New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 823897 link

Starred by 3 users
Status: Untriaged
Owner: ----
Cc:
rsesek@chromium.org
dcheng@chromium.org
jcivelli@chromium.org
palmer@chromium.org
dcreager@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Feature

Blocking:
issue 809249
issue 808720



Sign in to add a comment

data_decoder service needs a batch mode or way to manage binding manually

Project Member Reported by rsesek@chromium.org, Mar 20 2018 
The data_decoder service (e.g. SafeJsonParser) by default spins up and shuts down a new utility process for every JSON parse request, which is the safe default. We're now seeing more requests from teams that need to parse data in response to network requests. With the current architecture, this means that a remote host could cause repeated utility process spawns by sending specifically crafted network packets (i.e., a remote fork bomb), which we suppose could happen organically for a popular feature or maliciously.

We should consider adding entrypoint variants for the data_decoder service where the caller can manage the lifetime of the Mojo binding themselves. This would allow the client to send all decoder requests for a specific type of data decoder request to the same process (e.g. batch all JSON decoding for parsing a specific HTTP header into one process). This differs from the "ParseShared" mode that was initially discussed where all kinds of data decoder requests would be lumped into the same process. This would allow us to partition the requests by data decoder type and purpose.

For historical discussion  issue 774719  and my CL comment here https://chromium-review.googlesource.com/c/chromium/src/+/729213#message-eab62a551f72255cc674adf01d891b966b909887.

Comment 1 by imch...@chromium.org, Apr 12 2018

Blocking: 809249

Comment 2 by imch...@chromium.org, Apr 12 2018

Blocking: 808720

Comment 3 by jcivelli@chromium.org, Apr 12 2018 

Does the batching mode added in https://chromium-review.googlesource.com/c/chromium/src/+/777889 help?
It doesn't quite let the caller manage the lifetime of the process (it won't prevent the process from going away after a few seconds if there are no more clients bound to it), but at least the process will be shared by callers that use the same batch_id. (so should prevent the number of processes from increasing).

Comment 4 by imch...@chromium.org, Jun 11 2018 

jcivelli@: From our team's perspective, being able to manage the lifetime of the process isn't a requirement. We are interested in using the batch mode to keep the number of processes spawned to a minimum (ideally this number would be 1, if we make the MRPs that require JSON parsing to share the same batch_id).

Comment 5 by imch...@chromium.org, Jun 20 2018 

https://chromium-review.googlesource.com/c/chromium/src/+/1105565 adds batching support to SafeJsonParser.

Comment 6 by dcreager@chromium.org, Aug 22

Cc: dcreager@chromium.org

Sign in to add a comment