Closed Bug 1858731 Opened 1 year ago Closed 1 year ago

CanvasManagerChild on DOM worker not freed if GPU process crashes

Categories

(Core :: Graphics: Canvas2D, defect, P3)

Product:
Core
Component:
Graphics: Canvas2D
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
120 Branch
Tracking Flags:
Tracking Status
firefox120 --- fixed

People

(Reporter: aosmond, Assigned: aosmond)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1858731 - Ensure CanvasManagerChild releases its DOM worker reference on IPDL errors.
48 bytes, text/x-phabricator-request
Details | Review

If there is an IPDL protocol failure and we call CanvasManagerChild::ActorDestroy:
https://searchfox.org/mozilla-central/rev/e9b338c2d597067f99e96d5f20769f41f312fa8f/gfx/ipc/CanvasManagerChild.cpp#33

Then we expect it to get freed. On workers however, we have an additional reference to ourselves for the purposes of destroying ourselves when the worker shutdowns:
https://searchfox.org/mozilla-central/rev/e9b338c2d597067f99e96d5f20769f41f312fa8f/gfx/ipc/CanvasManagerChild.cpp#112

But the only place we ever clear the reference is in Destroy, which isn't called if only the IPDL actor died:
https://searchfox.org/mozilla-central/rev/e9b338c2d597067f99e96d5f20769f41f312fa8f/gfx/ipc/CanvasManagerChild.cpp#47

So it stays alive forever. I suspect this may be related to bug 1808820. This can only happen if there is a GPU process crash, or if either the content or compositor process decided to close the protocol actor down for some reason without crashing (memory alloc failure, pipe write failure, etc).

This patch ensures that we destroy CanvasManagerChild::mWorkerRef if our
IPDL actor is destroyed without the DOM worker having been destroyed.
This can occur when the GPU process crashes, or IPDL itself encountered
an internal error. Since mWorkerRef keeps a reference to
CanvasManagerChild for its shutdown callback, this means the object
won't get freed until the DOM worker itself shuts down.

Depends on D190830

Pushed by aosmond@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4cd17f7d1d30 Ensure CanvasManagerChild releases its DOM worker reference on IPDL errors. r=gfx-reviewers,lsalzman

https://hg.mozilla.org/mozilla-central/rev/4cd17f7d1d30

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox120: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 120 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: