Correct recycling issues with MacIOSurface
Categories
(Core :: Graphics, defect)
Tracking
()
People
(Reporter: aosmond, Assigned: aosmond)
References
Details
Crash Data
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
diannaS
:
approval-mozilla-beta+
|
Details | Review |
|
48 bytes,
text/x-phabricator-request
|
phab-bot
:
approval-mozilla-esr128+
|
Details | Review |
In theory, ::IOSurfaceLock can fail, and all calls to MacIOSurface::Lock should verify success:
https://searchfox.org/mozilla-central/rev/ab8043ccefe85c30ef78b97193918934d6aa93d1/gfx/2d/MacIOSurface.cpp#399
The allocation can fail, we have very low volume crashes on it, and we should check for it since we can gracefully fallback:
https://searchfox.org/mozilla-central/rev/181e5bb2645236a617d42e3740420098097f7a0f/gfx/layers/MacIOSurfaceImage.cpp#90
We need to verify the recycled surface matches the given parameters (aColorSpace, aColorRange, aColorDepth), and discard it if not:
https://searchfox.org/mozilla-central/rev/181e5bb2645236a617d42e3740420098097f7a0f/gfx/layers/MacIOSurfaceImage.cpp#274
The last one might be the cause of the high volume safeShift10BitBy6 crash.
|
Assignee | |
Comment 1•1 year ago
|
||
This patch corrects a few different issues related to recycling
MacIOSurface objects.
-
When recycling a surface, we must check that the cached surfaces
match all of the requested parameters, not just the size. If we do
not, we should just flush the whole cache immediately since they
should all be created with the same parameters. -
Allocations can fail, and we should check for failing to get a
surface from the allocator and fall back if so. -
Locking can fail, and we should check that return value at all of the
call sites.
This may help resolve a number of otherwise difficult to understand
crash signatures. It may also solve display corruption issues in rare
cases where the parameters that changed were roughly equivalent such
that everything appears to work, but they differ enough to change the
presentation.
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 3•1 year ago
•
|
||
I think we should uplift to 131 beta if nightly seems okay for a few days, but I think it is too much change for a dot release even if one were scheduled, particularly since it depends on changes in bug 1906527. 131 beta already contains the dependency. If it resolves the issue, we can uplift both to 128 esr.
|
||
Comment 4•1 year ago
|
||
| bugherder | ||
|
||
Comment 5•1 year ago
|
||
The patch landed in nightly and beta is affected.
:aosmond, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox131towontfix.
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 6•1 year ago
|
||
Comment on attachment 9424826 [details]
Bug 1918778 - Correct ownership/recycling issues with MacIOSurface.
Beta/Release Uplift Approval Request
- User impact if declined: High volume streaming service crash on OSX only
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): The patch mostly consists of enforcing invariant assumptions that we did not check before. The surface cache clearing, even we were somehow too aggressive, would at worst trade additional CPU/GPU usage for stability. The lock status was never checked, and as such, we would either crash or have unpredictable results before. The changes are limited to OSX only pathways.
- String changes made/needed:
- Is Android affected?: No
|
||
Comment 7•1 year ago
|
||
Comment on attachment 9424826 [details]
Bug 1918778 - Correct ownership/recycling issues with MacIOSurface.
Approved for 131.0b8
|
|
||
Updated•1 year ago
|
|
|
||
Comment 9•1 year ago
|
||
:aosmond can you nominate this for esr128 when you get a chance?
|
|
Assignee | |
Comment 10•1 year ago
|
||
This patch corrects a few different issues related to recycling
MacIOSurface objects.
-
When recycling a surface, we must check that the cached surfaces
match all of the requested parameters, not just the size. If we do
not, we should just flush the whole cache immediately since they
should all be created with the same parameters. -
Allocations can fail, and we should check for failing to get a
surface from the allocator and fall back if so. -
Locking can fail, and we should check that return value at all of the
call sites.
This may help resolve a number of otherwise difficult to understand
crash signatures. It may also solve display corruption issues in rare
cases where the parameters that changed were roughly equivalent such
that everything appears to work, but they differ enough to change the
presentation.
|
||
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Comment 11•1 year ago
|
||
| uplift | ||
|
||
Updated•1 year ago
|
Description
•