Bug 226869 - [Cocoa] Disable hardware decoding in the WebProcess
Summary: [Cocoa] Disable hardware decoding in the WebProcess
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Said Abou-Hallawa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-06-10 02:56 PDT by Said Abou-Hallawa
Modified: 2021-08-09 11:14 PDT (History)
14 users (show)

See Also:

Attachments
Patch (7.65 KB, patch)
2021-06-10 03:09 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (7.70 KB, patch)
2021-06-10 03:12 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (17.65 KB, patch)
2021-06-10 19:24 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (23.89 KB, patch)
2021-06-15 22:33 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (27.83 KB, patch)
2021-06-16 22:35 PDT, Said Abou-Hallawa 		pvollan: review+
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (29.35 KB, patch)
2021-06-17 15:07 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Patch (30.02 KB, patch)
2021-06-17 16:30 PDT, Said Abou-Hallawa 		no flags Details | Formatted Diff | Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Said Abou-Hallawa 2021-06-10 02:56:31 PDT 
IOKit calls are sandboxed in the WebProcess. So we need to disable hardware decoding otherwise the images will not be displayed correctly.
Comment 1 Said Abou-Hallawa 2021-06-10 03:09:45 PDT 
Created attachment 431056 [details]
Patch
Comment 2 Said Abou-Hallawa 2021-06-10 03:10:47 PDT 
<rdar://77548905>
Comment 3 Said Abou-Hallawa 2021-06-10 03:12:00 PDT 
Unfortunately this change works on iOS but it does not work on macOS.
Comment 4 Said Abou-Hallawa 2021-06-10 03:12:44 PDT 
Created attachment 431057 [details]
Patch
Comment 5 Said Abou-Hallawa 2021-06-10 19:24:23 PDT 
Created attachment 431169 [details]
Patch
Comment 6 Per Arne Vollan 2021-06-11 13:19:26 PDT 
Comment on attachment 431169 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431169&action=review

> Source/WebKit/WebProcess/WebProcess.cpp:341
> +    restrictImageAndVideoDecoders();

We should make sure this is called after entering the sandbox. Is this the case here?
Comment 7 Per Arne Vollan 2021-06-11 13:22:05 PDT 
Comment on attachment 431169 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431169&action=review

>> Source/WebKit/WebProcess/WebProcess.cpp:341
>> +    restrictImageAndVideoDecoders();
> 
> We should make sure this is called after entering the sandbox. Is this the case here?

If this is iOS only, that should not be an issue.
Comment 8 Per Arne Vollan 2021-06-11 13:22:06 PDT 
Comment on attachment 431169 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431169&action=review

>> Source/WebKit/WebProcess/WebProcess.cpp:341
>> +    restrictImageAndVideoDecoders();
> 
> We should make sure this is called after entering the sandbox. Is this the case here?

If this is iOS only, that should not be an issue.
Comment 9 Said Abou-Hallawa 2021-06-11 14:50:10 PDT 
Comment on attachment 431169 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431169&action=review

>>>> Source/WebKit/WebProcess/WebProcess.cpp:341
>>>> +    restrictImageAndVideoDecoders();
>>> 
>>> We should make sure this is called after entering the sandbox. Is this the case here?
>> 
>> If this is iOS only, that should not be an issue.
> 
> If this is iOS only, that should not be an issue.

It is working on iOS only. But I think it should work in both iOS and macOS. Where should I put this call to make sure we entered the sandbox?
Comment 10 Per Arne Vollan 2021-06-14 02:14:18 PDT 
Comment on attachment 431169 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431169&action=review

>>>>> Source/WebKit/WebProcess/WebProcess.cpp:341
>>>>> +    restrictImageAndVideoDecoders();
>>>> 
>>>> We should make sure this is called after entering the sandbox. Is this the case here?
>>> 
>>> If this is iOS only, that should not be an issue.
>> 
>> If this is iOS only, that should not be an issue.
> 
> It is working on iOS only. But I think it should work in both iOS and macOS. Where should I put this call to make sure we entered the sandbox?

Yes, the current invocation of restrictImageAndVideoDecoders() is too early on macOS. It should be called after AuxiliaryProcess::initializeSandbox.
Comment 11 Said Abou-Hallawa 2021-06-15 22:33:52 PDT 
Created attachment 431519 [details]
Patch
Comment 12 Per Arne Vollan 2021-06-16 02:34:36 PDT 
Comment on attachment 431519 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431519&action=review

> Source/WebCore/PAL/pal/spi/cocoa/VideoToolboxSPI.h:33
> +#include <wtf/SoftLinking.h>

Should this include be in the SPI file?
Comment 13 David Kilzer (:ddkilzer) 2021-06-16 04:06:29 PDT 
Comment on attachment 431519 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431519&action=review

>> Source/WebCore/PAL/pal/spi/cocoa/VideoToolboxSPI.h:33
>> +#include <wtf/SoftLinking.h>
> 
> Should this include be in the SPI file?

No, it should not. Per Arne is correct that this should be included in the *.cpp or *.mm source file only.
Comment 14 Per Arne Vollan 2021-06-16 05:40:42 PDT 
Comment on attachment 431519 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431519&action=review

To make sure this works on macOS, you can add the following code to WebProcess::platformInitializeWebProcess:

#if PLATFORM(MAC)
    if (parameters.trustedAgentExtensionHandle) {
        if (auto extension = SandboxExtension::create(WTFMove(*parameters.trustedAgentExtensionHandle))) {
            bool ok = extension->consume();
            if (PAL::isMediaToolboxFrameworkAvailable() &&
                PAL::canLoad_MediaToolbox_FigPhotoSupportsHEVCHWDecode())
                PAL::softLinkMediaToolboxFigPhotoSupportsHEVCHWDecode();
            ok = extension->revoke();
            ASSERT_UNUSED(ok, ok);
        }
    }
#endif

> Source/WebKit/Shared/AuxiliaryProcess.cpp:86
> +#if PLATFORM(IOS_FAMILY)
> +    restrictImageAndVideoDecoders();
> +#endif

To make this work on macOS, you can remove the #ifdef. I also think we should call this in the WebContent process, only.
Comment 15 Said Abou-Hallawa 2021-06-16 22:35:48 PDT 
Created attachment 431634 [details]
Patch
Comment 16 Said Abou-Hallawa 2021-06-16 22:38:24 PDT 
Comment on attachment 431519 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431519&action=review

>>> Source/WebCore/PAL/pal/spi/cocoa/VideoToolboxSPI.h:33
>>> +#include <wtf/SoftLinking.h>
>> 
>> Should this include be in the SPI file?
> 
> No, it should not. Per Arne is correct that this should be included in the *.cpp or *.mm source file only.

Removed.

>> Source/WebKit/Shared/AuxiliaryProcess.cpp:86
>> +#endif
> 
> To make this work on macOS, you can remove the #ifdef. I also think we should call this in the WebContent process, only.

This call was moved to WebProcessCocoa.mm and this made macOS and iOS display the HEIF image correctly.
Comment 17 Per Arne Vollan 2021-06-17 00:09:50 PDT 
Comment on attachment 431634 [details]
Patch

Great! R=me.
Comment 18 Simon Fraser (smfr) 2021-06-17 09:29:50 PDT 
Comment on attachment 431634 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431634&action=review

> Source/WTF/ChangeLog:3
> +        [Cocoa] Disable hardware decoding in the WebProcess

Cocoa

> Source/WebCore/ChangeLog:3
> +        [iOS] Disable hardware decoding in the WebProcess

iOS

> Source/WebCore/PAL/ChangeLog:3
> +        [Cocoa] Disable hardware decoding in the WebProcess

Cocoa

> Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:381
> +                PAL::softLinkMediaToolboxFigPhotoSupportsHEVCHWDecode();

Does this function have side effects? We're ignoring the return value.

> LayoutTests/platform/ios/TestExpectations:3038
> +fast/images/heic-as-background-image.html [ Pass ]

Should we pass the test on macOS too?
Comment 19 Said Abou-Hallawa 2021-06-17 15:07:47 PDT 
Created attachment 431726 [details]
Patch
Comment 20 Said Abou-Hallawa 2021-06-17 15:50:33 PDT 
Comment on attachment 431634 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=431634&action=review

>> Source/WebCore/ChangeLog:3
>> +        [iOS] Disable hardware decoding in the WebProcess
> 
> iOS

This one is fixed to match the title of the bug.

>> Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:381
>> +                PAL::softLinkMediaToolboxFigPhotoSupportsHEVCHWDecode();
> 
> Does this function have side effects? We're ignoring the return value.

We do not need the return value. We just need to call it once while holding the trustd extension. This function sets a static local variable when it is called for the first time. To set the static local variable, it uses the service com.apple.trustd.agent. I will add a comment in the code and describe it a little in the ChangeLog.

>> LayoutTests/platform/ios/TestExpectations:3038
>> +fast/images/heic-as-background-image.html [ Pass ]
> 
> Should we pass the test on macOS too?

The test is now passed on macOS.
Comment 21 Said Abou-Hallawa 2021-06-17 16:30:34 PDT 
Created attachment 431738 [details]
Patch
Comment 22 EWS 2021-06-17 21:09:33 PDT 
Committed r279030 (238950@main): <https://commits.webkit.org/238950@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 431738 [details].
Comment 23 youenn fablet 2021-07-28 08:32:49 PDT 
This breaks WebRTC video decoding in WebProcess since we need IOSurface-backed buffers there.
Comment 24 youenn fablet 2021-07-28 08:33:26 PDT 
See rdar://81166342 for more info