remoting: Refactor SecurityKeyExtensionSession for parallel transport [chromium/src : main]

0 views
Skip to first unread message

Yuwei Huang (Gerrit)

unread,
Jun 22, 2026, 4:55:18 PM (6 days ago) Jun 22
to chromium...@chromium.org, chromotin...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Yuwei Huang added 4 comments

File remoting/host/client_session.h
Line 466, Patchset 7 (Latest): std::unique_ptr<SecurityKeyExtension> security_key_extension_;
Yuwei Huang . unresolved

To avoid a dangling pointer crash, `security_key_session_` and `security_key_extension_` should be declared *before* `extension_manager_`.\n\nIn C++, members are destroyed in the reverse order of their declaration. `extension_manager_` holds a `raw_ptr` to the `security_key_extension_` (via `active_extensions`). If the extension is destroyed first, the `raw_ptr` inside `extension_manager_` becomes dangling. This will trigger a crash during destruction in Chromium's BackupRefPtr (BRP) dangling pointer detector.

File remoting/host/security_key/security_key_extension.h
Line 47, Patchset 7 (Latest): scoped_refptr<base::SingleThreadTaskRunner> file_task_runner_;
Yuwei Huang . unresolved

`file_task_runner_` is no longer used in `SecurityKeyExtension`. It was previously passed to `SecurityKeyExtensionSession`, but now it's only needed by `SecurityKeySession`. We can remove this member and drop it from the constructor.

File remoting/host/security_key/security_key_extension_session.cc
Line 66, Patchset 7 (Latest): ClientSessionDetails* client_session_details,
Yuwei Huang . unresolved

`client_session_details` is completely unused in `SecurityKeyExtensionSession`. It used to be passed into `SecurityKeyAuthHandler::Create()`, but that is now handled by `SecurityKeySession`. We can safely remove this parameter (and ignore it when calling the constructor from `SecurityKeyExtension::CreateExtensionSession`).

File remoting/host/security_key/security_key_session.h
Line 74, Patchset 7 (Latest): raw_ptr<protocol::ClientStub> client_stub_ = nullptr;
Yuwei Huang . unresolved

`client_stub_` is unused inside `SecurityKeySession` (the actual message sending is delegated to `SecurityKeyExtensionSession`, which retains its own `client_stub_`). You can safely remove this member and drop the parameter from the constructor.

Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I8abc9f9f3954f9c04e920fcf73213742d6236aca
Gerrit-Change-Number: 7964054
Gerrit-PatchSet: 7
Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
Gerrit-Comment-Date: Mon, 22 Jun 2026 20:55:00 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Yuwei Huang (Gerrit)

unread,
Jun 23, 2026, 5:43:36 PM (5 days ago) Jun 23
to chromium...@chromium.org, chromotin...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

Yuwei Huang added 4 comments

File remoting/host/client_session.h
Line 466, Patchset 7: std::unique_ptr<SecurityKeyExtension> security_key_extension_;
Yuwei Huang . resolved

To avoid a dangling pointer crash, `security_key_session_` and `security_key_extension_` should be declared *before* `extension_manager_`.\n\nIn C++, members are destroyed in the reverse order of their declaration. `extension_manager_` holds a `raw_ptr` to the `security_key_extension_` (via `active_extensions`). If the extension is destroyed first, the `raw_ptr` inside `extension_manager_` becomes dangling. This will trigger a crash during destruction in Chromium's BackupRefPtr (BRP) dangling pointer detector.

Yuwei Huang

Done

File remoting/host/security_key/security_key_extension.h
Line 47, Patchset 7: scoped_refptr<base::SingleThreadTaskRunner> file_task_runner_;
Yuwei Huang . resolved

`file_task_runner_` is no longer used in `SecurityKeyExtension`. It was previously passed to `SecurityKeyExtensionSession`, but now it's only needed by `SecurityKeySession`. We can remove this member and drop it from the constructor.

Yuwei Huang

Done

File remoting/host/security_key/security_key_extension_session.cc
Line 66, Patchset 7: ClientSessionDetails* client_session_details,
Yuwei Huang . resolved

`client_session_details` is completely unused in `SecurityKeyExtensionSession`. It used to be passed into `SecurityKeyAuthHandler::Create()`, but that is now handled by `SecurityKeySession`. We can safely remove this parameter (and ignore it when calling the constructor from `SecurityKeyExtension::CreateExtensionSession`).

Yuwei Huang

Done

File remoting/host/security_key/security_key_session.h
Line 74, Patchset 7: raw_ptr<protocol::ClientStub> client_stub_ = nullptr;
Yuwei Huang . resolved

`client_stub_` is unused inside `SecurityKeySession` (the actual message sending is delegated to `SecurityKeyExtensionSession`, which retains its own `client_stub_`). You can safely remove this member and drop the parameter from the constructor.

Yuwei Huang

Done

Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I8abc9f9f3954f9c04e920fcf73213742d6236aca
    Gerrit-Change-Number: 7964054
    Gerrit-PatchSet: 9
    Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
    Gerrit-Comment-Date: Tue, 23 Jun 2026 21:43:09 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    Comment-In-Reply-To: Yuwei Huang <yuw...@chromium.org>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Yuwei Huang (Gerrit)

    unread,
    Jun 23, 2026, 6:55:38 PM (5 days ago) Jun 23
    to chromium...@chromium.org, chromotin...@chromium.org, chromium-a...@chromium.org, extension...@chromium.org

    Yuwei Huang added 1 comment

    File remoting/host/remoting_me2me_host.cc
    Line 1536, Patchset 10 (Latest): local_session_policies->allow_gnubby_forwarding = false;
    Yuwei Huang . unresolved

    This is probably not going to work. If you read `ClientSession::OnConnectionAuthenticated`, the effective policies are not cascaded, but rather replaced. Also, it is a good idea to pass support state independent of the policy itself.

    Open in Gerrit

    Related details

    Attention set is empty
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I8abc9f9f3954f9c04e920fcf73213742d6236aca
      Gerrit-Change-Number: 7964054
      Gerrit-PatchSet: 10
      Gerrit-Owner: Yuwei Huang <yuw...@chromium.org>
      Gerrit-Comment-Date: Tue, 23 Jun 2026 22:55:20 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy
      Reply all
      Reply to author
      Forward
      0 new messages