124643 2013-11-20 00:42:02 -0800 Remote Layer Tree: 100% repro crasher on the IPC thread when creating lots of layers 2013-11-20 13:42:55 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 thorton thorton andersca ap sam simon.fraser oldest_to_newest 952474 0 thorton 2013-11-20 00:42:02 -0800 CoreIPC::Connection::sendOutgoingMessage crashes after memory has been smashed when creating lots of RemoteLayerTree layers. This occurs because we use mach ports to share the IOSurface backing store, and sendOutgoingMessage always sends the ports in-line, even if they won't fit in the fixed-size 4KB buffer. We have a few options: 1. Simply mmap a buffer of the requisite size. 2. Do #1 but keep the stack-allocated buffer for performance if the message is under 4KB after out-of-lining the body, swapping to mmap if needed. 3. Figure out how to out-of-line the ports using mach_msg_ool_ports_descriptor_t and co. (I have this partially implemented, but there are some hitches). Attaching patch for #1 (the simplest option), will adjust as people recommend. <rdar://problem/15491080> 952479 1 217400 thorton 2013-11-20 00:54:08 -0800 Created attachment 217400 #1 patch 952480 2 217401 thorton 2013-11-20 00:59:27 -0800 Created attachment 217401 #2 patch 952492 3 thorton 2013-11-20 01:32:53 -0800 Giving up on #3 for now, it's way, way more complicated and I don't want to waste too much time if one of these will do. 952764 4 thorton 2013-11-20 13:42:50 -0800 #2 it is! http://trac.webkit.org/changeset/159582 217400 2013-11-20 00:54:08 -0800 2013-11-20 13:42:55 -0800 #1 patch dynamically-allocate.diff text/plain 2273 thorton ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBlY2ZjYjJlLi40N2U0YmRmIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQg QEAKKzIwMTMtMTEtMjAgIFRpbSBIb3J0b24gIDx0aW1vdGh5X2hvcnRvbkBhcHBsZS5jb20+CisK KyAgICAgICAgUmVtb3RlIExheWVyIFRyZWU6IDEwMCUgcmVwcm8gY3Jhc2hlciBvbiB0aGUgSVBD IHRocmVhZCB3aGVuIGNyZWF0aW5nIGxvdHMgb2YgbGF5ZXJzCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjQ2NDMKKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFBsYXRmb3JtL0NvcmVJUEMvbWFjL0Nvbm5l Y3Rpb25NYWMuY3BwOgorICAgICAgICAoQ29yZUlQQzo6Q29ubmVjdGlvbjo6c2VuZE91dGdvaW5n TWVzc2FnZSk6CisgICAgICAgIER5bmFtaWNhbGx5IGFsbG9jYXRlIHN0b3JhZ2UgZm9yIHRoZSBt ZXNzYWdlLgorCiAyMDEzLTExLTE5ICBCcmFkeSBFaWRzb24gIDxiZWlkc29uQGFwcGxlLmNvbT4K IAogICAgICAgICBBZGQgV2ViSURCU2VydmVyQ29ubmVjdGlvbiBhbmQgRGF0YWJhc2VQcm9jZXNz SURCQ29ubmVjdGlvbiBzdHVicwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvUGxhdGZvcm0v Q29yZUlQQy9tYWMvQ29ubmVjdGlvbk1hYy5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9QbGF0Zm9ybS9D b3JlSVBDL21hYy9Db25uZWN0aW9uTWFjLmNwcAppbmRleCAxMWM4ZjFmYS4uYzc4YWE0MSAxMDA2 NDQKLS0tIGEvU291cmNlL1dlYktpdDIvUGxhdGZvcm0vQ29yZUlQQy9tYWMvQ29ubmVjdGlvbk1h Yy5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvUGxhdGZvcm0vQ29yZUlQQy9tYWMvQ29ubmVjdGlv bk1hYy5jcHAKQEAgLTIwMiwxOSArMjAyLDIwIEBAIGJvb2wgQ29ubmVjdGlvbjo6c2VuZE91dGdv aW5nTWVzc2FnZShzdGQ6OnVuaXF1ZV9wdHI8TWVzc2FnZUVuY29kZXI+IGVuY29kZXIpCiAgICAg fQogICAgIAogICAgIHNpemVfdCBtZXNzYWdlU2l6ZSA9IG1hY2hNZXNzYWdlU2l6ZShlbmNvZGVy LT5idWZmZXJTaXplKCksIG51bWJlck9mUG9ydERlc2NyaXB0b3JzLCBudW1iZXJPZk9PTE1lbW9y eURlc2NyaXB0b3JzKTsKLSAgICBjaGFyIGJ1ZmZlcltpbmxpbmVNZXNzYWdlTWF4U2l6ZV07CiAK ICAgICBib29sIG1lc3NhZ2VCb2R5SXNPT0wgPSBmYWxzZTsKLSAgICBpZiAobWVzc2FnZVNpemUg PiBzaXplb2YoYnVmZmVyKSkgeworICAgIGlmIChtZXNzYWdlU2l6ZSA+IGlubGluZU1lc3NhZ2VN YXhTaXplKSB7CiAgICAgICAgIG1lc3NhZ2VCb2R5SXNPT0wgPSB0cnVlOwogCiAgICAgICAgIG51 bWJlck9mT09MTWVtb3J5RGVzY3JpcHRvcnMrKzsKICAgICAgICAgbWVzc2FnZVNpemUgPSBtYWNo TWVzc2FnZVNpemUoMCwgbnVtYmVyT2ZQb3J0RGVzY3JpcHRvcnMsIG51bWJlck9mT09MTWVtb3J5 RGVzY3JpcHRvcnMpOwogICAgIH0KIAorICAgIGNoYXIqIGJ1ZmZlciA9IChjaGFyKiltbWFwKDAs IG1lc3NhZ2VTaXplLCBQUk9UX1JFQUQgfCBQUk9UX1dSSVRFLCBNQVBfQU5PTiB8IE1BUF9QUklW QVRFLCAtMSwgMCk7CisKICAgICBib29sIGlzQ29tcGxleCA9IChudW1iZXJPZlBvcnREZXNjcmlw dG9ycyArIG51bWJlck9mT09MTWVtb3J5RGVzY3JpcHRvcnMgPiAwKTsKIAotICAgIG1hY2hfbXNn X2hlYWRlcl90KiBoZWFkZXIgPSByZWludGVycHJldF9jYXN0PG1hY2hfbXNnX2hlYWRlcl90Kj4o JmJ1ZmZlcik7CisgICAgbWFjaF9tc2dfaGVhZGVyX3QqIGhlYWRlciA9IHJlaW50ZXJwcmV0X2Nh c3Q8bWFjaF9tc2dfaGVhZGVyX3QqPihidWZmZXIpOwogICAgIGhlYWRlci0+bXNnaF9iaXRzID0g TUFDSF9NU0dIX0JJVFMoTUFDSF9NU0dfVFlQRV9DT1BZX1NFTkQsIDApOwogICAgIGhlYWRlci0+ bXNnaF9zaXplID0gbWVzc2FnZVNpemU7CiAgICAgaGVhZGVyLT5tc2doX3JlbW90ZV9wb3J0ID0g bV9zZW5kUG9ydDsKQEAgLTI3Nyw2ICsyNzgsOCBAQCBib29sIENvbm5lY3Rpb246OnNlbmRPdXRn b2luZ01lc3NhZ2Uoc3RkOjp1bmlxdWVfcHRyPE1lc3NhZ2VFbmNvZGVyPiBlbmNvZGVyKQogICAg ICAgICAvLyBGSVhNRTogV2hhdCBzaG91bGQgd2UgZG8gaGVyZT8KICAgICB9CiAKKyAgICBtdW5t YXAoYnVmZmVyLCBtZXNzYWdlU2l6ZSk7CisKICAgICByZXR1cm4gdHJ1ZTsKIH0KIAo= 217401 2013-11-20 00:59:27 -0800 2013-11-20 13:36:59 -0800 #2 patch dynamically-allocate-2.diff text/plain 2448 thorton ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBlY2ZjYjJlLi4yZjNiM2UwIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQg QEAKKzIwMTMtMTEtMjAgIFRpbSBIb3J0b24gIDx0aW1vdGh5X2hvcnRvbkBhcHBsZS5jb20+CisK KyAgICAgICAgUmVtb3RlIExheWVyIFRyZWU6IDEwMCUgcmVwcm8gY3Jhc2hlciBvbiB0aGUgSVBD IHRocmVhZCB3aGVuIGNyZWF0aW5nIGxvdHMgb2YgbGF5ZXJzCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjQ2NDMKKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFBsYXRmb3JtL0NvcmVJUEMvbWFjL0Nvbm5l Y3Rpb25NYWMuY3BwOgorICAgICAgICAoQ29yZUlQQzo6Q29ubmVjdGlvbjo6c2VuZE91dGdvaW5n TWVzc2FnZSk6CisgICAgICAgIER5bmFtaWNhbGx5IGFsbG9jYXRlIHN0b3JhZ2UgZm9yIHRoZSBt ZXNzYWdlIGlmIG5lZWRlZC4KKwogMjAxMy0xMS0xOSAgQnJhZHkgRWlkc29uICA8YmVpZHNvbkBh cHBsZS5jb20+CiAKICAgICAgICAgQWRkIFdlYklEQlNlcnZlckNvbm5lY3Rpb24gYW5kIERhdGFi YXNlUHJvY2Vzc0lEQkNvbm5lY3Rpb24gc3R1YnMKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQy L1BsYXRmb3JtL0NvcmVJUEMvbWFjL0Nvbm5lY3Rpb25NYWMuY3BwIGIvU291cmNlL1dlYktpdDIv UGxhdGZvcm0vQ29yZUlQQy9tYWMvQ29ubmVjdGlvbk1hYy5jcHAKaW5kZXggMTFjOGYxZmEuLmU2 MjE2MjYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1BsYXRmb3JtL0NvcmVJUEMvbWFjL0Nv bm5lY3Rpb25NYWMuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1BsYXRmb3JtL0NvcmVJUEMvbWFj L0Nvbm5lY3Rpb25NYWMuY3BwCkBAIC0yMDIsMTkgKzIwMiwyMyBAQCBib29sIENvbm5lY3Rpb246 OnNlbmRPdXRnb2luZ01lc3NhZ2Uoc3RkOjp1bmlxdWVfcHRyPE1lc3NhZ2VFbmNvZGVyPiBlbmNv ZGVyKQogICAgIH0KICAgICAKICAgICBzaXplX3QgbWVzc2FnZVNpemUgPSBtYWNoTWVzc2FnZVNp emUoZW5jb2Rlci0+YnVmZmVyU2l6ZSgpLCBudW1iZXJPZlBvcnREZXNjcmlwdG9ycywgbnVtYmVy T2ZPT0xNZW1vcnlEZXNjcmlwdG9ycyk7Ci0gICAgY2hhciBidWZmZXJbaW5saW5lTWVzc2FnZU1h eFNpemVdOwogCiAgICAgYm9vbCBtZXNzYWdlQm9keUlzT09MID0gZmFsc2U7Ci0gICAgaWYgKG1l c3NhZ2VTaXplID4gc2l6ZW9mKGJ1ZmZlcikpIHsKKyAgICBpZiAobWVzc2FnZVNpemUgPiBpbmxp bmVNZXNzYWdlTWF4U2l6ZSkgewogICAgICAgICBtZXNzYWdlQm9keUlzT09MID0gdHJ1ZTsKIAog ICAgICAgICBudW1iZXJPZk9PTE1lbW9yeURlc2NyaXB0b3JzKys7CiAgICAgICAgIG1lc3NhZ2VT aXplID0gbWFjaE1lc3NhZ2VTaXplKDAsIG51bWJlck9mUG9ydERlc2NyaXB0b3JzLCBudW1iZXJP Zk9PTE1lbW9yeURlc2NyaXB0b3JzKTsKICAgICB9CiAKKyAgICBjaGFyIHN0YWNrQnVmZmVyW2lu bGluZU1lc3NhZ2VNYXhTaXplXTsKKyAgICBjaGFyKiBidWZmZXIgPSAmc3RhY2tCdWZmZXJbMF07 CisgICAgaWYgKG1lc3NhZ2VTaXplID4gaW5saW5lTWVzc2FnZU1heFNpemUpCisgICAgICAgIGJ1 ZmZlciA9IChjaGFyKiltbWFwKDAsIG1lc3NhZ2VTaXplLCBQUk9UX1JFQUQgfCBQUk9UX1dSSVRF LCBNQVBfQU5PTiB8IE1BUF9QUklWQVRFLCAtMSwgMCk7CisKICAgICBib29sIGlzQ29tcGxleCA9 IChudW1iZXJPZlBvcnREZXNjcmlwdG9ycyArIG51bWJlck9mT09MTWVtb3J5RGVzY3JpcHRvcnMg PiAwKTsKIAotICAgIG1hY2hfbXNnX2hlYWRlcl90KiBoZWFkZXIgPSByZWludGVycHJldF9jYXN0 PG1hY2hfbXNnX2hlYWRlcl90Kj4oJmJ1ZmZlcik7CisgICAgbWFjaF9tc2dfaGVhZGVyX3QqIGhl YWRlciA9IHJlaW50ZXJwcmV0X2Nhc3Q8bWFjaF9tc2dfaGVhZGVyX3QqPihidWZmZXIpOwogICAg IGhlYWRlci0+bXNnaF9iaXRzID0gTUFDSF9NU0dIX0JJVFMoTUFDSF9NU0dfVFlQRV9DT1BZX1NF TkQsIDApOwogICAgIGhlYWRlci0+bXNnaF9zaXplID0gbWVzc2FnZVNpemU7CiAgICAgaGVhZGVy LT5tc2doX3JlbW90ZV9wb3J0ID0gbV9zZW5kUG9ydDsKQEAgLTI3Nyw2ICsyODEsOSBAQCBib29s IENvbm5lY3Rpb246OnNlbmRPdXRnb2luZ01lc3NhZ2Uoc3RkOjp1bmlxdWVfcHRyPE1lc3NhZ2VF bmNvZGVyPiBlbmNvZGVyKQogICAgICAgICAvLyBGSVhNRTogV2hhdCBzaG91bGQgd2UgZG8gaGVy ZT8KICAgICB9CiAKKyAgICBpZiAoYnVmZmVyICE9ICZzdGFja0J1ZmZlclswXSkKKyAgICAgICAg bXVubWFwKGJ1ZmZlciwgbWVzc2FnZVNpemUpOworCiAgICAgcmV0dXJuIHRydWU7CiB9CiAK