Closed Bug 1020726 Opened 5 years ago Closed 5 years ago

BEP can leak an iframe via the global 'activeInputFrame'

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla33
blocking-b2g 2.0+
Tracking Status
firefox31 --- wontfix
firefox32 --- fixed
firefox33 --- fixed
b2g-v1.3 --- fixed
b2g-v1.3T --- fixed
b2g-v1.4 --- fixed
b2g-v2.0 --- fixed
b2g-v2.1 --- fixed

People

(Reporter: khuey, Assigned: xyuan)

References

Details

(Whiteboard: [MemShrink:P2])

Attachments

(3 files, 2 obsolete files)

All of the logs from bug 1007520 show an <iframe> being held through this global that is otherwise unreachable (and is not in the DOM).
Whiteboard: [MemShrink]
Depends on: 905573
Yuan, is this something you can take?
Flags: needinfo?(xyuan)
Whiteboard: [MemShrink] → [MemShrink:P2]
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #1)
> Yuan, is this something you can take?

Yes, I'll take it.
Assignee: nobody → xyuan
Status: NEW → ASSIGNED
Flags: needinfo?(xyuan)
We use |activeInputFrame| to hold the active IME iframe, so that 
calling |setInputMethodActive| on a new iframe can deactivate the old one automatically.
This feature increases the code complexity and caused Bug 981997.

As we will deactivate the old IME iframe manually in gaia and don't use this feature, so I tend to remove this and make the code simple and robust.
Attached patch WIP (v1).patchSplinter Review
Remove the global 'activeInputFrame'. It may affact bug 993394. I'll test it tomorrow.

And wait for the try result:
https://tbpl.mozilla.org/?tree=Try&rev=ad89bf17faff
Blocks: 993394
Comment on attachment 8440629 [details] [diff] [review]
WIP (v1).patch

Review of attachment 8440629 [details] [diff] [review]:
-----------------------------------------------------------------

See comment 4 about the changes.
The try is green.
I tested on flame with current master build (20140617), and bug 993394 was not reproduced.
Attachment #8440629 - Flags: review?(fabrice)
Attachment #8440629 - Flags: review?(fabrice) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/e5531b0f73d0

Next time please update the commit message with the reviewer information before requesting checkin-needed.
Keywords: checkin-needed
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #6)
> https://hg.mozilla.org/integration/mozilla-inbound/rev/e5531b0f73d0
> 
> Next time please update the commit message with the reviewer information
> before requesting checkin-needed.

Sorry, I forgot updating the commit message with reviewer information.
https://hg.mozilla.org/mozilla-central/rev/e5531b0f73d0
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
Can you think of any reason not to take this for 2.0?
blocking-b2g: --- → 2.0?
Flags: needinfo?(xyuan)
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #9)
> Can you think of any reason not to take this for 2.0?

No, the only risk I can think of is bug 993394, but we haven't got any report about the regression of bug 993394 since we landed the patch two weeks agao on the master. So it's good to take for 2.0 now.
Flags: needinfo?(xyuan)
blocking-b2g: 2.0? → 2.0+
There's a duplicate bug 1031977 on Tarako, may I understand the reason why this is not applied to v1.3t?
Flags: needinfo?(xyuan)
It could be applied to v1.3t/v1.3 if needed.
Flags: needinfo?(xyuan)
Great, should I write an approval request here or do something else to make it happen?
We need memory leak patch landing to 1.3t branch.
Flags: needinfo?(ying.xu)
Blocks: 1031977
(In reply to Ting-Yu Chou [:ting] from comment #14)
> Great, should I write an approval request here or do something else to make
> it happen?
Please run a full test with the patch on 1.3t and then write an approval request.
If you need a branch specific patch, please let me know.
(In reply to Yuan Xulei [:yxl] from comment #16)

> Please run a full test with the patch on 1.3t and then write an approval
> request.
> If you need a branch specific patch, please let me know.

can you tell us what tests need to be done?
Flags: needinfo?(ying.xu)
(In reply to Yuan Xulei [:yxl] from comment #16)
> (In reply to Ting-Yu Chou [:ting] from comment #14)
> > Great, should I write an approval request here or do something else to make
> > it happen?
> Please run a full test with the patch on 1.3t and then write an approval
> request.
> If you need a branch specific patch, please let me know.

Hi Yuan Xulei, can you create 1.3t first and then v1.4 patch? Thanks! Tarako is urgent to have a release for an event. Thanks!
Flags: needinfo?(xyuan)
(In reply to ying.xu from comment #17)
> (In reply to Yuan Xulei [:yxl] from comment #16)
> 
> > Please run a full test with the patch on 1.3t and then write an approval
> > request.
> > If you need a branch specific patch, please let me know.
> 
> can you tell us what tests need to be done?

If possible, mochitest and gaia ui test.(In reply to thomas tsai from comment #18

(In reply to thomas tsai from comment #18)
> Hi Yuan Xulei, can you create 1.3t first and then v1.4 patch? Thanks! Tarako
> is urgent to have a release for an event. Thanks!

Yes, I'll.
Flags: needinfo?(xyuan)
Attached patch v1.3t.patch (obsolete) — Splinter Review
Branch specific patch for v1.3.
I haven't run mochitest for this patch yet, as my gecko for v1.3 is still under building.
Attached patch v1.4.patchSplinter Review
Branch specific patch for v1.4.
I haven't run mochitest for this patch yet.
Attached patch v1.3.patch (obsolete) — Splinter Review
[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 1020726
User impact if declined: memory leaks when toggling software keyboard.
Testing completed: yes
Risk to taking this patch (and alternatives if risky): Low. Might cause Bug 993394, but we haven't got any regression report about this patch on 2.0 and 2.1 branch.
String or UUID changes made by this patch: None.
Attachment #8465175 - Attachment is obsolete: true
Attachment #8465269 - Flags: review+
Attachment #8465269 - Flags: approval-mozilla-b2g28?
Attached patch v1.3.patchSplinter Review
Please see Comment 22.
Rebase and disable tests.
Attachment #8465269 - Attachment is obsolete: true
Attachment #8465269 - Flags: approval-mozilla-b2g28?
Attachment #8465271 - Flags: review+
Attachment #8465271 - Flags: approval-mozilla-b2g28?
Comment on attachment 8465177 [details] [diff] [review]
v1.4.patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Bug 1020726
User impact if declined: memory leaks when toggling software keyboard.
Testing completed: yes
Risk to taking this patch (and alternatives if risky): Low. Might cause Bug 993394, but we haven't got any regression report about this patch on 2.0 and 2.1 branch.
String or UUID changes made by this patch: None.
Attachment #8465177 - Flags: approval-mozilla-b2g30?
dolphin v1.4 also meet this issue.

b2g before monkey test
07-31 15:04:04.287 <6>[ 1090.007247] c0 [  848]     0   848    53133    13956     110     3002             0 b2g

b2g killed by LMK, b2g RSS and SWAP is very big
08-01 06:49:33.654 <6>[57819.314246] c0 [  848]     0   848   104637    27727     214    41913             0 b2g

08-01 06:49:33.577 <6>[57819.299980] c0 lowmemorykiller: send sigkill to selected process:
08-01 06:49:33.577 <6>[57819.300027] c0 lowmemorykiller: Killing 'b2g' (848), adj 0,
08-01 06:49:33.577 <6>[57819.300027] c0    to free 278348kB on behalf of 'kswapd0' (21) because
08-01 06:49:33.577 <6>[57819.300027] c0    cache 2084kB is below limit 4096kB for oom_score_adj 0
08-01 06:49:33.577 <6>[57819.300027] c0    Free memory is -1624kB above reserved
08-01 06:49:33.577 <6>[57819.300027] c0    min adj 0 zram: adj 0 free 10% usage 59436kB
08-01 06:49:33.577 <4>[57819.300052] c0 lowmemorykiller: kswapd0 invoked lmk: gfp_mask=0xd0, order=-1, oom_score_adj=0
08-01 06:49:33.577 <4>[57819.300067] c0 CPU: 0 PID: 21 Comm: kswapd0 Tainted: G        W  O 3.10.17 #1
08-01 06:49:33.577 <4>[57819.300113] c0 [<c0013a1c>] (unwind_backtrace+0x0/0x11c) from [<c0012174>] (show_stack+0x10/0x14)
08-01 06:49:33.577 <4>[57819.300136] c0 [<c0012174>] (show_stack+0x10/0x14) from [<c03cb134>] (lowmem_shrink+0x634/0x74c)
08-01 06:49:33.577 <4>[57819.300160] c0 [<c03cb134>] (lowmem_shrink+0x634/0x74c) from [<c00a6e5c>] (shrink_slab+0x160/0x214)
08-01 06:49:33.577 <4>[57819.300177] c0 [<c00a6e5c>] (shrink_slab+0x160/0x214) from [<c00a98b0>] (kswapd+0x4e0/0x704)
08-01 06:49:33.577 <4>[57819.300197] c0 [<c00a98b0>] (kswapd+0x4e0/0x704) from [<c00559d0>] (kthread+0xa0/0xb0)
08-01 06:49:33.577 <4>[57819.300218] c0 [<c00559d0>] (kthread+0xa0/0xb0) from [<c000f4d8>] (ret_from_fork+0x14/0x3c)
08-01 06:49:33.577 <4>[57819.300226] c0 Mem-info:
08-01 06:49:33.577 <4>[57819.300234] c0 Normal per-cpu:
08-01 06:49:33.577 <4>[57819.300242] c0 CPU    0: hi:   90, btch:  15 usd:  89
08-01 06:49:33.577 <4>[57819.300263] c0 active_anon:13734 inactive_anon:13769 isolated_anon:0
08-01 06:49:33.577 <4>[57819.300263] c0  active_file:172 inactive_file:157 isolated_file:0
08-01 06:49:33.577 <4>[57819.300263] c0  unevictable:192 dirty:0 writeback:0 unstable:0
08-01 06:49:33.577 <4>[57819.300263] c0  free:502 slab_reclaimable:1145 slab_unreclaimable:5149
08-01 06:49:33.577 <4>[57819.300263] c0  mapped:430 shmem:5 pagetables:441 bounce:0
08-01 06:49:33.577 <4>[57819.300263] c0  free_cma:0
08-01 06:49:33.577 <4>[57819.300313] c0 Normal free:2008kB min:1856kB low:3168kB high:3632kB active_anon:54936kB inactive_anon:55076kB active_file:688kB inactive_file:628kB unevictable:768kB isolated(anon):0kB isolated(file):0kB present:262144kB managed:215400kB mlocked:0kB dirty:0kB writeback:0kB mapped:1720kB shmem:20kB slab_reclaimable:4580kB slab_unreclaimable:20596kB kernel_stack:2192kB pagetables:1764kB unstable:0kB bounce:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:74 all_unreclaimable? no
08-01 06:49:33.577 <4>[57819.300322] c0 lowmem_reserve[]: 0 0 0
08-01 06:49:33.577 <4>[57819.300333] c0 Normal: 250*4kB (UM) 0*8kB 63*16kB (UEM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 2008kB
08-01 06:49:33.577 <4>[57819.300365] c0 548 total pagecache pages
08-01 06:49:33.577 <4>[57819.300375] c0 22 pages in swap cache
08-01 06:49:33.577 <4>[57819.300383] c0 Swap cache stats: add 24814903, delete 24814881, find 556015/12486906
08-01 06:49:33.577 <4>[57819.300390] c0 Free swap  = 13688kB
08-01 06:49:33.577 <4>[57819.300397] c0 Total swap = 204796kB
08-01 06:49:33.654 <4>[57819.313705] c0 65536 pages of RAM
08-01 06:49:33.654 <4>[57819.313729] c0 3160 free pages
08-01 06:49:33.654 <4>[57819.313736] c0 10502 reserved pages
08-01 06:49:33.654 <4>[57819.313743] c0 5448 slab pages
08-01 06:49:33.654 <4>[57819.313749] c0 705 pages shared
08-01 06:49:33.654 <4>[57819.313755] c0 22 pages swap cached
08-01 06:49:33.654 <6>[57819.313765] c0 [ pid ]   uid  tgid total_vm      rss nr_ptes swapents oom_score_adj name
08-01 06:49:33.654 <6>[57819.313816] c0 [   83]     0    83      132       32       3       24          -941 ueventd
08-01 06:49:33.654 <6>[57819.313833] c0 [   90]     0    90      358       27       4        8          -941 healthd
08-01 06:49:33.654 <6>[57819.313846] c0 [   91]  1000    91      252        1       3       24          -941 servicemanager
08-01 06:49:33.654 <6>[57819.313859] c0 [   92]     0    92     1149        0       4       86          -941 vold
08-01 06:49:33.654 <6>[57819.313872] c0 [   93]  1000    93     1521        0       5       34          -941 modemd
08-01 06:49:33.654 <6>[57819.313885] c0 [   94]  1000    94     1071       21       4       52          -941 wcnd
08-01 06:49:33.654 <6>[57819.313898] c0 [   95]     0    95       90        0       3        6          -941 batterysrv
08-01 06:49:33.654 <6>[57819.313911] c0 [   96]  1001    96      230        0       3       26          -941 rilproxy
08-01 06:49:33.654 <6>[57819.313924] c0 [   97]  1001    97      230        0       3       26          -941 rilproxy
08-01 06:49:33.654 <6>[57819.313937] c0 [   98]     0    98     2411        0       7       87          -941 netd
08-01 06:49:33.654 <6>[57819.313951] c0 [   99]     0    99      259        0       3       31          -941 debuggerd
08-01 06:49:33.654 <6>[57819.313964] c0 [  100]     0   100      346        0       3       50          -941 rild
08-01 06:49:33.654 <6>[57819.313978] c0 [  101]  1013   101     8231        1      19      474          -941 mediaserver
08-01 06:49:33.654 <6>[57819.313991] c0 [  102]  1012   102      250        0       3       35          -941 installd
08-01 06:49:33.654 <6>[57819.314004] c0 [  103]  1017   103      821        1       4       80          -941 keystore
08-01 06:49:33.654 <6>[57819.314019] c0 [  104]     0   104      824        1       4       40          -941 Binder_2
08-01 06:49:33.654 <6>[57819.314032] c0 [  105]     0   105     1080        1       4       41          -941 Binder_2
08-01 06:49:33.654 <6>[57819.314046] c0 [  107]  1001   107      230        0       3       25          -941 rilproxy
08-01 06:49:33.654 <6>[57819.314058] c0 [  109]     0   109      265        0       3       30          -941 srtd
08-01 06:49:33.654 <6>[57819.314072] c0 [  110]     0   110      381        1       3       48          -941 engmoded
08-01 06:49:33.654 <6>[57819.314086] c0 [  114]  1000   114     7466        0      17      139          -941 phoneserver
08-01 06:49:33.654 <6>[57819.314099] c0 [  115]     0   115      265        0       3       31          -941 srtd
08-01 06:49:33.654 <6>[57819.314112] c0 [  116]     0   116     2469        0       8      154          -941 engpc
08-01 06:49:33.654 <6>[57819.314125] c0 [  120]  2000   120      233        1       3       29          -941 sh
08-01 06:49:33.654 <6>[57819.314139] c0 [  157]     0   157      540       14       3       38          -941 refnotify
08-01 06:49:33.654 <6>[57819.314152] c0 [  158]     0   158     1029        0       4      528          -941 nvitemd
08-01 06:49:33.654 <6>[57819.314165] c0 [  179]     0   179     1957        0       6      150          -941 engpc
08-01 06:49:33.654 <6>[57819.314179] c0 [  440]     0   440     1150       37       6       18          -941 adbd
08-01 06:49:33.654 <6>[57819.314192] c0 [  449]  1023   449      654       19       5      127          -941 sdcard
08-01 06:49:33.654 <6>[57819.314205] c0 [  571]     0   571     1246       56       6       87          -941 slog
08-01 06:49:33.654 <6>[57819.314219] c0 [  770]  1001   770     2682        1       8       74          -941 rild_sp
08-01 06:49:33.654 <6>[57819.314233] c0 [  771]  1001   771     2683        1       7       76          -941 rild_sp
08-01 06:49:33.654 <6>[57819.314246] c0 [  848]     0   848   104637    27727     214    41913             0 b2g
08-01 06:49:33.654 <6>[57819.314259] c0 [  898]     0   898    13037       78      30     2277             0 (Nuwa)
08-01 06:49:33.654 <6>[57819.314276] c0 [ 1292]     0  1292      215       24       4       14             0 orng
08-01 06:49:33.654 <6>[57819.314290] c0 [ 1300] 11300  1300    13813      230      26     2190             0 (Preallocated a
[Blocking Requested - why for this release]:(In reply to thomas tsai from comment #18)
> 
> Hi Yuan Xulei, can you create 1.3t first and then v1.4 patch? Thanks! Tarako
> is urgent to have a release for an event. Thanks!
Patches are ready and needs sheriff to approve and land :)
blocking-b2g: 2.0+ → 2.1?
Flags: needinfo?(ttsai)
blocking-b2g: 2.1? → 2.0+
Flags: needinfo?(ttsai)
Attachment #8465177 - Flags: approval-mozilla-b2g30? → approval-mozilla-b2g30+
Attachment #8465271 - Flags: approval-mozilla-b2g28? → approval-mozilla-b2g28+
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.