[webkit-changes] [293815] trunk/Source/WebKit

[simon . fraser]

Title: [293815] trunk/Source/WebKit

Revision

293815

Author

simon.fra...@apple.com

Date

2022-05-04 19:47:29 -0700 (Wed, 04 May 2022)

Log Message

Fix crash in RemoteRenderingBackendProxy::prepareBuffersForDisplay()
https://bugs.webkit.org/show_bug.cgi?id=240089
<rdar://91444900>

Reviewed by Tim Horton.

We keep WebContent processes alive after a GPU Process crash, so having a RELEASE_ASSERT
when IPC with the GPU Process fails is the wrong approach. Instead, just behave as if all
the returned buffers are null, and need full display.

In testing, I saw a single instance of a crash in RemoteLayerBackingStore::drawInContext(),
probably because m_backBuffer.imageBuffer was null.
SwapBuffersDisplayRequirement::NeedsFullDisplay should mean that we don't hit this, but
null-check the back buffer just in case.

* Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
(WebKit::RemoteLayerBackingStore::drawInContext):
* WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
(WebKit::RemoteRenderingBackendProxy::prepareBuffersForDisplay):

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm
• trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (293814 => 293815)

--- trunk/Source/WebKit/ChangeLog	2022-05-05 02:37:47 UTC (rev 293814)
+++ trunk/Source/WebKit/ChangeLog	2022-05-05 02:47:29 UTC (rev 293815)
@@ -1,3 +1,25 @@
+2022-05-04  Simon Fraser  <simon.fra...@apple.com>
+
+        Fix crash in RemoteRenderingBackendProxy::prepareBuffersForDisplay()
+        https://bugs.webkit.org/show_bug.cgi?id=240089
+        <rdar://91444900>
+
+        Reviewed by Tim Horton.
+
+        We keep WebContent processes alive after a GPU Process crash, so having a RELEASE_ASSERT
+        when IPC with the GPU Process fails is the wrong approach. Instead, just behave as if all
+        the returned buffers are null, and need full display.
+
+        In testing, I saw a single instance of a crash in RemoteLayerBackingStore::drawInContext(),
+        probably because m_backBuffer.imageBuffer was null.
+        SwapBuffersDisplayRequirement::NeedsFullDisplay should mean that we don't hit this, but
+        null-check the back buffer just in case.
+
+        * Shared/RemoteLayerTree/RemoteLayerBackingStore.mm:
+        (WebKit::RemoteLayerBackingStore::drawInContext):
+        * WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
+        (WebKit::RemoteRenderingBackendProxy::prepareBuffersForDisplay):
+
 2022-05-04  Per Arne Vollan  <pvol...@apple.com>
 
         [iOS][GPUP] Grant read access to font directory

Modified: trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm (293814 => 293815)

--- trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm	2022-05-05 02:37:47 UTC (rev 293814)
+++ trunk/Source/WebKit/Shared/RemoteLayerTree/RemoteLayerBackingStore.mm	2022-05-05 02:47:29 UTC (rev 293815)
@@ -489,10 +489,8 @@
     }
 
     IntRect layerBounds(IntPoint(), expandedIntSize(m_size));
-    if (!m_dirtyRegion.contains(layerBounds)) {
-        ASSERT(m_backBuffer.imageBuffer);
+    if (!m_dirtyRegion.contains(layerBounds) && m_backBuffer.imageBuffer)
         context.drawImageBuffer(*m_backBuffer.imageBuffer, { 0, 0 }, { CompositeOperator::Copy });
-    }
 
     if (m_paintingRects.size() == 1)
         context.clip(m_paintingRects[0]);

Modified: trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp (293814 => 293815)

--- trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp	2022-05-05 02:37:47 UTC (rev 293814)
+++ trunk/Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp	2022-05-05 02:47:29 UTC (rev 293815)
@@ -313,7 +313,13 @@
 
     Vector<PrepareBackingStoreBuffersOutputData> outputData;
     auto sendResult = sendSyncToStream(Messages::RemoteRenderingBackend::PrepareBuffersForDisplay(inputData), Messages::RemoteRenderingBackend::PrepareBuffersForDisplay::Reply(outputData));
-    RELEASE_ASSERT_WITH_MESSAGE(sendResult, "PrepareBuffersForDisplay: IPC failed, probably because of a GPU Process crash");
+    if (!sendResult) {
+        // GPU Process crashed. Set the output data to all null buffers, requiring a full display.
+        outputData.resize(inputData.size());
+        for (auto& perLayerOutputData : outputData)
+            perLayerOutputData.displayRequirement = SwapBuffersDisplayRequirement::NeedsFullDisplay;
+    }
+
     RELEASE_ASSERT_WITH_MESSAGE(inputData.size() == outputData.size(), "PrepareBuffersForDisplay: mismatched buffer vector sizes");
 
     auto fetchBufferWithIdentifier = [&](std::optional<RenderingResourceIdentifier> identifier, std::optional<ImageBufferBackendHandle>&& handle = std::nullopt, bool isFrontBuffer = false) -> RefPtr<ImageBuffer> {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes