mojo/ipc: Drop messages targeting invalid task runner

If the endpoint's task runner does not match the current task runner (or an equivalent main-thread task runner for the ChannelProxy) when a executing a message dispatch task for that endpoint, this ignores the message instead of dispatching it on the wrong sequence. Fixed: 1263457 Change-Id: I4f6ba22de3ff8cf3994b748e1ffd0f0aabb17b70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3318601 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Ken Rockot <rockot@google.com> Cr-Commit-Position: refs/heads/main@{#949140}
FairyWorld · Dec 7, 2021 · 0747c94 · 0747c94
1 parent d71cc03
commit 0747c94
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/ipc/ipc_mojo_bootstrap.cc b/ipc/ipc_mojo_bootstrap.cc
@@ -980,6 +980,11 @@ class ChannelAssociatedGroupController
     if (!client)
       return;
 
+    if (!endpoint->task_runner()->RunsTasksInCurrentSequence() &&
+        !proxy_task_runner_->RunsTasksInCurrentSequence()) {
+      return;
+    }
+
     TRACE_EVENT(
         TRACE_CATEGORY_OR_DISABLED_BY_DEFAULT_MOJOM("mojom"),
         // Using client->interface_name() is safe here because this is a static
@@ -993,8 +998,6 @@ class ChannelAssociatedGroupController
 
           perfetto::Flow::Global(message.GetTraceId())(ctx);
         });
-    DCHECK(endpoint->task_runner()->RunsTasksInCurrentSequence() ||
-           proxy_task_runner_->RunsTasksInCurrentSequence());
 
     // Sync messages should never make their way to this method.
     DCHECK(!message.has_flag(mojo::Message::kFlagIsSync));
@@ -1024,11 +1027,14 @@ class ChannelAssociatedGroupController
     if (!client)
       return;
 
+    if (!endpoint->task_runner()->RunsTasksInCurrentSequence() &&
+        !proxy_task_runner_->RunsTasksInCurrentSequence()) {
+      return;
+    }
+
     // Using client->interface_name() is safe here because this is a static
     // string defined for each mojo interface.
     TRACE_EVENT0("mojom", client->interface_name());
-    DCHECK(endpoint->task_runner()->RunsTasksInCurrentSequence() ||
-           proxy_task_runner_->RunsTasksInCurrentSequence());
     MessageWrapper message_wrapper = endpoint->PopSyncMessage(message_id);
 
     // The message must have already been dequeued by the endpoint waking up