[webkit-changes] [WebKit/WebKit] 99dc8d: WebGL extensions access the context root in racy w...

Kimmo Kinnunen noreply at github.com
Wed Aug 16 23:38:58 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 99dc8dc84d403a8322e9d6ec448667877427d2ee
      https://github.com/WebKit/WebKit/commit/99dc8dc84d403a8322e9d6ec448667877427d2ee
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2023-08-16 (Wed, 16 Aug 2023)

  Changed paths:
    M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
    M Source/WebCore/html/canvas/ANGLEInstancedArrays.idl
    M Source/WebCore/html/canvas/EXTBlendMinMax.idl
    M Source/WebCore/html/canvas/EXTClipControl.idl
    M Source/WebCore/html/canvas/EXTColorBufferFloat.idl
    M Source/WebCore/html/canvas/EXTColorBufferHalfFloat.idl
    M Source/WebCore/html/canvas/EXTConservativeDepth.idl
    M Source/WebCore/html/canvas/EXTDepthClamp.idl
    M Source/WebCore/html/canvas/EXTDisjointTimerQuery.idl
    M Source/WebCore/html/canvas/EXTDisjointTimerQueryWebGL2.idl
    M Source/WebCore/html/canvas/EXTFloatBlend.idl
    M Source/WebCore/html/canvas/EXTFragDepth.idl
    M Source/WebCore/html/canvas/EXTPolygonOffsetClamp.idl
    M Source/WebCore/html/canvas/EXTRenderSnorm.idl
    M Source/WebCore/html/canvas/EXTShaderTextureLOD.idl
    M Source/WebCore/html/canvas/EXTTextureCompressionBPTC.idl
    M Source/WebCore/html/canvas/EXTTextureCompressionRGTC.idl
    M Source/WebCore/html/canvas/EXTTextureFilterAnisotropic.idl
    M Source/WebCore/html/canvas/EXTTextureMirrorClampToEdge.idl
    M Source/WebCore/html/canvas/EXTTextureNorm16.idl
    M Source/WebCore/html/canvas/EXTsRGB.idl
    M Source/WebCore/html/canvas/KHRParallelShaderCompile.idl
    M Source/WebCore/html/canvas/NVShaderNoperspectiveInterpolation.idl
    M Source/WebCore/html/canvas/OESDrawBuffersIndexed.idl
    M Source/WebCore/html/canvas/OESElementIndexUint.idl
    M Source/WebCore/html/canvas/OESFBORenderMipmap.idl
    M Source/WebCore/html/canvas/OESSampleVariables.idl
    M Source/WebCore/html/canvas/OESShaderMultisampleInterpolation.idl
    M Source/WebCore/html/canvas/OESStandardDerivatives.idl
    M Source/WebCore/html/canvas/OESTextureFloat.idl
    M Source/WebCore/html/canvas/OESTextureFloatLinear.idl
    M Source/WebCore/html/canvas/OESTextureHalfFloat.idl
    M Source/WebCore/html/canvas/OESTextureHalfFloatLinear.idl
    M Source/WebCore/html/canvas/OESVertexArrayObject.idl
    M Source/WebCore/html/canvas/WebGLClipCullDistance.idl
    M Source/WebCore/html/canvas/WebGLColorBufferFloat.idl
    M Source/WebCore/html/canvas/WebGLCompressedTextureASTC.idl
    M Source/WebCore/html/canvas/WebGLCompressedTextureETC.idl
    M Source/WebCore/html/canvas/WebGLCompressedTextureETC1.idl
    M Source/WebCore/html/canvas/WebGLCompressedTexturePVRTC.idl
    M Source/WebCore/html/canvas/WebGLCompressedTextureS3TC.idl
    M Source/WebCore/html/canvas/WebGLCompressedTextureS3TCsRGB.idl
    M Source/WebCore/html/canvas/WebGLDebugRendererInfo.idl
    M Source/WebCore/html/canvas/WebGLDebugShaders.idl
    M Source/WebCore/html/canvas/WebGLDepthTexture.idl
    M Source/WebCore/html/canvas/WebGLDrawBuffers.idl
    M Source/WebCore/html/canvas/WebGLDrawInstancedBaseVertexBaseInstance.idl
    M Source/WebCore/html/canvas/WebGLExtension.h
    M Source/WebCore/html/canvas/WebGLLoseContext.idl
    M Source/WebCore/html/canvas/WebGLMultiDraw.idl
    M Source/WebCore/html/canvas/WebGLMultiDrawInstancedBaseVertexBaseInstance.idl
    M Source/WebCore/html/canvas/WebGLPolygonMode.idl
    M Source/WebCore/html/canvas/WebGLProvokingVertex.idl
    M Source/WebCore/html/canvas/WebGLRenderSharedExponent.idl
    M Source/WebCore/html/canvas/WebGLStencilTexturing.idl

  Log Message:
  -----------
  WebGL extensions access the context root in racy way during GC
https://bugs.webkit.org/show_bug.cgi?id=260137
rdar://113846683

Reviewed by Dan Glastonbury.

The bindings would load WebGLExtension::m_context in GC thread
to navigate to the rendering context that is the opaque root
of the extension.

The WebGL would store WebGLExtension::m_context = nullptr during
context lost in JS thread.

These loads and stores are theoretically racy.
Instead, use std::atomic for m_context, and load in relaxed way
in the store thread, i.e. the JS thread.

Instead of using GenerateIsReachable=ImplWebGLRenderingContext that
hides the issue, use just normal GenerateIsReachable and implement
`WebCoreOpaqueRoot root(const WebGLExtension*)` for obtaining the root.

* Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* Source/WebCore/html/canvas/ANGLEInstancedArrays.idl:
* Source/WebCore/html/canvas/EXTBlendMinMax.idl:
* Source/WebCore/html/canvas/EXTClipControl.idl:
* Source/WebCore/html/canvas/EXTColorBufferFloat.idl:
* Source/WebCore/html/canvas/EXTColorBufferHalfFloat.idl:
* Source/WebCore/html/canvas/EXTConservativeDepth.idl:
* Source/WebCore/html/canvas/EXTDepthClamp.idl:
* Source/WebCore/html/canvas/EXTDisjointTimerQuery.idl:
* Source/WebCore/html/canvas/EXTDisjointTimerQueryWebGL2.idl:
* Source/WebCore/html/canvas/EXTFloatBlend.idl:
* Source/WebCore/html/canvas/EXTFragDepth.idl:
* Source/WebCore/html/canvas/EXTPolygonOffsetClamp.idl:
* Source/WebCore/html/canvas/EXTRenderSnorm.idl:
* Source/WebCore/html/canvas/EXTShaderTextureLOD.idl:
* Source/WebCore/html/canvas/EXTTextureCompressionBPTC.idl:
* Source/WebCore/html/canvas/EXTTextureCompressionRGTC.idl:
* Source/WebCore/html/canvas/EXTTextureFilterAnisotropic.idl:
* Source/WebCore/html/canvas/EXTTextureMirrorClampToEdge.idl:
* Source/WebCore/html/canvas/EXTTextureNorm16.idl:
* Source/WebCore/html/canvas/EXTsRGB.idl:
* Source/WebCore/html/canvas/KHRParallelShaderCompile.idl:
* Source/WebCore/html/canvas/NVShaderNoperspectiveInterpolation.idl:
* Source/WebCore/html/canvas/OESDrawBuffersIndexed.idl:
* Source/WebCore/html/canvas/OESElementIndexUint.idl:
* Source/WebCore/html/canvas/OESFBORenderMipmap.idl:
* Source/WebCore/html/canvas/OESSampleVariables.idl:
* Source/WebCore/html/canvas/OESShaderMultisampleInterpolation.idl:
* Source/WebCore/html/canvas/OESStandardDerivatives.idl:
* Source/WebCore/html/canvas/OESTextureFloat.idl:
* Source/WebCore/html/canvas/OESTextureFloatLinear.idl:
* Source/WebCore/html/canvas/OESTextureHalfFloat.idl:
* Source/WebCore/html/canvas/OESTextureHalfFloatLinear.idl:
* Source/WebCore/html/canvas/OESVertexArrayObject.idl:
* Source/WebCore/html/canvas/WebGLClipCullDistance.idl:
* Source/WebCore/html/canvas/WebGLColorBufferFloat.idl:
* Source/WebCore/html/canvas/WebGLCompressedTextureASTC.idl:
* Source/WebCore/html/canvas/WebGLCompressedTextureETC.idl:
* Source/WebCore/html/canvas/WebGLCompressedTextureETC1.idl:
* Source/WebCore/html/canvas/WebGLCompressedTexturePVRTC.idl:
* Source/WebCore/html/canvas/WebGLCompressedTextureS3TC.idl:
* Source/WebCore/html/canvas/WebGLCompressedTextureS3TCsRGB.idl:
* Source/WebCore/html/canvas/WebGLDebugRendererInfo.idl:
* Source/WebCore/html/canvas/WebGLDebugShaders.idl:
* Source/WebCore/html/canvas/WebGLDepthTexture.idl:
* Source/WebCore/html/canvas/WebGLDrawBuffers.idl:
* Source/WebCore/html/canvas/WebGLDrawInstancedBaseVertexBaseInstance.idl:
* Source/WebCore/html/canvas/WebGLExtension.h:
(WebCore::WebGLExtension::context):
(WebCore::WebGLExtension::isLostContext):
(WebCore::root):
* Source/WebCore/html/canvas/WebGLLoseContext.idl:
* Source/WebCore/html/canvas/WebGLMultiDraw.idl:
* Source/WebCore/html/canvas/WebGLMultiDrawInstancedBaseVertexBaseInstance.idl:
* Source/WebCore/html/canvas/WebGLPolygonMode.idl:
* Source/WebCore/html/canvas/WebGLProvokingVertex.idl:
* Source/WebCore/html/canvas/WebGLRenderSharedExponent.idl:
* Source/WebCore/html/canvas/WebGLStencilTexturing.idl:

Canonical link: https://commits.webkit.org/266991@main

More information about the webkit-changes mailing list