chore: follow-up to roll 95.0.4612.5 (#30835)

* chore: enable v8 oilpan

* chore: update patches

* fix: network isolation key for preconnect requests

* chore: update feat_expose_raw_response_headers_from_urlloader.patch

build/args/all.gn

@@ -33,7 +33,3 @@ is_cfi = false
 allow_runtime_configurable_key_storage = true
 
 enable_cet_shadow_stack = false
-
-# TODO(deepak1556): remove once https://bugs.chromium.org/p/chromium/issues/detail?id=1241610
-# is fixed.
-enable_blink_heap_use_v8_oilpan = false

patches/chromium/.patches

@@ -93,7 +93,6 @@ webview_fullscreen.patch
 disable_unload_metrics.patch
 fix_add_check_for_sandbox_then_result.patch
 extend_apply_webpreferences.patch
-fix_expose_decrementcapturercount_in_web_contents_impl.patch
 add_setter_for_browsermainloop_result_code.patch
 make_include_of_stack_trace_h_unconditional.patch
 build_libc_as_static_library.patch
@@ -108,3 +107,4 @@ feat_expose_raw_response_headers_from_urlloader.patch
 chore_do_not_use_chrome_windows_in_cryptotoken_webrequestsender.patch
 fix_chrome_root_store_codegen_for_cross-compile_builds.patch
 process_singleton.patch
+fix_expose_decrementcapturercount_in_web_contents_impl.patch

patches/chromium/feat_expose_raw_response_headers_from_urlloader.patch

@@ -16,6 +16,70 @@ This patch does the minimal approach to add back the raw response
 headers, moving forward we should find a way in upstream to provide
 access to these headers for loader clients created on the browser process.
 
+diff --git a/services/network/public/cpp/resource_request.cc b/services/network/public/cpp/resource_request.cc
+index 5fc02ead27db692a54a5b7efd7dd9cde3c8ee20a..0e42c2c51d6c599ccac560890c4499ba70216ffc 100644
+--- a/services/network/public/cpp/resource_request.cc
++++ b/services/network/public/cpp/resource_request.cc
+@@ -227,6 +227,7 @@ bool ResourceRequest::EqualsForTesting(const ResourceRequest& request) const {
+          do_not_prompt_for_login == request.do_not_prompt_for_login &&
+          is_main_frame == request.is_main_frame &&
+          transition_type == request.transition_type &&
++         report_raw_headers == request.report_raw_headers &&
+          previews_state == request.previews_state &&
+          upgrade_if_insecure == request.upgrade_if_insecure &&
+          is_revalidating == request.is_revalidating &&
+diff --git a/services/network/public/cpp/resource_request.h b/services/network/public/cpp/resource_request.h
+index 72bc778a6320dba7e453848ab95ddc6bf43181ba..3de6baf98396a2623ca8d5b74840c913d6f5c4b8 100644
+--- a/services/network/public/cpp/resource_request.h
++++ b/services/network/public/cpp/resource_request.h
+@@ -150,6 +150,7 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) ResourceRequest {
+   bool do_not_prompt_for_login = false;
+   bool is_main_frame = false;
+   int transition_type = 0;
++  bool report_raw_headers = false;
+   int previews_state = 0;
+   bool upgrade_if_insecure = false;
+   bool is_revalidating = false;
+diff --git a/services/network/public/cpp/url_request_mojom_traits.cc b/services/network/public/cpp/url_request_mojom_traits.cc
+index cc75591aa2955525e928f74941049cf6b0f47e17..4deae021c5f00ab018f440a1869db84f40b98579 100644
+--- a/services/network/public/cpp/url_request_mojom_traits.cc
++++ b/services/network/public/cpp/url_request_mojom_traits.cc
+@@ -188,6 +188,7 @@ bool StructTraits<
+   out->do_not_prompt_for_login = data.do_not_prompt_for_login();
+   out->is_main_frame = data.is_main_frame();
+   out->transition_type = data.transition_type();
++  out->report_raw_headers = data.report_raw_headers();
+   out->previews_state = data.previews_state();
+   out->upgrade_if_insecure = data.upgrade_if_insecure();
+   out->is_revalidating = data.is_revalidating();
+diff --git a/services/network/public/cpp/url_request_mojom_traits.h b/services/network/public/cpp/url_request_mojom_traits.h
+index 7390c691d2c7ffd8504aeb94ccb44a3c03c3c103..cda9b2f4ba3c7ed04ba23e46a2dfef8353dfb4a2 100644
+--- a/services/network/public/cpp/url_request_mojom_traits.h
++++ b/services/network/public/cpp/url_request_mojom_traits.h
+@@ -253,6 +253,9 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE)
+   static int32_t transition_type(const network::ResourceRequest& request) {
+     return request.transition_type;
+   }
++  static bool report_raw_headers(const network::ResourceRequest& request) {
++    return request.report_raw_headers;
++  }
+   static int32_t previews_state(const network::ResourceRequest& request) {
+     return request.previews_state;
+   }
+diff --git a/services/network/public/mojom/url_request.mojom b/services/network/public/mojom/url_request.mojom
+index 4b0ba93acfb6aa61138469801547edebb1c8d91b..8996a1eaf64c2a96181450e486d785bc6b7edf3c 100644
+--- a/services/network/public/mojom/url_request.mojom
++++ b/services/network/public/mojom/url_request.mojom
+@@ -303,6 +303,9 @@ struct URLRequest {
+   // about this.
+   int32 transition_type;
+ 
++  // Whether to provide unfiltered response headers.
++  bool report_raw_headers;
++
+   // Whether or not to request a Preview version of the resource or let the
+   // browser decide.
+   // Note: this is an enum of type PreviewsState.
 diff --git a/services/network/public/mojom/url_response_head.mojom b/services/network/public/mojom/url_response_head.mojom
 index cea1fb864ab46b4b0eabf1db11a0392d6cd575c1..df033f65d50b088778268827e506963afebe0a23 100644
 --- a/services/network/public/mojom/url_response_head.mojom
@@ -39,14 +103,31 @@ index cea1fb864ab46b4b0eabf1db11a0392d6cd575c1..df033f65d50b088778268827e506963a
    string mime_type;
  
 diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
-index c8e3249c79063c001028add6acd3a451074df214..5abf78a851c3a676315e683c7171badc4cb64505 100644
+index c8e3249c79063c001028add6acd3a451074df214..b6cb6ee4ae623e25abeec62b156002eb7b987028 100644
 --- a/services/network/url_loader.cc
 +++ b/services/network/url_loader.cc
-@@ -1259,6 +1259,19 @@ void URLLoader::OnResponseStarted(net::URLRequest* url_request, int net_error) {
+@@ -489,6 +489,7 @@ URLLoader::URLLoader(
+       peer_closed_handle_watcher_(FROM_HERE,
+                                   mojo::SimpleWatcher::ArmingPolicy::MANUAL,
+                                   base::SequencedTaskRunnerHandle::Get()),
++      report_raw_headers_(request.report_raw_headers),
+       devtools_request_id_(request.devtools_request_id),
+       request_mode_(request.mode),
+       request_credentials_mode_(request.credentials_mode),
+@@ -626,7 +627,7 @@ URLLoader::URLLoader(
+   url_request_->SetRequestHeadersCallback(base::BindRepeating(
+       &URLLoader::SetRawRequestHeadersAndNotify, base::Unretained(this)));
+ 
+-  if (devtools_request_id()) {
++  if (devtools_request_id() || report_raw_headers_) {
+     url_request_->SetResponseHeadersCallback(base::BindRepeating(
+         &URLLoader::SetRawResponseHeaders, base::Unretained(this)));
+   }
+@@ -1259,6 +1260,19 @@ void URLLoader::OnResponseStarted(net::URLRequest* url_request, int net_error) {
    response_ = network::mojom::URLResponseHead::New();
    PopulateResourceResponse(url_request_.get(), is_load_timing_enabled_,
                             options_, response_.get());
-+  if (raw_response_headers_ && devtools_request_id()) {
++  if (raw_response_headers_ && report_raw_headers_) {
 +    std::vector<network::mojom::HttpRawHeaderPairPtr> header_array;
 +    size_t iterator = 0;
 +    std::string name, value;
@@ -62,3 +143,16 @@ index c8e3249c79063c001028add6acd3a451074df214..5abf78a851c3a676315e683c7171badc
  
    // Parse and remove the Trust Tokens response headers, if any are expected,
    // potentially failing the request if an error occurs.
+diff --git a/services/network/url_loader.h b/services/network/url_loader.h
+index de2d9f23ad3907562445ba2d3c911f76f1376f5b..254e0ca7cca7332a15cedc324e41481e68831bbf 100644
+--- a/services/network/url_loader.h
++++ b/services/network/url_loader.h
+@@ -466,6 +466,8 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
+   std::unique_ptr<ResourceScheduler::ScheduledResourceRequest>
+       resource_scheduler_request_handle_;
+ 
++  // Whether client requested raw headers.
++  bool report_raw_headers_ = false;
+   bool enable_reporting_raw_headers_ = false;
+   net::HttpRawRequestHeaders raw_request_headers_;
+   scoped_refptr<const net::HttpResponseHeaders> raw_response_headers_;

patches/chromium/fix_expose_decrementcapturercount_in_web_contents_impl.patch

@@ -1,6 +1,6 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Shelley Vohr <shelley.vohr@gmail.com>
-Date: Fri, 9 Apr 2021 19:30:01 +0200
+From: deepak1556 <hop2deep@gmail.com>
+Date: Fri, 3 Sep 2021 18:28:51 -0700
 Subject: fix: expose DecrementCapturerCount in web_contents_impl
 
 This was made private in https://chromium-review.googlesource.com/c/chromium/src/+/2807829 but
@@ -8,23 +8,18 @@ we invoke it in order to expose contents.decrementCapturerCount([stayHidden, sta
 to users. We should try to upstream this.
 
 diff --git a/content/browser/web_contents/web_contents_impl.h b/content/browser/web_contents/web_contents_impl.h
-index 4fa272275ba3883d105ddfd8deeb4987071d1b06..937980bdc07b7dbe007f6be550bc5eaf62295526 100644
+index 4fa272275ba3883d105ddfd8deeb4987071d1b06..7e7fb60540a113b8213a5a1b266b57f18d67b4a4 100644
 --- a/content/browser/web_contents/web_contents_impl.h
 +++ b/content/browser/web_contents/web_contents_impl.h
-@@ -1771,10 +1771,12 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents,
-   // outermost frame trees in this WebContents.
-   std::vector<RenderFrameHostImpl*> GetOutermostMainFrames();
+@@ -1773,7 +1773,7 @@ class CONTENT_EXPORT WebContentsImpl : public WebContents,
  
-+ public:
    // Called when the base::ScopedClosureRunner returned by
    // IncrementCapturerCount() is destructed.
 -  void DecrementCapturerCount(bool stay_hidden, bool stay_awake);
 +  void DecrementCapturerCount(bool stay_hidden, bool stay_awake) override;
  
-+ private:
    // Calculates the PageVisibilityState for |visibility|, taking the capturing
    // state into account.
-   PageVisibilityState CalculatePageVisibilityState(Visibility visibility) const;
 diff --git a/content/public/browser/web_contents.h b/content/public/browser/web_contents.h
 index 383d0fd95d7e807b83f4cd972c107fa27fefaac6..ae7a7f187b24bb3ec97bea37881f85ede8689936 100644
 --- a/content/public/browser/web_contents.h

patches/v8/.patches

@@ -6,3 +6,4 @@ workaround_an_undefined_symbol_error.patch
 do_not_export_private_v8_symbols_on_windows.patch
 fix_build_deprecated_attirbute_for_older_msvc_versions.patch
 fix_disable_implies_dcheck_for_node_stream_array_buffers.patch
+cppgc-js_support_eager_traced_value_in_ephemeron_pairs.patch

patches/v8/cppgc-js_support_eager_traced_value_in_ephemeron_pairs.patch

@@ -0,0 +1,208 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Michael Lippautz <[email protected]>
+Date: Fri, 3 Sep 2021 14:17:59 +0200
+Subject: cppgc-js: Support eager traced value in ephemeron pairs
+
+Before this patch, both key and value of an ephemeron pair was always
+considered to be GarbageCollected objects.
+
+This patch adjusts the snapshotting mechanism to accomodate that
+values may not be GarbageCollected objects and must thus be eagerly
+traced for visibility and edge creation.
+
+In practice this only shows up in Blink when associating an existing
+wrappable with a wrapper in a non-main world, e.g., through an
+extension. In this case, DOMWrapperMap keeps the wrapper value through
+a TracedReference in the ephemeron map with the existing wrappable as
+key. The semantics are intended to be general ephemeron semantics,
+i.e., value needs to be kept alive when the key is alive.  This is
+visualized in DevTools as the main wrapper/wrappable pair (which is
+merged into a single node for the snapshot) retaining the non-main
+world wrapper.
+
+Bug: chromium:1245894
+Change-Id: Ibfa6722f20c76f94c310f9a040f0d3d4b9083bbb
+Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140601
+Reviewed-by: Omer Katz <[email protected]>
+Commit-Queue: Michael Lippautz <[email protected]>
+Cr-Commit-Position: refs/heads/main@{#76658}
+
+diff --git a/src/heap/cppgc-js/cpp-snapshot.cc b/src/heap/cppgc-js/cpp-snapshot.cc
+index dc55753ff625a135b6e494344ee49105eb59121e..9b20b5c0a7831ea026819f90ea80c10eb2324282 100644
+--- a/src/heap/cppgc-js/cpp-snapshot.cc
++++ b/src/heap/cppgc-js/cpp-snapshot.cc
+@@ -264,6 +264,10 @@ class State final : public StateBase {
+     ephemeron_edges_.insert(&value);
+   }
+ 
++  void AddEagerEphemeronEdge(const void* value, cppgc::TraceCallback callback) {
++    eager_ephemeron_edges_.insert({value, callback});
++  }
++
+   template <typename Callback>
+   void ForAllEphemeronEdges(Callback callback) {
+     for (const HeapObjectHeader* value : ephemeron_edges_) {
+@@ -271,10 +275,20 @@ class State final : public StateBase {
+     }
+   }
+ 
++  template <typename Callback>
++  void ForAllEagerEphemeronEdges(Callback callback) {
++    for (const auto& pair : eager_ephemeron_edges_) {
++      callback(pair.first, pair.second);
++    }
++  }
++
+  private:
+   bool is_weak_container_ = false;
+   // Values that are held alive through ephemerons by this particular key.
+   std::unordered_set<const HeapObjectHeader*> ephemeron_edges_;
++  // Values that are eagerly traced and held alive through ephemerons by this
++  // particular key.
++  std::unordered_map<const void*, cppgc::TraceCallback> eager_ephemeron_edges_;
+ };
+ 
+ // Root states are similar to regular states with the difference that they are
+@@ -404,6 +418,9 @@ class CppGraphBuilderImpl final {
+   void VisitForVisibility(State& parent, const TracedReferenceBase&);
+   void VisitEphemeronForVisibility(const HeapObjectHeader& key,
+                                    const HeapObjectHeader& value);
++  void VisitEphemeronWithNonGarbageCollectedValueForVisibility(
++      const HeapObjectHeader& key, const void* value,
++      cppgc::TraceDescriptor value_desc);
+   void VisitWeakContainerForVisibility(const HeapObjectHeader&);
+   void VisitRootForGraphBuilding(RootState&, const HeapObjectHeader&,
+                                  const cppgc::SourceLocation&);
+@@ -421,7 +438,7 @@ class CppGraphBuilderImpl final {
+   }
+ 
+   void AddEdge(State& parent, const HeapObjectHeader& header,
+-               const std::string& edge_name = {}) {
++               const std::string& edge_name) {
+     DCHECK(parent.IsVisibleNotDependent());
+     auto& current = states_.GetExistingState(header);
+     if (!current.IsVisibleNotDependent()) return;
+@@ -443,7 +460,8 @@ class CppGraphBuilderImpl final {
+     }
+   }
+ 
+-  void AddEdge(State& parent, const TracedReferenceBase& ref) {
++  void AddEdge(State& parent, const TracedReferenceBase& ref,
++               const std::string& edge_name) {
+     DCHECK(parent.IsVisibleNotDependent());
+     v8::Local<v8::Value> v8_value = ref.Get(cpp_heap_.isolate());
+     if (!v8_value.IsEmpty()) {
+@@ -451,12 +469,19 @@ class CppGraphBuilderImpl final {
+         parent.set_node(AddNode(*parent.header()));
+       }
+       auto* v8_node = graph_.V8Node(v8_value);
+-      graph_.AddEdge(parent.get_node(), v8_node);
++      if (!edge_name.empty()) {
++        graph_.AddEdge(parent.get_node(), v8_node,
++                       parent.get_node()->InternalizeEdgeName(edge_name));
++      } else {
++        graph_.AddEdge(parent.get_node(), v8_node);
++      }
+ 
+       // References that have a class id set may have their internal fields
+       // pointing back to the object. Set up a wrapper node for the graph so
+       // that the snapshot generator  can merge the nodes appropriately.
+-      if (!ref.WrapperClassId()) return;
++      // Even with a set class id, do not set up a wrapper node when the edge
++      // has a specific name.
++      if (!ref.WrapperClassId() || !edge_name.empty()) return;
+ 
+       void* back_reference_object = ExtractEmbedderDataBackref(
+           reinterpret_cast<v8::internal::Isolate*>(cpp_heap_.isolate()),
+@@ -598,8 +623,18 @@ class WeakVisitor : public JSVisitor {
+   void VisitEphemeron(const void* key, const void* value,
+                       cppgc::TraceDescriptor value_desc) final {
+     // For ephemerons, the key retains the value.
++    // Key always must be a GarbageCollected object.
++    auto& key_header = HeapObjectHeader::FromObject(key);
++    if (!value_desc.base_object_payload) {
++      // Value does not represent an actual GarbageCollected object but rather
++      // should be traced eagerly.
++      graph_builder_.VisitEphemeronWithNonGarbageCollectedValueForVisibility(
++          key_header, value, value_desc);
++      return;
++    }
++    // Regular path where both key and value are GarbageCollected objects.
+     graph_builder_.VisitEphemeronForVisibility(
+-        HeapObjectHeader::FromObject(key), HeapObjectHeader::FromObject(value));
++        key_header, HeapObjectHeader::FromObject(value));
+   }
+ 
+  protected:
+@@ -645,7 +680,7 @@ class GraphBuildingVisitor final : public JSVisitor {
+   void Visit(const void*, cppgc::TraceDescriptor desc) final {
+     graph_builder_.AddEdge(
+         parent_scope_.ParentAsRegularState(),
+-        HeapObjectHeader::FromObject(desc.base_object_payload));
++        HeapObjectHeader::FromObject(desc.base_object_payload), edge_name_);
+   }
+   void VisitWeakContainer(const void* object,
+                           cppgc::TraceDescriptor strong_desc,
+@@ -655,7 +690,8 @@ class GraphBuildingVisitor final : public JSVisitor {
+     // container itself.
+     graph_builder_.AddEdge(
+         parent_scope_.ParentAsRegularState(),
+-        HeapObjectHeader::FromObject(strong_desc.base_object_payload));
++        HeapObjectHeader::FromObject(strong_desc.base_object_payload),
++        edge_name_);
+   }
+   void VisitRoot(const void*, cppgc::TraceDescriptor desc,
+                  const cppgc::SourceLocation& loc) final {
+@@ -667,12 +703,18 @@ class GraphBuildingVisitor final : public JSVisitor {
+                      const void*, const cppgc::SourceLocation&) final {}
+   // JS handling.
+   void Visit(const TracedReferenceBase& ref) final {
+-    graph_builder_.AddEdge(parent_scope_.ParentAsRegularState(), ref);
++    graph_builder_.AddEdge(parent_scope_.ParentAsRegularState(), ref,
++                           edge_name_);
++  }
++
++  void set_edge_name(std::string edge_name) {
++    edge_name_ = std::move(edge_name);
+   }
+ 
+  private:
+   CppGraphBuilderImpl& graph_builder_;
+   const ParentScope& parent_scope_;
++  std::string edge_name_;
+ };
+ 
+ // Base class for transforming recursion into iteration. Items are processed
+@@ -765,6 +807,19 @@ void CppGraphBuilderImpl::VisitForVisibility(State* parent,
+   }
+ }
+ 
++void CppGraphBuilderImpl::
++    VisitEphemeronWithNonGarbageCollectedValueForVisibility(
++        const HeapObjectHeader& key, const void* value,
++        cppgc::TraceDescriptor value_desc) {
++  auto& key_state = states_.GetOrCreateState(key);
++  // Eagerly trace the value here, effectively marking key as visible and
++  // queuing processing for all reachable values.
++  ParentScope parent_scope(key_state);
++  VisiblityVisitor visitor(*this, parent_scope);
++  value_desc.callback(&visitor, value);
++  key_state.AddEagerEphemeronEdge(value, value_desc.callback);
++}
++
+ void CppGraphBuilderImpl::VisitEphemeronForVisibility(
+     const HeapObjectHeader& key, const HeapObjectHeader& value) {
+   auto& key_state = states_.GetOrCreateState(key);
+@@ -820,6 +875,12 @@ void CppGraphBuilderImpl::Run() {
+     state.ForAllEphemeronEdges([this, &state](const HeapObjectHeader& value) {
+       AddEdge(state, value, "part of key -> value pair in ephemeron table");
+     });
++    object_visitor.set_edge_name(
++        "part of key -> value pair in ephemeron table");
++    state.ForAllEagerEphemeronEdges(
++        [&object_visitor](const void* value, cppgc::TraceCallback callback) {
++          callback(&object_visitor, value);
++        });
+   });
+   // Add roots.
+   {

shell/browser/api/electron_api_session.cc

@@ -910,9 +910,10 @@ v8::Local<v8::Value> Session::NetLog(v8::Isolate* isolate) {
 static void StartPreconnectOnUI(ElectronBrowserContext* browser_context,
                                 const GURL& url,
                                 int num_sockets_to_preconnect) {
+  url::Origin origin = url::Origin::Create(url);
   std::vector<predictors::PreconnectRequest> requests = {
       {url::Origin::Create(url), num_sockets_to_preconnect,
-       net::NetworkIsolationKey::CreateTransient()}};
+       net::NetworkIsolationKey(origin, origin)}};
   browser_context->GetPreconnectManager()->Start(url, requests);
 }
 

shell/browser/api/electron_api_url_loader.cc

@@ -279,9 +279,9 @@ SimpleURLLoaderWrapper::SimpleURLLoaderWrapper(
   request->trusted_params->url_loader_network_observer =
       std::move(url_loader_network_observer_remote);
   // Chromium filters headers using browser rules, while for net module we have
-  // every header passed. Setting the following id will allow us to capture the
+  // every header passed. The following setting will allow us to capture the
   // raw headers in the URLLoader.
-  request->devtools_request_id = base::UnguessableToken::Create().ToString();
+  request->report_raw_headers = true;
   // SimpleURLLoader wants to control the request body itself. We have other
   // ideas.
   auto request_body = std::move(request->request_body);