Changeset 276363 in webkit


Ignore:
Timestamp:
Apr 21, 2021, 8:41:57 AM (4 years ago)
Author:
commit-queue@webkit.org
Message:

WebGL GPUP crashes when preparing for display due to off-thread WeakPtr access (IOSURFACE_SET_OWNERSHIP_IDENTITY)
https://bugs.webkit.org/show_bug.cgi?id=224864

Patch by Kimmo Kinnunen <kkinnunen@apple.com> on 2021-04-21
Reviewed by Chris Dumez.

Do not navigate WeakPtr in RemoteGraphicsContextGL thread.
Instead, cache the ownership identity tag during constructor
in main thread.

No new tests, caught with existing tests when the define
is enabled.

  • GPUProcess/graphics/RemoteGraphicsContextGLCocoa.cpp:

(WebKit::RemoteGraphicsContextGLCocoa::RemoteGraphicsContextGLCocoa):
(WebKit::RemoteGraphicsContextGLCocoa::prepareForDisplay):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r276360 r276363  
     12021-04-21  Kimmo Kinnunen  <kkinnunen@apple.com>
     2
     3        WebGL GPUP crashes when preparing for display due to off-thread WeakPtr access (IOSURFACE_SET_OWNERSHIP_IDENTITY)
     4        https://bugs.webkit.org/show_bug.cgi?id=224864
     5
     6        Reviewed by Chris Dumez.
     7
     8        Do not navigate WeakPtr in RemoteGraphicsContextGL thread.
     9        Instead, cache the ownership identity tag during constructor
     10        in main thread.
     11
     12        No new tests, caught with existing tests when the define
     13        is enabled.
     14
     15        * GPUProcess/graphics/RemoteGraphicsContextGLCocoa.cpp:
     16        (WebKit::RemoteGraphicsContextGLCocoa::RemoteGraphicsContextGLCocoa):
     17        (WebKit::RemoteGraphicsContextGLCocoa::prepareForDisplay):
     18
    1192021-04-21  Simon Fraser  <simon.fraser@apple.com>
    220

  • trunk/Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGLCocoa.cpp

    r273903 r276363  
    4848private:
    4949    WebCore::GraphicsContextGLIOSurfaceSwapChain m_swapChain;
     50#if HAVE(TASK_IDENTITY_TOKEN)
     51    task_id_token_t m_webProcessIdentityToken;
     52#endif
    5053};
    5154
     
    6164RemoteGraphicsContextGLCocoa::RemoteGraphicsContextGLCocoa(GPUConnectionToWebProcess& gpuConnectionToWebProcess, GraphicsContextGLIdentifier graphicsContextGLIdentifier, RemoteRenderingBackend& renderingBackend, IPC::StreamConnectionBuffer&& stream)
    6265    : RemoteGraphicsContextGL(gpuConnectionToWebProcess, graphicsContextGLIdentifier, renderingBackend, WTFMove(stream))
     66#if HAVE(IOSURFACE_SET_OWNERSHIP_IDENTITY)
     67    , m_webProcessIdentityToken(gpuConnectionToWebProcess.webProcessIdentityToken())
     68#endif
    6369{
     70
    6471}
    6572
     
    7683#if HAVE(IOSURFACE_SET_OWNERSHIP_IDENTITY)
    7784        // Mark the IOSurface as being owned by the WebProcess even though it was constructed by the GPUProcess so that Jetsam knows which process to kill.
    78         if (m_gpuConnectionToWebProcess)
    79             surface->setOwnershipIdentity(m_gpuConnectionToWebProcess->webProcessIdentityToken());
     85        surface->setOwnershipIdentity(m_webProcessIdentityToken);
    8086#endif
    8187        sendRight = surface->createSendRight();
Note: See TracChangeset for help on using the changeset viewer.