[webkit-changes] [WebKit/WebKit] 519219: REGRESSION (iOS 16): WebGL 2 crashing on glReadPixels

[Kimmo Kinnunen]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5192197861cfe329db2f05ec91f887d11f7b3da3
      https://github.com/WebKit/WebKit/commit/5192197861cfe329db2f05ec91f887d11f7b3da3
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2022-12-19 (Mon, 19 Dec 2022)

  Changed paths:
    M Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
    M Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.h
    M Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp
    M Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.h
    M Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.messages.in
    M Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGLCocoa.cpp
    M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.cpp
    M Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.h
    M Tools/Scripts/generate-gpup-webgl

  Log Message:
  -----------
  REGRESSION (iOS 16): WebGL 2 crashing on glReadPixels
https://bugs.webkit.org/show_bug.cgi?id=245476
rdar://problem/100252324

Reviewed by Alex Christensen.

ReadPixels is currently a method that sends the client
passed data buffer to GPUP, reads the pixels into that
and passes the data back to WP.
Conceptually message of form ReadPixels(uint8_t* data) -> (uint8_t* data)

Before:
IPC encoding of memory arrays for calls like ReadPixels
would work as follows:
 - If the array fits to the stream connection command buffer,
   copy the array there
 - Alternatively downgrade the message to out-of-stream message.
   - Copy the array to the IPC::Encoder message body buffer.
   - Pass the message body as Mach message memory mapping.

IPC decoding of memory arrays for calls like ReadPixels
would work as follows:
 - Allocate temp Vector for the data
 - Copy the data from stream command buffer / Mach message memory
   mapping into the temp buffer
 - Call ReadPixels
 - Copy the temp Vector to IPC::Encoder message body buffer
   similar to the encoding phase, and send it back to WP.

This would have two problems:
 - Extensive copying is slow for very big buffers
 - The temp Vector and Mach message buffers via IPC encoding
   contribute to GPUP footprint.
   - The call IPC encoding buffer is not explicitly attributed to
     the caller. It's unclear to which process this belongs, likely
     this contributes to GPUP footprint.
   - The temp Vector is not attributed to the caller, contributing
     to GPUP footprint.
   - The reply IPC encoding buffer is not attributed to the caller,
     contributing to the GPUP footprint.
   - The ownership of the reply IPC encoding buffer, when passed as
     Mach message memory, is unclear. Likly this contributes to
     GPUP footprint. (Same as the encoding part).

After:
If the read pixels buffer is large, copy it to a newly allocated
shared memory buffer and use that to read the pixels.
Add a new IPC message variant for passing the shared memory area.

* Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.cpp:
(WebKit::RemoteGraphicsContextGL::readnPixels2):
* Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.h:
* Source/WebKit/GPUProcess/graphics/RemoteGraphicsContextGL.messages.in:
* Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.cpp:
(WebKit::RemoteGraphicsContextGLProxy::readnPixels):
(WebKit::RemoteGraphicsContextGLProxy::readnPixelsSharedMemory):
* Source/WebKit/WebProcess/GPU/graphics/RemoteGraphicsContextGLProxy.h:
* Tools/Scripts/generate-gpup-webgl:

Canonical link: https://commits.webkit.org/258127@main