[Webkit-unassigned] [Bug 242142] New: [GPU Process] RemoteRenderingBackend needs to stop receiving messages before clearing the resource cache

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 29 15:24:29 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=242142

            Bug ID: 242142
           Summary: [GPU Process] RemoteRenderingBackend needs to stop
                    receiving messages before clearing the resource cache
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

RemoteRenderingBackend::stopListeningForIPC() is calling StreamServerConnection::stopReceivingMessages() after it dispatch a code block code which clear its m_remoteResourceCache. But this can allow incoming messages to be dispatched to RemoteRenderingBackend including the message RemoteRenderingBackend::ReleaseRemoteResource. If this message is received after clearing m_remoteResourceCache, GPUProcess will simulate-crash with the message "Resource is being released before being cached."

To fix this, we need to call StreamServerConnection::stopReceivingMessages() before clearing the resource cache. Once this call is returned, no incoming stream connection messages can be dispatched to RemoteRenderingBackend. RemoteRenderingBackend::m_workQueue will remove RemoteRenderingBackend::m_streamConnection as its connection. And RemoteRenderingBackend::m_streamConnection will remove the RemoteRenderingBackend as its message receiver. So StreamConnectionWorkQueue::processStreams() won't process the messages of RemoteRenderingBackend::m_streamConnection.

After we call StreamServerConnection::stopReceivingMessages(), we can dispatch the code block which clears m_remoteResourceCache. This code has be executed on the stream connection WorkQueue. The WorkQueue should be still running after calling StreamServerConnection::stopReceivingMessages(). It will be executed by StreamConnectionWorkQueue::processStreams() when processing m_functions.

After dispatching the code block which clears m_remoteResourceCache, we need to call StreamConnectionWorkQueue::stopAndWaitForCompletion() to ensure the code block is executed and the WorkQueue has been stopped.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220629/2cc3dda4/attachment.htm>

More information about the webkit-unassigned mailing list