New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 711333 link

Starred by 1 user
Status: Assigned
Owner:
sadrul@chromium.org
Cc:
dnicoara@chromium.org
sadrul@chromium.org
h...@chromium.org
piman@chromium.org
jamescook@chromium.org
sky@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

ozone gpu is racy

Project Member Reported by sadrul@chromium.org, Apr 13 2017 
ozone gpu, specifically, the drm implementation, is racy.

ui::GpuPlatformSupportHost recently had a change [1] that made it used from both the IO and the UI thread. The way this currently works:

a. [IO] GpuProcessHost is created. It posts a task to the UI thread to create a GpuProcessHostUIShim. It also immediately calls GpuPlatformSupportHost::OnGpuProcessLaunched(). This triggers OnGpuProcessLaunched() on the list of GpuThreadObservers in DrmGpuPlatformSupportHost.

b. [UI] The task posted in step a. runs, and the GpuProcessHostUIShim is created. Upon creation, it calls GpuPlatformSupportHost::OnChannelEstablished(). This triggers OnGpuThreadReady() on the observers in DrmGpuPlatformSupportHost.

There are two issues here:

1. The task can run on UI thread before the task on the IO thread completes. That means OnGpuThreadReady() can run before OnGpuProcessLaunched() on the observers.
2. The list of observers in DrmGpuPlatformSupportHost (and some other states, e.g. |host_id_|) are accessed from both the UI and the IO threads without using any locks.
3. Consequently, DrmDisplayHostManager (which is-a GpuThreadObserver) also uses reads+mutates |drm_devices_| on both threads, without using locks. (e.g. [2], [3], [4]).

https://codereview.chromium.org/2820463002/ helps with 1, ensuring that the calls on the observers happen in a well defined order.
Using a ObserverListThreadSafe<> (instead of ObserverList<>) may be an option to help with 2, but maybe a lock would be better?

[1] https://codereview.chromium.org/2459973002/
[2] UI thread: https://cs.chromium.org/chromium/src/ui/ozone/platform/drm/host/drm_display_host_manager.cc?type=cs&sq=package:chromium&l=276
[3] UI thread: https://cs.chromium.org/chromium/src/ui/ozone/platform/drm/host/drm_display_host_manager.cc?type=cs&sq=package:chromium&l=288
[4] IO thread: https://cs.chromium.org/chromium/src/ui/ozone/platform/drm/host/drm_display_host_manager.cc?type=cs&sq=package:chromium&l=318

Comment 1 by sky@chromium.org, Apr 17 2017

Cc: jamescook@chromium.org
+jamescook in case this is leading to some of the flake on the bot.
Project Member

Comment 2 by bugdroid1@chromium.org, Apr 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/63c1e2603b28e1fb6a2ca120e793497ed3b37220

commit 63c1e2603b28e1fb6a2ca120e793497ed3b37220
Author: sadrul <sadrul@chromium.org>
Date: Fri Apr 21 16:00:55 2017

gpu: Completely remove GpuProcessHostUIShim.

The only remaining purpose of GpuProcessHostUIShim was to send messages
back and forth between GpuProcessHost and the ozone platform. Move that
relevant code into GpuProcessHost, and remove the ui shim.

For ozone: Remove GpuPlatformSupportHost::OnChannelEstablished(). It is
currently needed only for the drm implementation, and is essentially just
a thread hop from the IO thread to the UI thread. So do that from inside
the drm implementation, instead of having a public API and requiring the
gpu host do the thread-hop.

BUG= 709332 , 711333

Review-Url: https://codereview.chromium.org/2820463002
Cr-Commit-Position: refs/heads/master@{#466351}

[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/content/browser/BUILD.gn
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/content/browser/browser_main_loop.cc
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/content/browser/gpu/gpu_process_host.cc
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/content/browser/gpu/gpu_process_host.h
[delete] https://crrev.com/80d0234a6c13bba1e14ca76f48d7c437fe5b020e/content/browser/gpu/gpu_process_host_ui_shim.cc
[delete] https://crrev.com/80d0234a6c13bba1e14ca76f48d7c437fe5b020e/content/browser/gpu/gpu_process_host_ui_shim.h
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/ui/ozone/platform/drm/host/drm_gpu_platform_support_host.cc
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/ui/ozone/platform/drm/host/drm_gpu_platform_support_host.h
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/ui/ozone/public/gpu_platform_support_host.cc
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/ui/ozone/public/gpu_platform_support_host.h
[modify] https://crrev.com/63c1e2603b28e1fb6a2ca120e793497ed3b37220/ui/ozone/public/ozone_gpu_test_helper.cc

Comment 3 by rjkroege@chromium.org, May 25 2017

Owner: sadrul@chromium.org
sadrul@ you've been working on this. Giving to you to update appropriately.

Sign in to add a comment