Skip to content

Commit

Permalink
Cherry-pick 829dab6. rdar://problem/100386989
Browse files Browse the repository at this point in the history 
    Fix crash in theme painting on macOS if GPU is not available
    https://bugs.webkit.org/show_bug.cgi?id=247327
    rdar://100386989

    Reviewed by Geoffrey Garen.

    This is a fix for a theme painting crash when Metal is unavailable and we're falling back to OpenGL. The fallback is using CVMS, which is
    performing JIT'ing, but only JSC is allowed access to the JIT region in the WebContent process. This change blocks access to CVMS in the
    sandbox. I have been able to disable Metal and force software GL in the debugger, and have confirmed that we do not crash with this change.

    * Source/WebKit/UIProcess/WebPageProxy.cpp:
    (WebKit::gpuMachServices):
    * Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:

    Canonical link: https://commits.webkit.org/256539@main

Canonical link: https://commits.webkit.org/256138.45@safari-7615.1.12-branch
  • Loading branch information
@pvollan @alancoon
pvollan authored and alancoon committed Nov 14, 2022
1 parent b2b4e9a commit 7b41bfd
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 16 deletions.
3 changes: 0 additions & 3 deletions Source/WebKit/UIProcess/WebPageProxy.cpp
View file
Expand Up @@ -8520,9 +8520,6 @@ static Span<const ASCIILiteral> gpuMachServices()
{
static constexpr std::array services {
"com.apple.MTLCompilerService"_s,
#if PLATFORM(MAC) || PLATFORM(MACCATALYST)
"com.apple.cvmsServ"_s,
#endif
};
return services;
}
Expand Down
16 changes: 3 additions & 13 deletions Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
View file
Expand Up @@ -341,19 +341,9 @@
(preference-domain "com.apple.opengl")
(preference-domain "com.nvidia.OpenGL"))
;; CVMS
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
(global-name "com.apple.cvmsServ")
)
)
(deny mach-lookup
(require-all
(require-not (extension "com.apple.webkit.extension.mach"))
(global-name "com.apple.cvmsServ")
)
)
(allow file-read*
(deny mach-lookup (with telemetry-backtrace)
(global-name "com.apple.cvmsServ"))
(deny file-read*
(prefix "/private/var/db/CVMS/cvmsCodeSignObj"))
;; OpenCL
(if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
Expand Down

0 comments on commit 7b41bfd

Please sign in to comment.