Closed
Bug 1020726
Opened 10 years ago
Closed 10 years ago
BEP can leak an iframe via the global 'activeInputFrame'
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
People
(Reporter: khuey, Assigned: xyuan)
References
Details
(Whiteboard: [MemShrink:P2])
Attachments
(3 files, 2 obsolete files)
9.21 KB,
patch
|
fabrice
:
review+
|
Details | Diff | Splinter Review |
14.29 KB,
patch
|
bajaj
:
approval-mozilla-b2g30+
|
Details | Diff | Splinter Review |
16.71 KB,
patch
|
xyuan
:
review+
bajaj
:
approval-mozilla-b2g28+
|
Details | Diff | Splinter Review |
All of the logs from bug 1007520 show an <iframe> being held through this global that is otherwise unreachable (and is not in the DOM).
Updated•10 years ago
|
Whiteboard: [MemShrink]
Reporter | ||
Comment 1•10 years ago
|
||
Yuan, is this something you can take?
Updated•10 years ago
|
Flags: needinfo?(xyuan)
Whiteboard: [MemShrink] → [MemShrink:P2]
Assignee | ||
Comment 2•10 years ago
|
||
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #1) > Yuan, is this something you can take? Yes, I'll take it.
Assignee: nobody → xyuan
Status: NEW → ASSIGNED
Flags: needinfo?(xyuan)
Assignee | ||
Comment 3•10 years ago
|
||
We use |activeInputFrame| to hold the active IME iframe, so that calling |setInputMethodActive| on a new iframe can deactivate the old one automatically. This feature increases the code complexity and caused Bug 981997. As we will deactivate the old IME iframe manually in gaia and don't use this feature, so I tend to remove this and make the code simple and robust.
Assignee | ||
Comment 4•10 years ago
|
||
Remove the global 'activeInputFrame'. It may affact bug 993394. I'll test it tomorrow. And wait for the try result: https://tbpl.mozilla.org/?tree=Try&rev=ad89bf17faff
Assignee | ||
Comment 5•10 years ago
|
||
Comment on attachment 8440629 [details] [diff] [review] WIP (v1).patch Review of attachment 8440629 [details] [diff] [review]: ----------------------------------------------------------------- See comment 4 about the changes. The try is green. I tested on flame with current master build (20140617), and bug 993394 was not reproduced.
Attachment #8440629 -
Flags: review?(fabrice)
Updated•10 years ago
|
Attachment #8440629 -
Flags: review?(fabrice) → review+
Assignee | ||
Updated•10 years ago
|
Keywords: checkin-needed
Reporter | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/e5531b0f73d0 Next time please update the commit message with the reviewer information before requesting checkin-needed.
Keywords: checkin-needed
Assignee | ||
Comment 7•10 years ago
|
||
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #6) > https://hg.mozilla.org/integration/mozilla-inbound/rev/e5531b0f73d0 > > Next time please update the commit message with the reviewer information > before requesting checkin-needed. Sorry, I forgot updating the commit message with reviewer information.
Comment 8•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/e5531b0f73d0
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
Reporter | ||
Comment 9•10 years ago
|
||
Can you think of any reason not to take this for 2.0?
blocking-b2g: --- → 2.0?
Flags: needinfo?(xyuan)
Assignee | ||
Comment 10•10 years ago
|
||
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #9) > Can you think of any reason not to take this for 2.0? No, the only risk I can think of is bug 993394, but we haven't got any report about the regression of bug 993394 since we landed the patch two weeks agao on the master. So it's good to take for 2.0 now.
Flags: needinfo?(xyuan)
Reporter | ||
Updated•10 years ago
|
blocking-b2g: 2.0? → 2.0+
Comment 11•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/00c4fd216e93
status-b2g-v2.0:
--- → fixed
status-b2g-v2.1:
--- → fixed
status-firefox31:
--- → wontfix
status-firefox32:
--- → fixed
status-firefox33:
--- → fixed
Comment 12•10 years ago
|
||
There's a duplicate bug 1031977 on Tarako, may I understand the reason why this is not applied to v1.3t?
Flags: needinfo?(xyuan)
Assignee | ||
Comment 13•10 years ago
|
||
It could be applied to v1.3t/v1.3 if needed.
Flags: needinfo?(xyuan)
Comment 14•10 years ago
|
||
Great, should I write an approval request here or do something else to make it happen?
Updated•10 years ago
|
status-b2g-v1.3T:
--- → ?
status-b2g-v1.4:
--- → ?
Comment 15•10 years ago
|
||
We need memory leak patch landing to 1.3t branch.
Flags: needinfo?(ying.xu)
Assignee | ||
Comment 16•10 years ago
|
||
(In reply to Ting-Yu Chou [:ting] from comment #14) > Great, should I write an approval request here or do something else to make > it happen? Please run a full test with the patch on 1.3t and then write an approval request. If you need a branch specific patch, please let me know.
Comment 17•10 years ago
|
||
(In reply to Yuan Xulei [:yxl] from comment #16) > Please run a full test with the patch on 1.3t and then write an approval > request. > If you need a branch specific patch, please let me know. can you tell us what tests need to be done?
Flags: needinfo?(ying.xu)
Comment 18•10 years ago
|
||
(In reply to Yuan Xulei [:yxl] from comment #16) > (In reply to Ting-Yu Chou [:ting] from comment #14) > > Great, should I write an approval request here or do something else to make > > it happen? > Please run a full test with the patch on 1.3t and then write an approval > request. > If you need a branch specific patch, please let me know. Hi Yuan Xulei, can you create 1.3t first and then v1.4 patch? Thanks! Tarako is urgent to have a release for an event. Thanks!
Flags: needinfo?(xyuan)
Assignee | ||
Comment 19•10 years ago
|
||
(In reply to ying.xu from comment #17) > (In reply to Yuan Xulei [:yxl] from comment #16) > > > Please run a full test with the patch on 1.3t and then write an approval > > request. > > If you need a branch specific patch, please let me know. > > can you tell us what tests need to be done? If possible, mochitest and gaia ui test.(In reply to thomas tsai from comment #18 (In reply to thomas tsai from comment #18) > Hi Yuan Xulei, can you create 1.3t first and then v1.4 patch? Thanks! Tarako > is urgent to have a release for an event. Thanks! Yes, I'll.
Flags: needinfo?(xyuan)
Assignee | ||
Comment 20•10 years ago
|
||
Branch specific patch for v1.3. I haven't run mochitest for this patch yet, as my gecko for v1.3 is still under building.
Assignee | ||
Comment 21•10 years ago
|
||
Branch specific patch for v1.4. I haven't run mochitest for this patch yet.
Updated•10 years ago
|
Assignee | ||
Comment 22•10 years ago
|
||
[Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 1020726 User impact if declined: memory leaks when toggling software keyboard. Testing completed: yes Risk to taking this patch (and alternatives if risky): Low. Might cause Bug 993394, but we haven't got any regression report about this patch on 2.0 and 2.1 branch. String or UUID changes made by this patch: None.
Attachment #8465175 -
Attachment is obsolete: true
Attachment #8465269 -
Flags: review+
Attachment #8465269 -
Flags: approval-mozilla-b2g28?
Assignee | ||
Updated•10 years ago
|
status-b2g-v1.3:
--- → affected
Assignee | ||
Comment 23•10 years ago
|
||
Please see Comment 22. Rebase and disable tests.
Attachment #8465269 -
Attachment is obsolete: true
Attachment #8465269 -
Flags: approval-mozilla-b2g28?
Attachment #8465271 -
Flags: review+
Attachment #8465271 -
Flags: approval-mozilla-b2g28?
Assignee | ||
Comment 24•10 years ago
|
||
Comment on attachment 8465177 [details] [diff] [review] v1.4.patch [Approval Request Comment] Bug caused by (feature/regressing bug #): Bug 1020726 User impact if declined: memory leaks when toggling software keyboard. Testing completed: yes Risk to taking this patch (and alternatives if risky): Low. Might cause Bug 993394, but we haven't got any regression report about this patch on 2.0 and 2.1 branch. String or UUID changes made by this patch: None.
Attachment #8465177 -
Flags: approval-mozilla-b2g30?
Comment 25•10 years ago
|
||
dolphin v1.4 also meet this issue. b2g before monkey test 07-31 15:04:04.287 <6>[ 1090.007247] c0 [ 848] 0 848 53133 13956 110 3002 0 b2g b2g killed by LMK, b2g RSS and SWAP is very big 08-01 06:49:33.654 <6>[57819.314246] c0 [ 848] 0 848 104637 27727 214 41913 0 b2g 08-01 06:49:33.577 <6>[57819.299980] c0 lowmemorykiller: send sigkill to selected process: 08-01 06:49:33.577 <6>[57819.300027] c0 lowmemorykiller: Killing 'b2g' (848), adj 0, 08-01 06:49:33.577 <6>[57819.300027] c0 to free 278348kB on behalf of 'kswapd0' (21) because 08-01 06:49:33.577 <6>[57819.300027] c0 cache 2084kB is below limit 4096kB for oom_score_adj 0 08-01 06:49:33.577 <6>[57819.300027] c0 Free memory is -1624kB above reserved 08-01 06:49:33.577 <6>[57819.300027] c0 min adj 0 zram: adj 0 free 10% usage 59436kB 08-01 06:49:33.577 <4>[57819.300052] c0 lowmemorykiller: kswapd0 invoked lmk: gfp_mask=0xd0, order=-1, oom_score_adj=0 08-01 06:49:33.577 <4>[57819.300067] c0 CPU: 0 PID: 21 Comm: kswapd0 Tainted: G W O 3.10.17 #1 08-01 06:49:33.577 <4>[57819.300113] c0 [<c0013a1c>] (unwind_backtrace+0x0/0x11c) from [<c0012174>] (show_stack+0x10/0x14) 08-01 06:49:33.577 <4>[57819.300136] c0 [<c0012174>] (show_stack+0x10/0x14) from [<c03cb134>] (lowmem_shrink+0x634/0x74c) 08-01 06:49:33.577 <4>[57819.300160] c0 [<c03cb134>] (lowmem_shrink+0x634/0x74c) from [<c00a6e5c>] (shrink_slab+0x160/0x214) 08-01 06:49:33.577 <4>[57819.300177] c0 [<c00a6e5c>] (shrink_slab+0x160/0x214) from [<c00a98b0>] (kswapd+0x4e0/0x704) 08-01 06:49:33.577 <4>[57819.300197] c0 [<c00a98b0>] (kswapd+0x4e0/0x704) from [<c00559d0>] (kthread+0xa0/0xb0) 08-01 06:49:33.577 <4>[57819.300218] c0 [<c00559d0>] (kthread+0xa0/0xb0) from [<c000f4d8>] (ret_from_fork+0x14/0x3c) 08-01 06:49:33.577 <4>[57819.300226] c0 Mem-info: 08-01 06:49:33.577 <4>[57819.300234] c0 Normal per-cpu: 08-01 06:49:33.577 <4>[57819.300242] c0 CPU 0: hi: 90, btch: 15 usd: 89 08-01 06:49:33.577 <4>[57819.300263] c0 active_anon:13734 inactive_anon:13769 isolated_anon:0 08-01 06:49:33.577 <4>[57819.300263] c0 active_file:172 inactive_file:157 isolated_file:0 08-01 06:49:33.577 <4>[57819.300263] c0 unevictable:192 dirty:0 writeback:0 unstable:0 08-01 06:49:33.577 <4>[57819.300263] c0 free:502 slab_reclaimable:1145 slab_unreclaimable:5149 08-01 06:49:33.577 <4>[57819.300263] c0 mapped:430 shmem:5 pagetables:441 bounce:0 08-01 06:49:33.577 <4>[57819.300263] c0 free_cma:0 08-01 06:49:33.577 <4>[57819.300313] c0 Normal free:2008kB min:1856kB low:3168kB high:3632kB active_anon:54936kB inactive_anon:55076kB active_file:688kB inactive_file:628kB unevictable:768kB isolated(anon):0kB isolated(file):0kB present:262144kB managed:215400kB mlocked:0kB dirty:0kB writeback:0kB mapped:1720kB shmem:20kB slab_reclaimable:4580kB slab_unreclaimable:20596kB kernel_stack:2192kB pagetables:1764kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:74 all_unreclaimable? no 08-01 06:49:33.577 <4>[57819.300322] c0 lowmem_reserve[]: 0 0 0 08-01 06:49:33.577 <4>[57819.300333] c0 Normal: 250*4kB (UM) 0*8kB 63*16kB (UEM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2008kB 08-01 06:49:33.577 <4>[57819.300365] c0 548 total pagecache pages 08-01 06:49:33.577 <4>[57819.300375] c0 22 pages in swap cache 08-01 06:49:33.577 <4>[57819.300383] c0 Swap cache stats: add 24814903, delete 24814881, find 556015/12486906 08-01 06:49:33.577 <4>[57819.300390] c0 Free swap = 13688kB 08-01 06:49:33.577 <4>[57819.300397] c0 Total swap = 204796kB 08-01 06:49:33.654 <4>[57819.313705] c0 65536 pages of RAM 08-01 06:49:33.654 <4>[57819.313729] c0 3160 free pages 08-01 06:49:33.654 <4>[57819.313736] c0 10502 reserved pages 08-01 06:49:33.654 <4>[57819.313743] c0 5448 slab pages 08-01 06:49:33.654 <4>[57819.313749] c0 705 pages shared 08-01 06:49:33.654 <4>[57819.313755] c0 22 pages swap cached 08-01 06:49:33.654 <6>[57819.313765] c0 [ pid ] uid tgid total_vm rss nr_ptes swapents oom_score_adj name 08-01 06:49:33.654 <6>[57819.313816] c0 [ 83] 0 83 132 32 3 24 -941 ueventd 08-01 06:49:33.654 <6>[57819.313833] c0 [ 90] 0 90 358 27 4 8 -941 healthd 08-01 06:49:33.654 <6>[57819.313846] c0 [ 91] 1000 91 252 1 3 24 -941 servicemanager 08-01 06:49:33.654 <6>[57819.313859] c0 [ 92] 0 92 1149 0 4 86 -941 vold 08-01 06:49:33.654 <6>[57819.313872] c0 [ 93] 1000 93 1521 0 5 34 -941 modemd 08-01 06:49:33.654 <6>[57819.313885] c0 [ 94] 1000 94 1071 21 4 52 -941 wcnd 08-01 06:49:33.654 <6>[57819.313898] c0 [ 95] 0 95 90 0 3 6 -941 batterysrv 08-01 06:49:33.654 <6>[57819.313911] c0 [ 96] 1001 96 230 0 3 26 -941 rilproxy 08-01 06:49:33.654 <6>[57819.313924] c0 [ 97] 1001 97 230 0 3 26 -941 rilproxy 08-01 06:49:33.654 <6>[57819.313937] c0 [ 98] 0 98 2411 0 7 87 -941 netd 08-01 06:49:33.654 <6>[57819.313951] c0 [ 99] 0 99 259 0 3 31 -941 debuggerd 08-01 06:49:33.654 <6>[57819.313964] c0 [ 100] 0 100 346 0 3 50 -941 rild 08-01 06:49:33.654 <6>[57819.313978] c0 [ 101] 1013 101 8231 1 19 474 -941 mediaserver 08-01 06:49:33.654 <6>[57819.313991] c0 [ 102] 1012 102 250 0 3 35 -941 installd 08-01 06:49:33.654 <6>[57819.314004] c0 [ 103] 1017 103 821 1 4 80 -941 keystore 08-01 06:49:33.654 <6>[57819.314019] c0 [ 104] 0 104 824 1 4 40 -941 Binder_2 08-01 06:49:33.654 <6>[57819.314032] c0 [ 105] 0 105 1080 1 4 41 -941 Binder_2 08-01 06:49:33.654 <6>[57819.314046] c0 [ 107] 1001 107 230 0 3 25 -941 rilproxy 08-01 06:49:33.654 <6>[57819.314058] c0 [ 109] 0 109 265 0 3 30 -941 srtd 08-01 06:49:33.654 <6>[57819.314072] c0 [ 110] 0 110 381 1 3 48 -941 engmoded 08-01 06:49:33.654 <6>[57819.314086] c0 [ 114] 1000 114 7466 0 17 139 -941 phoneserver 08-01 06:49:33.654 <6>[57819.314099] c0 [ 115] 0 115 265 0 3 31 -941 srtd 08-01 06:49:33.654 <6>[57819.314112] c0 [ 116] 0 116 2469 0 8 154 -941 engpc 08-01 06:49:33.654 <6>[57819.314125] c0 [ 120] 2000 120 233 1 3 29 -941 sh 08-01 06:49:33.654 <6>[57819.314139] c0 [ 157] 0 157 540 14 3 38 -941 refnotify 08-01 06:49:33.654 <6>[57819.314152] c0 [ 158] 0 158 1029 0 4 528 -941 nvitemd 08-01 06:49:33.654 <6>[57819.314165] c0 [ 179] 0 179 1957 0 6 150 -941 engpc 08-01 06:49:33.654 <6>[57819.314179] c0 [ 440] 0 440 1150 37 6 18 -941 adbd 08-01 06:49:33.654 <6>[57819.314192] c0 [ 449] 1023 449 654 19 5 127 -941 sdcard 08-01 06:49:33.654 <6>[57819.314205] c0 [ 571] 0 571 1246 56 6 87 -941 slog 08-01 06:49:33.654 <6>[57819.314219] c0 [ 770] 1001 770 2682 1 8 74 -941 rild_sp 08-01 06:49:33.654 <6>[57819.314233] c0 [ 771] 1001 771 2683 1 7 76 -941 rild_sp 08-01 06:49:33.654 <6>[57819.314246] c0 [ 848] 0 848 104637 27727 214 41913 0 b2g 08-01 06:49:33.654 <6>[57819.314259] c0 [ 898] 0 898 13037 78 30 2277 0 (Nuwa) 08-01 06:49:33.654 <6>[57819.314276] c0 [ 1292] 0 1292 215 24 4 14 0 orng 08-01 06:49:33.654 <6>[57819.314290] c0 [ 1300] 11300 1300 13813 230 26 2190 0 (Preallocated a
Assignee | ||
Comment 26•10 years ago
|
||
[Blocking Requested - why for this release]:(In reply to thomas tsai from comment #18) > > Hi Yuan Xulei, can you create 1.3t first and then v1.4 patch? Thanks! Tarako > is urgent to have a release for an event. Thanks! Patches are ready and needs sheriff to approve and land :)
blocking-b2g: 2.0+ → 2.1?
Flags: needinfo?(ttsai)
Reporter | ||
Updated•10 years ago
|
blocking-b2g: 2.1? → 2.0+
Updated•10 years ago
|
Flags: needinfo?(ttsai)
Updated•10 years ago
|
Attachment #8465177 -
Flags: approval-mozilla-b2g30? → approval-mozilla-b2g30+
Updated•10 years ago
|
Attachment #8465271 -
Flags: approval-mozilla-b2g28? → approval-mozilla-b2g28+
Comment 27•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-b2g30_v1_4/rev/325043b0b066 https://hg.mozilla.org/releases/mozilla-b2g28_v1_3/rev/29342bbb26a1
Updated•10 years ago
|
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•