Bug 242031

Summary: [GPU Process] RemoteRenderingBackend has to explicitly stop IOSurfacePool::m_collectionTimer before destruction
Product: WebKit Reporter: Said Abou-Hallawa <sabouhallawa>
Component: Layout and RenderingAssignee: Said Abou-Hallawa <sabouhallawa>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, simon.fraser, webkit-bug-importer, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Said Abou-Hallawa
Reported 2022-06-27 09:57:43 PDT
RemoteRenderingBackend can be destroyed by RemoteGraphicsContextGL on the StreamConnection WorkQueue. Because RemoteRenderingBackend now owns an IOSurfacePool, this IOSurfacePool can be destroyed on the StreamConnection WorkQueue also. At the same time the handler of IOSurfacePool::m_collectionTimer can be called on the main thread. This leads to accessing null IOSurfaces in IOSurfacePool::collectionTimerFired().
Attachments
Add attachment proposed patch, testcase, etc.
Said Abou-Hallawa
Comment 1 2022-06-27 09:58:02 PDT
rdar://94516877
Said Abou-Hallawa
Comment 2 2022-06-27 10:09:13 PDT
Pull request: https://github.com/WebKit/WebKit/pull/1821
EWS
Comment 3 2022-06-28 05:52:17 PDT
Committed 251907@main (0cabd082474b): <https://commits.webkit.org/251907@main> Reviewed commits have been landed. Closing PR #1821 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.