Open
Bug 1379326
Opened 8 years ago
Updated 3 years ago
LaunchGPUProcess would crash the main process if the GPU process failed to launch
Categories
(Core :: Graphics: Layers, defect, P3)
Core
Graphics: Layers
Tracking
()
NEW
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fix-optional |
People
(Reporter: spinda, Unassigned)
Details
(Whiteboard: gfx-noted)
Attachments
(1 file)
|
26.24 KB,
text/plain
|
Details |
To reproduce: simulate a GPU process launch failure by adding a "return false;" to the beginning for GPUProcessHost::Launch, recompile, and start Firefox in an environment where GPU_PROCESS is normally enabled. The main process will crash with SIGSEGV.
A gdb trace is attached. The crash occurs when LaunchGPUProcess detects that the launch failed and calls DisableGPUProcess (http://searchfox.org/mozilla-central/source/gfx/ipc/GPUProcessManager.cpp#161), which in turn attempts to set up off-main-thread compositing (http://searchfox.org/mozilla-central/source/gfx/ipc/GPUProcessManager.cpp#183-188). This ends up calling EnsureCompositorManagerChild (http://searchfox.org/mozilla-central/source/gfx/ipc/GPUProcessManager.cpp#213) which, some levels down, leads to sCompositorThreadHolder being accessed while it is still null (http://searchfox.org/mozilla-central/source/gfx/layers/ipc/CompositorThread.cpp#22). It is normally initialized when InitLayersIPC is called during gfxPlatform initialization (http://searchfox.org/mozilla-central/source/gfx/thebes/gfxPlatform.cpp#742), but this only happens *after* LaunchGPUProcess completes (http://searchfox.org/mozilla-central/source/gfx/thebes/gfxPlatform.cpp#728).
Luckily, it would appear that GPUProcessHost::Launch, despite returning a boolean value, can't ever *actually* fail, as it passes back the return value of GeckoChildProcessHost::AsyncLaunch which always returns true (http://searchfox.org/mozilla-central/source/ipc/glue/GeckoChildProcessHost.cpp#397). Perhaps, then, this recovery mechanism can be ripped out of LaunchGPUProcess entirely. But there might be other cases where DisableGPUProcess ends up being called before the compositor thread is set up.
|
||
Comment 1•8 years ago
|
||
Yes, this might cause some potential issues, I've cced myself and will going to investigate this.
Has STR: --- → yes
Priority: -- → P3
Whiteboard: gfx-noted
|
||
Updated•8 years ago
|
status-firefox57:
--- → fix-optional
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•