Bug 1736605- Enable out-of-process WebGL without HW accel
authorChris Martin <cmartin@mozilla.com>
Thu, 13 Jan 2022 20:51:22 +0000
changeset 604521 4c969fd895f9ea47fb1d2892041deb6ab486b228
parent 604520 344f14b85f84dabbc7709b5fc5d23e9471060d75
child 604522 a4812c35655a128b654331dc52d8a84710cd3866
push id156021
push usercmartin@mozilla.com
push dateThu, 13 Jan 2022 20:53:43 +0000
treeherderautoland@4c969fd895f9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1736605
milestone98.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1736605- Enable out-of-process WebGL without HW accel Currently, there are situations where Remote WebGL is disabled due to lack of HW support (For example, if it is run in a Virtual Machine) This makes it so that the WebGL remoting is enabled anyway, since it is needed for Win32k Lockdown. Differential Revision: https://phabricator.services.mozilla.com/D135650
security/sandbox/common/SandboxSettings.cpp
security/sandbox/common/SandboxSettings.h
toolkit/components/telemetry/app/TelemetryEnvironment.jsm
toolkit/components/telemetry/docs/data/environment.rst
toolkit/components/telemetry/tests/unit/TelemetryEnvironmentTesting.jsm
widget/windows/GfxInfo.cpp
--- a/security/sandbox/common/SandboxSettings.cpp
+++ b/security/sandbox/common/SandboxSettings.cpp
@@ -6,16 +6,17 @@
 
 #include "mozilla/SandboxSettings.h"
 #include "mozISandboxSettings.h"
 
 #include "mozilla/Components.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/StaticPrefs_media.h"
 #include "mozilla/StaticPrefs_security.h"
+#include "mozilla/StaticPrefs_webgl.h"
 
 #include "prenv.h"
 
 #ifdef XP_WIN
 #  include "mozilla/gfx/gfxVars.h"
 #  include "mozilla/WindowsVersion.h"
 #  include "nsExceptionHandler.h"
 #endif  // XP_WIN
@@ -33,16 +34,19 @@ const char* ContentWin32kLockdownStateTo
     case ContentWin32kLockdownState::MissingWebRender:
       return "Win32k Lockdown disabled -- Missing WebRender";
 
     case ContentWin32kLockdownState::OperatingSystemNotSupported:
       return "Win32k Lockdown disabled -- Operating system not supported";
 
     case ContentWin32kLockdownState::PrefNotSet:
       return "Win32k Lockdown disabled -- Preference not set";
+	
+	case ContentWin32kLockdownState::MissingRemoteWebGL:
+      return "Win32k Lockdown disabled -- Missing Remote WebGL";
   }
 
   MOZ_CRASH("Should never reach here");
 }
 
 ContentWin32kLockdownState GetContentWin32kLockdownState() {
 #ifdef XP_WIN
   static ContentWin32kLockdownState result = [] {
@@ -56,16 +60,23 @@ ContentWin32kLockdownState GetContentWin
       // non-WR render path.
       //
       // We don't want a situation where "Win32k Lockdown + No WR" occurs
       // without the user explicitly requesting unsupported behavior.
       if (!gfx::gfxVars::UseWebRender()) {
         return ContentWin32kLockdownState::MissingWebRender;
       }
 
+      // Win32k Lockdown requires Remote WebGL, but it may be disabled on
+      // certain hardware or virtual machines.
+      if (!gfx::gfxVars::AllowWebglOop() ||
+          !StaticPrefs::webgl_out_of_process()) {
+        return ContentWin32kLockdownState::MissingRemoteWebGL;
+      }
+
       // It's important that this goes last, as we'd like to know in
       // telemetry and crash reporting if the only thing holding the user
       // back from Win32k Lockdown is the-lack-of-asking-for-it
       if (!StaticPrefs::security_sandbox_content_win32k_disable()) {
         return ContentWin32kLockdownState::PrefNotSet;
       }
 
       return ContentWin32kLockdownState::LockdownEnabled;
--- a/security/sandbox/common/SandboxSettings.h
+++ b/security/sandbox/common/SandboxSettings.h
@@ -18,21 +18,25 @@ namespace mozilla {
 // minimum allowed level. Returns 0 (disabled) if the env var
 // MOZ_DISABLE_CONTENT_SANDBOX is set.
 int GetEffectiveContentSandboxLevel();
 int GetEffectiveSocketProcessSandboxLevel();
 
 // Checks whether the effective content sandbox level is > 0.
 bool IsContentSandboxEnabled();
 
+// If you update this enum, don't forget to raise the limit in
+// TelemetryEnvironmentTesting.jsm and record the new value in
+// environment.rst 
 enum class ContentWin32kLockdownState : int32_t {
   LockdownEnabled = 1,
   MissingWebRender,
   OperatingSystemNotSupported,
   PrefNotSet,
+  MissingRemoteWebGL,
 };
 
 const char* ContentWin32kLockdownStateToString(
     ContentWin32kLockdownState aValue);
 
 ContentWin32kLockdownState GetContentWin32kLockdownState();
 
 #if defined(XP_MACOSX)
--- a/toolkit/components/telemetry/app/TelemetryEnvironment.jsm
+++ b/toolkit/components/telemetry/app/TelemetryEnvironment.jsm
@@ -1621,24 +1621,18 @@ EnvironmentCache.prototype = {
     let contentWin32kLockdownState = null;
     try {
       let sandboxSettings = Cc[
         "@mozilla.org/sandbox/sandbox-settings;1"
       ].getService(Ci.mozISandboxSettings);
       effectiveContentProcessLevel =
         sandboxSettings.effectiveContentSandboxLevel;
 
-      // See `ContentWin32kLockdownState` in
-      // <security/sandbox/common/SandboxSettings.h>
-      //
-      // Values:
-      // 1 = LockdownEnabled
-      // 2 = MissingWebRender
-      // 3 = OperatingSystemNotSupported
-      // 4 = PrefNotSet
+      // The possible values for this are defined in the ContentWin32kLockdownState
+      // enum in security/sandbox/common/SandboxSettings.h
       contentWin32kLockdownState = sandboxSettings.contentWin32kLockdownState;
     } catch (e) {}
     return {
       effectiveContentProcessLevel,
       contentWin32kLockdownState,
     };
   },
 
--- a/toolkit/components/telemetry/docs/data/environment.rst
+++ b/toolkit/components/telemetry/docs/data/environment.rst
@@ -422,17 +422,17 @@ The attribution data is included in some
 sandbox
 ~~~~~~~
 
 This object contains data about the state of Firefox's sandbox.
 
 Specific keys are:
 
 - ``effectiveContentProcessLevel``: The meanings of the values are OS dependent. Details of the meanings can be found in the `Firefox prefs file <https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js>`_. The value here is the effective value, not the raw value, some platforms enforce a minimum sandbox level. If there is an error calculating this, it will be ``null``.
-- ``contentWin32kLockdownState``: The status of Win32k Lockdown for Content process. 1 = "Lockdown enabled", 2 = "Lockdown disabled -- Missing WebRender", 3 = "Lockdown disabled -- Unsupported OS", 4 = "Lockdown disabled -- User pref not set". If there is an error calculating this, it will be ``null``.
+- ``contentWin32kLockdownState``: The status of Win32k Lockdown for Content process. 1 = "Lockdown enabled", 2 = "Lockdown disabled -- Missing WebRender", 3 = "Lockdown disabled -- Unsupported OS", 4 = "Lockdown disabled -- User pref not set", 5 = "Lockdown disabled -- Missing Remote WebGL". If there is an error calculating this, it will be ``null``.
 
 profile
 -------
 
 creationDate
 ~~~~~~~~~~~~
 
 The assumed creation date of this client's profile.
--- a/toolkit/components/telemetry/tests/unit/TelemetryEnvironmentTesting.jsm
+++ b/toolkit/components/telemetry/tests/unit/TelemetryEnvironmentTesting.jsm
@@ -312,17 +312,17 @@ var TelemetryEnvironmentTesting = {
       Assert.equal(
         typeof data.settings.sandbox.contentWin32kLockdownState,
         "number",
         "sandbox.contentWin32kLockdownState must have the correct type"
       );
 
       let win32kLockdownState =
         data.settings.sandbox.contentWin32kLockdownState;
-      Assert.ok(win32kLockdownState >= 1 && win32kLockdownState <= 4);
+      Assert.ok(win32kLockdownState >= 1 && win32kLockdownState <= 5);
     }
 
     // Check "defaultSearchEngine" separately, as it can either be undefined or string.
     if ("defaultSearchEngine" in data.settings) {
       this.checkString(data.settings.defaultSearchEngine);
       Assert.equal(typeof data.settings.defaultSearchEngineData, "object");
     }
 
--- a/widget/windows/GfxInfo.cpp
+++ b/widget/windows/GfxInfo.cpp
@@ -1276,16 +1276,19 @@ static OperatingSystem WindowsVersionToO
 
 static bool OnlyAllowFeatureOnWhitelistedVendor(int32_t aFeature) {
   switch (aFeature) {
     // The GPU process doesn't need hardware acceleration and can run on
     // devices that we normally block from not being on our whitelist.
     case nsIGfxInfo::FEATURE_GPU_PROCESS:
     // We can mostly assume that ANGLE will work
     case nsIGfxInfo::FEATURE_DIRECT3D_11_ANGLE:
+    // Remote WebGL is needed for Win32k Lockdown, so it should be enabled
+    // regardless of HW support or not
+    case nsIGfxInfo::FEATURE_ALLOW_WEBGL_OUT_OF_PROCESS:
       return false;
     default:
       return true;
   }
 }
 
 // Return true if the CPU supports AVX, but the operating system does not.
 #if defined(_M_X64)