Bug 224956 - [iOS] GPU Process sandbox lacks IOMobileFramebufferUserClient method filter
Summary: [iOS] GPU Process sandbox lacks IOMobileFramebufferUserClient method filter
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-04-22 16:15 PDT by Brent Fulgham
Modified: 2021-04-23 13:11 PDT (History)
1 user (show)

See Also:


Attachments
Patch (2.17 KB, patch)
2021-04-22 16:25 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch (3.02 KB, patch)
2021-04-22 17:27 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2021-04-22 16:15:05 PDT
In Bug 211188 we added message filter protections to the IOMobileFramebufferUserClient. These were not retained when the GPU Process sandbox was constructed, and need to be.

<rdar://problem/68227590>
Comment 1 Brent Fulgham 2021-04-22 16:25:08 PDT
Created attachment 426863 [details]
Patch
Comment 2 Per Arne Vollan 2021-04-22 16:31:35 PDT
Comment on attachment 426863 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=426863&action=review

R=me.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96
> +                   (allow (with telemetry) (with message "IOMobileFramebufferUserClient")

Is the telemetry needed on the allow rule? Sometimes telemetry for frequently hit rules can cause a perf regression.
Comment 3 Brent Fulgham 2021-04-22 17:08:57 PDT
(In reply to Per Arne Vollan from comment #2)
> Comment on attachment 426863 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=426863&action=review
> 
> R=me.
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:96
> > +                   (allow (with telemetry) (with message "IOMobileFramebufferUserClient")
> 
> Is the telemetry needed on the allow rule? Sometimes telemetry for
> frequently hit rules can cause a perf regression.

Good point -- I'll remove it.

This telemetry is in the WebContent version of this (perhaps not used anymore). Maybe we should remove it there, too?
Comment 4 Brent Fulgham 2021-04-22 17:27:38 PDT
Created attachment 426875 [details]
Patch
Comment 5 Per Arne Vollan 2021-04-22 17:39:14 PDT
Comment on attachment 426875 [details]
Patch

R=me.
Comment 6 Brent Fulgham 2021-04-23 12:59:26 PDT
Comment on attachment 426875 [details]
Patch

Patch was also validated in manual testing on device.
Comment 7 EWS 2021-04-23 13:11:47 PDT
Committed r276515 (236971@main): <https://commits.webkit.org/236971@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 426875 [details].