Bug 219368

Summary: GPU Process: IOSurfaces should not be mapped into the Web Content Process
Product: WebKit Reporter: Tim Horton <thorton>
Component: New BugsAssignee: Tim Horton <thorton>
Status: RESOLVED FIXED    
Severity: Normal CC: eric.carlson, ews-watchlist, glenn, jer.noble, philipj, rniwa, sabouhallawa, sergio, simon.fraser, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
ews-feeder: commit-queue-
Patch
none
Patch
none
Patch
none
Patch none

Tim Horton
Reported 2020-11-30 14:06:34 PST
GPU Process: IOSurfaces should not be mapped into the Web Content Process
Attachments
Patch (28.99 KB, patch)
2020-11-30 14:07 PST, Tim Horton 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (17.29 KB, patch)
2020-11-30 14:57 PST, Tim Horton 		no flags
DetailsFormatted DiffDiff
Patch (29.07 KB, patch)
2020-11-30 14:59 PST, Tim Horton 		no flags
DetailsFormatted DiffDiff
Patch (37.96 KB, patch)
2020-12-01 18:20 PST, Tim Horton 		no flags
DetailsFormatted DiffDiff
Patch (37.55 KB, patch)
2020-12-01 19:44 PST, Tim Horton 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Tim Horton
Comment 1 2020-11-30 14:07:02 PST
Created attachment 415054 [details] Patch
Ryosuke Niwa
Comment 2 2020-11-30 14:13:55 PST
Comment on attachment 415054 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415054&action=review > Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:110 > + if (WebProcess::singleton().shouldUseRemoteRenderingFor(WebCore::RenderingPurpose::DOM)) { > + if (m_acceleratesDrawing) Can we move this into a helper factory function instead of putting it inside encode function? > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableUnmappedIOSurfaceBackend.cpp:43 > + ASSERT_NOT_REACHED(); Can we release assert this? > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableUnmappedIOSurfaceBackend.cpp:63 > + ASSERT_NOT_REACHED(); Can we release assert this? And ditto for the rest.
Tim Horton
Comment 3 2020-11-30 14:48:32 PST
(In reply to Ryosuke Niwa from comment #2) > Comment on attachment 415054 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=415054&action=review > > > Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:110 > > + if (WebProcess::singleton().shouldUseRemoteRenderingFor(WebCore::RenderingPurpose::DOM)) { > > + if (m_acceleratesDrawing) > > Can we move this into a helper factory function instead of putting it inside > encode function? I'm going to try to move createImageBufferBackendHandle up in the hierarchy so that this just dissolves. > > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableUnmappedIOSurfaceBackend.cpp:43 > > + ASSERT_NOT_REACHED(); > > Can we release assert this? > > > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableUnmappedIOSurfaceBackend.cpp:63 > > + ASSERT_NOT_REACHED(); > > Can we release assert this? And ditto for the rest. Sure, why not!
Tim Horton
Comment 4 2020-11-30 14:57:21 PST
Created attachment 415063 [details] Patch
Tim Horton
Comment 5 2020-11-30 14:59:04 PST
Created attachment 415064 [details] Patch
EWS
Comment 6 2020-11-30 16:30:45 PST
Committed r270275: <https://trac.webkit.org/changeset/270275> All reviewed patches have been landed. Closing bug and clearing flags on attachment 415064 [details].
Radar WebKit Bug Importer
Comment 7 2020-11-30 16:31:22 PST
<rdar://problem/71828486>
Tim Horton
Comment 8 2020-11-30 17:35:18 PST
Looking into the API test failures. Silly me, thinking that the only GPUP bots were post-landing bots. Forgot about the API tests.
Tim Horton
Comment 9 2020-11-30 18:18:07 PST
Reverted r270275 for reason: broke canvas painting Committed r270280: <https://trac.webkit.org/changeset/270280>
Tim Horton
Comment 10 2020-11-30 18:59:52 PST
Whoops: 3 0x4f97b8a6f WebKit::ImageBufferShareableUnmappedIOSurfaceBackend::draw(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) 4 0x4f97d0e49 WebCore::ConcreteImageBuffer<WebKit::ImageBufferShareableUnmappedIOSurfaceBackend>::draw(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) 5 0x50a8af6d5 WebCore::GraphicsContext::drawImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) 6 0x50a8af774 WebCore::GraphicsContext::drawImageBuffer(WebCore::ImageBuffer&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) 7 0x509bd2ddb WebCore::HTMLCanvasElement::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&) 8 0x50ae37f34 WebCore::RenderHTMLCanvas::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
Tim Horton
Comment 11 2020-12-01 18:20:32 PST
Created attachment 415182 [details] Patch
Said Abou-Hallawa
Comment 12 2020-12-01 18:57:03 PST
Comment on attachment 415182 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=415182&action=review > Source/WebCore/platform/graphics/cg/ImageBufferIOSurfaceBackend.h:73 > + static constexpr bool canMapBackingStore = true; I think you can remove this. ImageBufferIOSurfaceBackend has canMapBackingStore = true from ImageBufferBackend. > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableIOSurfaceBackend.cpp:40 > +std::unique_ptr<ImageBufferShareableIOSurfaceBackend> ImageBufferShareableIOSurfaceBackend::create(const FloatSize& logicalSize, const IntSize& internalSize, float resolutionScale, ColorSpace colorSpace, PixelFormat pixelFormat, ImageBufferBackendHandle handle) Please replace internalSize with backendSize. > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableIOSurfaceBackend.cpp:58 > + RELEASE_ASSERT_NOT_REACHED(); > + return *(GraphicsContext*)nullptr; Should all the release_assert implementations be moved to ImageBufferBackend pure virtual methods instead? I think the release_assert implementations in ImageBufferBackend will serve the two purposes well: 'Don't create a backend unless you implement these functions "or" never call any of them'. > Source/WebKit/WebProcess/GPU/graphics/cocoa/ImageBufferShareableIOSurfaceBackend.h:45 > + ImageBufferShareableIOSurfaceBackend(const WebCore::FloatSize& logicalSize, const WebCore::IntSize& physicalSize, float resolutionScale, WebCore::ColorSpace colorSpace, WebCore::PixelFormat pixelFormat, ImageBufferBackendHandle&& handle) Please replace physicalSize with backendSize.
Tim Horton
Comment 13 2020-12-01 19:44:14 PST
Created attachment 415188 [details] Patch
EWS
Comment 14 2020-12-01 20:23:34 PST
Committed r270342: <https://trac.webkit.org/changeset/270342> All reviewed patches have been landed. Closing bug and clearing flags on attachment 415188 [details].
Note You need to log in before you can comment on or make changes to this bug.