3aaac40b12
In the Chrome WebGL Aquarium stress test, 20 instances of Chrome will run Aquarium simultaneously over 20+ hours. That causes Chrome crash. During the stress, glBeginQueryIndexed is called frequently. 1.Each query will only use 32 bytes from query_buffer_uploader. After the offset exceed 4096, it will alloc new buffer for query_buffer_uploader->buffer and release the old buffer. 2.But iris_begin_query will call u_upload_alloc when the offset changed, and it will increase the query_buffer_uploader->buffer->reference.count every time when it called u_upload_alloc. 3.So when u_upload_release_buffer try to release the resource of query_buffer_uploader->buffer, its reference.count is already equal to 129. pipe_reference_described will only decrease its reference count to 128.So it never called old_dst->screen->resource_destroy. 4.The old resouce bo will never be freeed. And chrome will called mmap every time when it alloc new resource bo. 5. Chrome process map too many vmas in its process. Its map count exceed the sysctl_max_map_count which is 65530 defined in kernel. 6. When iris_begin_query want to alloc new resource bo, it will meet NULL pointer because mmap return failed. Finally chrome crashed when it access this NULL resource bo. The fix is decrease the reference count in iris_destroy_query. Patch is verified by chrome webgl Aquarium test case for more than 72 hours. Signed-off-by: Tapani Pälli <tapani.palli@intel.com> Signed-off-by: Yang Shi <yang.a.shi@intel.com> Reviewed-by: Alex Zuo <alex.zuo@intel.com> Reviewed-by: Marek Olšák <marek.olsak@amd.com> Reviewed-by: Kenneth Graunke <kenneth@whitecape.org> Cc: mesa-stable Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/7890>
`Mesa <https://mesa3d.org>`_ - The 3D Graphics Library ====================================================== Source ------ This repository lives at https://gitlab.freedesktop.org/mesa/mesa. Other repositories are likely forks, and code found there is not supported. Build & install --------------- You can find more information in our documentation (`docs/install.rst <https://mesa3d.org/install.html>`_), but the recommended way is to use Meson (`docs/meson.rst <https://mesa3d.org/meson.html>`_): .. code-block:: sh $ mkdir build $ cd build $ meson .. $ sudo ninja install Support ------- Many Mesa devs hang on IRC; if you're not sure which channel is appropriate, you should ask your question on `Freenode's #dri-devel <irc://chat.freenode.net#dri-devel>`_, someone will redirect you if necessary. Remember that not everyone is in the same timezone as you, so it might take a while before someone qualified sees your question. To figure out who you're talking to, or which nick to ping for your question, check out `Who's Who on IRC <https://dri.freedesktop.org/wiki/WhosWho/>`_. The next best option is to ask your question in an email to the mailing lists: `mesa-dev\@lists.freedesktop.org <https://lists.freedesktop.org/mailman/listinfo/mesa-dev>`_ Bug reports ----------- If you think something isn't working properly, please file a bug report (`docs/bugs.rst <https://mesa3d.org/bugs.html>`_). Contributing ------------ Contributions are welcome, and step-by-step instructions can be found in our documentation (`docs/submittingpatches.rst <https://mesa3d.org/submittingpatches.html>`_). Note that Mesa uses gitlab for patches submission, review and discussions.