- Revision
- 270392
- Author
- [email protected]
- Date
- 2020-12-03 03:09:49 -0800 (Thu, 03 Dec 2020)
Log Message
GPU Process: Sandbox violations under IOSurface::maximumSize in the Web Content process
https://bugs.webkit.org/show_bug.cgi?id=219484
<rdar://problem/71603808>
Reviewed by Ryosuke Niwa.
Source/WebCore:
* platform/graphics/cocoa/IOSurface.h:
* platform/graphics/cocoa/IOSurface.mm:
(WebCore::computeMaximumSurfaceSize):
(WebCore::surfaceMaximumSize):
(WebCore::IOSurface::setMaximumSize):
(WebCore::IOSurface::maximumSize):
Make it possible to externally override IOSurface::maximumSize.
Source/WebKit:
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
Fetch the maximum allowed size of an IOSurface on the current hardware
in the UI process, and push it to the Web Content process on creation.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (270391 => 270392)
--- trunk/Source/WebCore/ChangeLog 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebCore/ChangeLog 2020-12-03 11:09:49 UTC (rev 270392)
@@ -1,3 +1,19 @@
+2020-12-03 Tim Horton <[email protected]>
+
+ GPU Process: Sandbox violations under IOSurface::maximumSize in the Web Content process
+ https://bugs.webkit.org/show_bug.cgi?id=219484
+ <rdar://problem/71603808>
+
+ Reviewed by Ryosuke Niwa.
+
+ * platform/graphics/cocoa/IOSurface.h:
+ * platform/graphics/cocoa/IOSurface.mm:
+ (WebCore::computeMaximumSurfaceSize):
+ (WebCore::surfaceMaximumSize):
+ (WebCore::IOSurface::setMaximumSize):
+ (WebCore::IOSurface::maximumSize):
+ Make it possible to externally override IOSurface::maximumSize.
+
2020-12-03 Lauro Moura <[email protected]>
[WTF] Avoid JSONValue::create with raw string falling to bool overload
Modified: trunk/Source/WebCore/platform/graphics/cocoa/IOSurface.h (270391 => 270392)
--- trunk/Source/WebCore/platform/graphics/cocoa/IOSurface.h 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebCore/platform/graphics/cocoa/IOSurface.h 2020-12-03 11:09:49 UTC (rev 270392)
@@ -113,7 +113,8 @@
WEBCORE_EXPORT static void moveToPool(std::unique_ptr<IOSurface>&&);
- static IntSize maximumSize();
+ WEBCORE_EXPORT static IntSize maximumSize();
+ WEBCORE_EXPORT static void setMaximumSize(IntSize);
WEBCORE_EXPORT WTF::MachSendRight createSendRight() const;
@@ -175,6 +176,8 @@
RetainPtr<CGContextRef> m_cgContext;
RetainPtr<IOSurfaceRef> m_surface;
+
+ static WTF::Optional<IntSize> s_maximumSize;
};
WEBCORE_EXPORT WTF::TextStream& operator<<(WTF::TextStream&, const WebCore::IOSurface&);
Modified: trunk/Source/WebCore/platform/graphics/cocoa/IOSurface.mm (270391 => 270392)
--- trunk/Source/WebCore/platform/graphics/cocoa/IOSurface.mm 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebCore/platform/graphics/cocoa/IOSurface.mm 2020-12-03 11:09:49 UTC (rev 270392)
@@ -224,24 +224,44 @@
IOSurface::~IOSurface() = default;
-IntSize IOSurface::maximumSize()
+static IntSize computeMaximumSurfaceSize()
{
IntSize maxSize(clampToInteger(IOSurfaceGetPropertyMaximum(kIOSurfaceWidth)), clampToInteger(IOSurfaceGetPropertyMaximum(kIOSurfaceHeight)));
// Protect against maxSize being { 0, 0 }.
- const int iOSMaxSurfaceDimensionLowerBound = 1024;
+ const int maxSurfaceDimensionLowerBound = 1024;
#if PLATFORM(IOS_FAMILY)
// Match limits imposed by Core Animation. FIXME: should have API for this <rdar://problem/25454148>
- const int iOSMaxSurfaceDimension = 8 * 1024;
+ const int maxSurfaceDimension = 8 * 1024;
#else
// IOSurface::maximumSize() can return { INT_MAX, INT_MAX } when hardware acceleration is unavailable.
- const int iOSMaxSurfaceDimension = 32 * 1024;
+ const int maxSurfaceDimension = 32 * 1024;
#endif
- return maxSize.constrainedBetween({ iOSMaxSurfaceDimensionLowerBound, iOSMaxSurfaceDimensionLowerBound }, { iOSMaxSurfaceDimension, iOSMaxSurfaceDimension });
+ return maxSize.constrainedBetween({ maxSurfaceDimensionLowerBound, maxSurfaceDimensionLowerBound }, { maxSurfaceDimension, maxSurfaceDimension });
}
+static WTF::Optional<IntSize>& surfaceMaximumSize()
+{
+ ASSERT(isMainThread());
+ static WTF::Optional<IntSize> maximumSize;
+ return maximumSize;
+}
+
+void IOSurface::setMaximumSize(IntSize size)
+{
+ surfaceMaximumSize() = size;
+}
+
+IntSize IOSurface::maximumSize()
+{
+ auto& size = surfaceMaximumSize();
+ if (!size)
+ size = computeMaximumSurfaceSize();
+ return *size;
+}
+
MachSendRight IOSurface::createSendRight() const
{
return MachSendRight::adopt(IOSurfaceCreateMachPort(m_surface.get()));
Modified: trunk/Source/WebKit/ChangeLog (270391 => 270392)
--- trunk/Source/WebKit/ChangeLog 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebKit/ChangeLog 2020-12-03 11:09:49 UTC (rev 270392)
@@ -1,3 +1,22 @@
+2020-12-03 Tim Horton <[email protected]>
+
+ GPU Process: Sandbox violations under IOSurface::maximumSize in the Web Content process
+ https://bugs.webkit.org/show_bug.cgi?id=219484
+ <rdar://problem/71603808>
+
+ Reviewed by Ryosuke Niwa.
+
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode const):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+ Fetch the maximum allowed size of an IOSurface on the current hardware
+ in the UI process, and push it to the Web Content process on creation.
+
2020-12-03 Martin Robinson <[email protected]>
Move code from AxisScrollSnapOffsets to ScrollSnapOffsetsInfo
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (270391 => 270392)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2020-12-03 11:09:49 UTC (rev 270392)
@@ -190,6 +190,10 @@
#if HAVE(CATALYST_USER_INTERFACE_IDIOM_AND_SCALE_FACTOR)
encoder << overrideUserInterfaceIdiomAndScale;
#endif
+
+#if HAVE(IOSURFACE)
+ encoder << maximumIOSurfaceSize;
+#endif
}
bool WebProcessCreationParameters::decode(IPC::Decoder& decoder, WebProcessCreationParameters& parameters)
@@ -515,6 +519,11 @@
parameters.overrideUserInterfaceIdiomAndScale = WTFMove(*overrideUserInterfaceIdiomAndScale);
#endif
+#if HAVE(IOSURFACE)
+ if (!decoder.decode(parameters.maximumIOSurfaceSize))
+ return false;
+#endif
+
return true;
}
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (270391 => 270392)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2020-12-03 11:09:49 UTC (rev 270392)
@@ -232,6 +232,10 @@
#if HAVE(CATALYST_USER_INTERFACE_IDIOM_AND_SCALE_FACTOR)
std::pair<int64_t, double> overrideUserInterfaceIdiomAndScale;
#endif
+
+#if HAVE(IOSURFACE)
+ WebCore::IntSize maximumIOSurfaceSize;
+#endif
};
} // namespace WebKit
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (270391 => 270392)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-12-03 11:09:49 UTC (rev 270392)
@@ -462,6 +462,8 @@
#if HAVE(PENCILKIT_TEXT_INPUT)
parameters.hasStylusDevice = [[WKStylusDeviceObserver sharedInstance] hasStylusDevice];
#endif
+
+ parameters.maximumIOSurfaceSize = WebCore::IOSurface::maximumSize();
}
void WebProcessPool::platformInitializeNetworkProcess(NetworkProcessCreationParameters& parameters)
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (270391 => 270392)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-12-03 10:30:16 UTC (rev 270391)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-12-03 11:09:49 UTC (rev 270392)
@@ -60,6 +60,7 @@
#import <WebCore/FontCascade.h>
#import <WebCore/HistoryController.h>
#import <WebCore/HistoryItem.h>
+#import <WebCore/IOSurface.h>
#import <WebCore/LocalizedDeviceModel.h>
#import <WebCore/LocalizedStrings.h>
#import <WebCore/LogInitialization.h>
@@ -388,6 +389,8 @@
#if ENABLE(SET_WEBCONTENT_PROCESS_INFORMATION_IN_NETWORK_PROCESS)
_LSSetApplicationLaunchServicesServerConnectionStatus(kLSServerConnectionStatusDoNotConnectToServerMask, nullptr);
#endif
+
+ WebCore::IOSurface::setMaximumSize(parameters.maximumIOSurfaceSize);
}
void WebProcess::platformSetWebsiteDataStoreParameters(WebProcessDataStoreParameters&& parameters)
