Fix incorrect process reuse allowed by SiteProcessCountTracker.

Currently, any SiteInstance which uses the
REUSE_PENDING_OR_COMMITTED_SITE process reuse policy is always allowed
to reuse a process with a matching pending site entry.  This is not
always correct: before the navigation to a pending site commits (if
ever), the process might be reused by a navigation to a different
site, which makes this process unsuitable for hosting the original
site if that site requires a dedicated process.  This policy is used
by ServiceWorkers and isolated origins subframes, and this results in
races where we may commit two incompatible sites (or a site and a SW)
under one origin lock, which subsequently leads to renderer kills when
the site with the mismatched lock requests resources such as cookies.

This CL modifies the site tracker to check whether the
RenderProcessHost is still suitable for the target site before
returning it.

Bug: 780661, 780089
Change-Id: I88553572d8b823100fe797bb3a83c9e7cdbfdd2c
Reviewed-by: Charlie Reis <>
Commit-Queue: Alex Moshchuk <>
Cr-Commit-Position: refs/heads/master@{#513607}
2 files changed