Bug 257519

Summary:	RemoteGraphicsContextGLProxy::initializeIPC makes a copy of the StreamServerConnection::Handle
Product:	WebKit	Reporter:	Matt Woodrow <mattwoodrow>
Component:	WebGL	Assignee:	Matt Woodrow <mattwoodrow>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	dino, kbr, kevin.chetty, kkinnunen, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=257528

Matt Woodrow

Reported 2023-05-30 19:07:01 PDT

The GPUConnectionToWebProcess::CreateGraphicsContextGL object's constructor doesn't actually move, so we end up making a copy for the IPC message. The 'serverConnectionHandle' instance is then still alive, and holding on to a MachSendRight. waitUntilInitialized can then block (for the 30 second timeout) if the GPUP crashes, since notification of the crash doesn't happen until all send rights are destroyed (including the one on the stack).

Attachments
Add attachment proposed patch, testcase, etc.

Matt Woodrow

Comment 1 2023-05-30 19:07:18 PDT

<rdar://109720377>

Matt Woodrow

Comment 2 2023-05-30 19:16:36 PDT

Pull request: https://github.com/WebKit/WebKit/pull/14519

EWS

Comment 3 2023-05-31 16:44:13 PDT

Committed 264766@main (50f865ffbe32): <https://commits.webkit.org/264766@main> Reviewed commits have been landed. Closing PR #14519 and removing active labels.

Simon Fraser (smfr)

Comment 4 2023-06-20 10:24:17 PDT

*** Bug 257890 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.