New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 808744 link

Starred by 2 users
Status: Fixed
Owner:
kbr@chromium.org
OOO until 2019-01-24
Closed: Feb 2018
Cc:
kainino@chromium.org
l.gom...@samsung.com
vmi...@chromium.org
piman@chromium.org
jdarpinian@chromium.org
anicolao@chromium.org
ejonte@google.com
zmo@chromium.org
palmer@chromium.org
awhalley@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 1
Type: Bug

Blocked on:
issue 687210
Blocking:
issue 750306
issue 798795
issue 812373
issue 818336
issue 820891
issue 823863



Sign in to add a comment

Disable EXT_disjoint_timer_query and change WebGL sync objects' semantics

Project Member Reported by kbr@chromium.org, Feb 3 2018 
Due to a security vulnerability just reported to the Chrome team, it's urgently necessary to do the following:

1) Disable WebGL's EXT_disjoint_timer_query and EXT_disjoint_timer_query_webgl2 extensions.

2) Change the semantics of sync objects in the WebGL 2.0 specification so that they don't become signaled in the same frame they were issued. A similar restriction was added to query objects some time ago.

More information forthcoming.

Comment 1 by kbr@chromium.org, Feb 5 2018

Cc: ejonte@google.com

Comment 2 by piman@chromium.org, Feb 5 2018 

What would a blocking clientWaitSync in the same frame do? Always timeout?

Comment 3 by kbr@chromium.org, Feb 5 2018 

Chrome always restricts the maximum timeout for clientWaitSync to 0 ms, so it only acts as a poll:

https://www.khronos.org/registry/webgl/specs/latest/2.0/#5.17

https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp?type=cs&q=webgl2renderingcontextbase&sq=package:chromium&l=39

So, yes, it would only be re-evaluated once per requestAnimationFrame tick for returning either GL_ALREADY_SIGNALED or GL_CONDITION_SATISFIED.

Comment 4 by kbr@chromium.org, Feb 6 2018

Blocking: 798795

Comment 5 by kbr@chromium.org, Feb 7 2018

Blockedon: 687210
Project Member

Comment 6 by bugdroid1@chromium.org, Feb 8 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d4ff25f15438300b5349b601d3619c6d1d5063ac

commit d4ff25f15438300b5349b601d3619c6d1d5063ac
Author: Kenneth Russell <kbr@chromium.org>
Date: Thu Feb 08 07:29:00 2018

Change sync objects to not be available in the current frame.

Follows similar restrictions for query objects and implements
https://github.com/KhronosGroup/WebGL/pull/2598 .

Disable EXT_disjoint_timer_query at the WebGL level.

Bug:  808744 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I178f08fd30bf252865abf2744636b4e9b3a0e677
Reviewed-on: https://chromium-review.googlesource.com/906402
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535327}
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/browser/gpu/gpu_data_manager_impl.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/browser/gpu/gpu_data_manager_impl.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/browser/gpu/gpu_data_manager_impl_private.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/browser/gpu/gpu_data_manager_impl_private.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/browser/gpu/gpu_data_manager_testing_autogen.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/browser/gpu/gpu_internals_ui.cc
[add] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/test/data/gpu/functional_webgl_disabled_extension.html
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/test/gpu/gpu_tests/gpu_process_integration_test.py
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/test/gpu/gpu_tests/webgl2_conformance_expectations.py
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/content/test/gpu/gpu_tests/webgl_conformance_expectations.py
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_blacklist_unittest.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_control_list.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_control_list.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_control_list_testing_autogen.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_driver_bug_list.json
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_feature_info.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/gpu_util.cc
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/config/process_json.py
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/ipc/common/gpu_feature_info.mojom
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/gpu/ipc/common/gpu_feature_info_struct_traits.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/DEPS
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.h
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/WebGLSync.cpp
[modify] https://crrev.com/d4ff25f15438300b5349b601d3619c6d1d5063ac/third_party/WebKit/Source/modules/webgl/WebGLSync.h

Comment 7 by kbr@chromium.org, Feb 8 2018

Cc: palmer@chromium.org
Labels: -Restrict-View-SecurityTeam Merge-Request-65 Restrict-View-Google
Requesting merge to M65. This is a security related issue, though I don't think it's severe enough to warrant merge to current stable (M64). palmer@ from the security team can help motivate if necessary.

Comment 8 by kbr@chromium.org, Feb 8 2018

Status: Fixed (was: Assigned)
Project Member

Comment 9 by sheriffbot@chromium.org, Feb 8 2018

Labels: -Merge-Request-65 Merge-Review-65 Hotlist-Merge-Review
This bug requires manual review: DEPS changes referenced in bugdroid comments.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 10 by gov...@chromium.org, Feb 8 2018

Cc: awhalley@chromium.org
+ awhalley@ (Security TPM) for merge review.

Comment 11 by cmasso@google.com, Feb 12 2018 

Ping!

Comment 12 by awhalley@chromium.org, Feb 12 2018 

Pardon the delay, I was waiting for the change to make it into a canary.

govind@ - good for 65

Comment 13 by gov...@chromium.org, Feb 12 2018

Labels: -Merge-Review-65 Merge-Approved-65
Yeah, got it. Thank you.
Approving merge to M65 branch 3325 based on comment #12. Pls merge ASAP so we can pick it up for this week beta release. Thank you.
Project Member

Comment 14 by bugdroid1@chromium.org, Feb 13 2018

Labels: -merge-approved-65 merge-merged-3325
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c0a0e9d983dee38d425cdc207b54b102780ab336

commit c0a0e9d983dee38d425cdc207b54b102780ab336
Author: Kenneth Russell <kbr@chromium.org>
Date: Tue Feb 13 20:58:29 2018

Change sync objects to not be available in the current frame.

Follows similar restrictions for query objects and implements
https://github.com/KhronosGroup/WebGL/pull/2598 .

Disable EXT_disjoint_timer_query at the WebGL level.

TBR=kbr@chromium.org

(cherry picked from commit d4ff25f15438300b5349b601d3619c6d1d5063ac)

Bug:  808744 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I178f08fd30bf252865abf2744636b4e9b3a0e677
Reviewed-on: https://chromium-review.googlesource.com/906402
Commit-Queue: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#535327}
Reviewed-on: https://chromium-review.googlesource.com/917009
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#452}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/browser/gpu/gpu_data_manager_impl.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/browser/gpu/gpu_data_manager_impl.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/browser/gpu/gpu_data_manager_impl_private.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/browser/gpu/gpu_data_manager_impl_private.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/browser/gpu/gpu_data_manager_testing_autogen.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/browser/gpu/gpu_internals_ui.cc
[add] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/test/data/gpu/functional_webgl_disabled_extension.html
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/test/gpu/gpu_tests/gpu_process_integration_test.py
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/test/gpu/gpu_tests/webgl2_conformance_expectations.py
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/content/test/gpu/gpu_tests/webgl_conformance_expectations.py
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_blacklist_unittest.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_control_list.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_control_list.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_control_list_testing_autogen.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_driver_bug_list.json
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_feature_info.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/gpu_util.cc
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/config/process_json.py
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/ipc/common/gpu_feature_info.mojom
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/gpu/ipc/common/gpu_feature_info_struct_traits.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/DEPS
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.h
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/WebGLSync.cpp
[modify] https://crrev.com/c0a0e9d983dee38d425cdc207b54b102780ab336/third_party/WebKit/Source/modules/webgl/WebGLSync.h
Project Member

Comment 15 by bugdroid1@chromium.org, Feb 13 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7e81a8f804af16333f9fd9ba057c1ff7358f13cc

commit 7e81a8f804af16333f9fd9ba057c1ff7358f13cc
Author: Kenneth Russell <kbr@chromium.org>
Date: Tue Feb 13 21:44:33 2018

Attempt to fix build broken in last merge: c0a0e9d983dee38d425cdc207b54b102780ab336

TBR=kbr@chromium.org

Bug:  808744 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: Idcec1a32036d59af6bc647b894da9151ba8e598c
Reviewed-on: https://chromium-review.googlesource.com/917186
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#454}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/7e81a8f804af16333f9fd9ba057c1ff7358f13cc/third_party/WebKit/Source/modules/webgl/BUILD.gn

Comment 16 by kbr@chromium.org, Feb 13 2018

Cc: anicolao@chromium.org a-...@yandex-team.ru

Comment 17 by kbr@chromium.org, Feb 13 2018

Cc: -a-...@yandex-team.ru

Comment 18 by awhalley@google.com, Feb 13 2018

Labels: -ReleaseBlock-Stable
Project Member

Comment 19 by bugdroid1@chromium.org, Feb 13 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bd9190ff03dc62d1e996856e2e0c3197a6eaa090

commit bd9190ff03dc62d1e996856e2e0c3197a6eaa090
Author: Kenneth Russell <kbr@chromium.org>
Date: Tue Feb 13 23:44:52 2018

Revert "Change sync objects to not be available in the current frame." Revert "Attempt to fix build broken in last merge: c0a0e9d983dee38d425cdc207b54b102780ab336"

This reverts commits c0a0e9d983dee38d425cdc207b54b102780ab336 and
7e81a8f804af16333f9fd9ba057c1ff7358f13cc .

Will have to do this merge-back manually and test the compile locally.

TBR=kbr@chromium.org

Bug:  808744 
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Change-Id: I5928c38ac142181f0d8dcc9c298cd4cb64b4d5e9
Reviewed-on: https://chromium-review.googlesource.com/917405
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#456}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/browser/gpu/gpu_data_manager_impl.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/browser/gpu/gpu_data_manager_impl.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/browser/gpu/gpu_data_manager_impl_private.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/browser/gpu/gpu_data_manager_impl_private.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/browser/gpu/gpu_data_manager_testing_autogen.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/browser/gpu/gpu_internals_ui.cc
[delete] https://crrev.com/265d5fe6040c2e5cdd6aeab564e6aa75fcadf929/content/test/data/gpu/functional_webgl_disabled_extension.html
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/test/gpu/gpu_tests/gpu_process_integration_test.py
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/test/gpu/gpu_tests/webgl2_conformance_expectations.py
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/content/test/gpu/gpu_tests/webgl_conformance_expectations.py
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_blacklist_unittest.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_control_list.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_control_list.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_control_list_testing_autogen.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_driver_bug_list.json
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_feature_info.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/gpu_util.cc
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/config/process_json.py
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/ipc/common/gpu_feature_info.mojom
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/gpu/ipc/common/gpu_feature_info_struct_traits.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/BUILD.gn
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/DEPS
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.h
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/WebGLSync.cpp
[modify] https://crrev.com/bd9190ff03dc62d1e996856e2e0c3197a6eaa090/third_party/WebKit/Source/modules/webgl/WebGLSync.h

Comment 20 by kbr@chromium.org, Feb 13 2018

Labels: -merge-merged-3325 Merge-Approved-65
Restoring Merge-Approved-65 label and removing merge-merged-3325 because I had to revert the back-merge. I'll have to do it by hand and test the compile.

Comment 21 by gov...@chromium.org, Feb 14 2018 

kbr@/awhalley@, is this critical to merge to M65 or can it wail until M66? Just checking as previous attempt to merge this broke M65 build. Pls let me know. Thank you.
Project Member

Comment 22 by bugdroid1@chromium.org, Feb 14 2018

Labels: -merge-approved-65 merge-merged-3325
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ebe26e18a8377b9cc265b810d75ea08b42a11702

commit ebe26e18a8377b9cc265b810d75ea08b42a11702
Author: Kenneth Russell <kbr@chromium.org>
Date: Wed Feb 14 18:27:41 2018

Change sync objects to not be available in the current frame.

(Manual M65 merge-back)

Follows similar restrictions for query objects and implements
https://github.com/KhronosGroup/WebGL/pull/2598 .

Disable EXT_disjoint_timer_query at the WebGL level.

TBR=dcheng@chromium.org, kainino@chromium.org, piman@chromium.org, zmo@chromium.org

Bug:  808744 
Change-Id: Ibf27298392cabb87fa0222e18145682a55392997
Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
Reviewed-on: https://chromium-review.googlesource.com/919154
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#464}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/browser/gpu/gpu_data_manager_impl.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/browser/gpu/gpu_data_manager_impl.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/browser/gpu/gpu_data_manager_impl_private.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/browser/gpu/gpu_data_manager_impl_private.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/browser/gpu/gpu_data_manager_testing_autogen.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/browser/gpu/gpu_internals_ui.cc
[add] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/test/data/gpu/functional_webgl_disabled_extension.html
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/test/gpu/gpu_tests/gpu_process_integration_test.py
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/test/gpu/gpu_tests/webgl2_conformance_expectations.py
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/test/gpu/gpu_tests/webgl_conformance_expectations.py
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/content/test/gpu/gpu_tests/webgl_conformance_expectations_unittest.py
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_blacklist_unittest.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_control_list.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_control_list.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_control_list_testing_autogen.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_driver_bug_list.json
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_feature_info.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/gpu_util.cc
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/config/process_json.py
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/ipc/common/gpu_feature_info.mojom
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/gpu/ipc/common/gpu_feature_info_struct_traits.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/BUILD.gn
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/DEPS
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.cpp
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/WebGLRenderingContextBase.h
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/WebGLSync.cpp
[modify] https://crrev.com/ebe26e18a8377b9cc265b810d75ea08b42a11702/third_party/WebKit/Source/modules/webgl/WebGLSync.h

Comment 23 by kbr@chromium.org, Feb 14 2018 

govind@: the merge-back is strongly desired. I manually checked out and built the M65 branch and the CL I just committed builds and passes all the tests. Please tell me if there's any issue with it. Thanks.

Comment 24 by kbr@chromium.org, Feb 14 2018

Blocking: 812373

Comment 25 by klausw@chromium.org, Mar 1 2018

Blocking: 750306

Comment 26 by kbr@chromium.org, Mar 6 2018

Blocking: 818336

Comment 27 by kbr@chromium.org, Mar 7 2018

Cc: l.gom...@samsung.com
+l.gombos

Comment 28 by kbr@chromium.org, Mar 13 2018

Blocking: 820891

Comment 29 by kbr@chromium.org, Mar 20 2018

Blocking: 823863

Comment 30 by kbr@chromium.org, May 30 2018

Labels: -Restrict-View-Google
Un-restricting view, as the exploit has been published.

Sign in to add a comment