaa Aaaaaaa
a Aaaaa Aaaaa Aaaaaa Aaaaaaaaaaaaaa Aaaaa Aaa Aaaaaaaaa Aaaaaa Aaa Aaa Aaa Aaa Aaaaaaaaaa Aaaaa Aaaaaaaaaaaaaaaaa Aaaaaaaaaa Aaaaaaaaaaa Aaaaaa Aaaaaaaaaa Aaaaaa Aaaaa Aaaaaa Aaaaaaaa a Aaaaaaaaaa Aaaa Aaaaaa Aa a Aaaaaaa Aaa Aaa Aaaaaaaaaaa Aa a Aaaaaaa Aaaa Aaaaaaaaaa Aaaaa Aaaaa Aaaaaaaa Aaaaaaaaa Aaaa Aaa Aaaaa Aaaaaaa Aaaaaa Aaaaaaaaa Aaaaaaaaaaaa Aaaaaaaaaa
🔒New multi-process coordination paths and routing changes — several edge cases in the restoration lifecycle are worth security investigation.
Subscribe to read more