(In reply to Nathan Froyd [:froydnj] from comment #5)

Maybe jld's async process launch work will really help here?

Somewhat. RDDProcessManager::CreateContentBridge would need to be changed to return a promise, and then the SendInitRemoteDecoder could be chained off of that and happen asynchronously, and then in the content process RecvInitRemoveDecoder does an async dispatch, so that's already unordered relative to PContent IPC and in theory shouldn't need further changes.

As for the “changed to return a promise“ part, chaining from WhenProcessHandleReady should be enough: the process handle is all that's needed to construct endpoints, and RDDProcessHost::InitAfterConnect (and thus RDDChild::Open) already doesn't happen-before anything blocking on WaitUntilConnected, so making the latter run earlier shouldn't make a difference.

OK not fully confirmed it yet, but I think this is actually the same problem as bug 1481518 comment 17.
In the case of the RDD process, the new thread will be running at USER_LOCKDOWN, so won't have access to Program Files* either.

Interestingly, this would also cause a problem for any child process launch for chromium (apart from maybe their GPU process), so I guess they'll need to solve this problem as well.
I'll investigate further, but maybe turning off the RDD process for arm64 should be the work-around at the moment.

Not sure who would make a final decision on that ... mjf?
However, it's never going to launch successfully with the sandbox at that moment.

We should disable it on Arm64 for now and file a follow-up to fix the underlying issue. The artificial delay is causing a pretty negative impression with early testers.

(In reply to Bob Owen (:bobowen) from comment #12)

I'll investigate further, but maybe turning off the RDD process for arm64 should be the work-around at the moment.

Not sure who would make a final decision on that ... mjf?
Turning off RDD almost certainly means turning off AV1 also, so that will not be my decision. Jean-Yves?

(In reply to Michael Froman [:mjf] from comment #14)

Turning off RDD almost certainly means turning off AV1 also, so that will not be my decision. Jean-Yves?

Just to be clear: we only want to disable this on Windows on Arm64. Regardless, if AV1 needs RDD it's certainly not working now as the process just crashes.

(In reply to Eric Rahm [:erahm] from comment #15)

(In reply to Michael Froman [:mjf] from comment #14)

Turning off RDD almost certainly means turning off AV1 also, so that will not be my decision. Jean-Yves?

Just to be clear: we only want to disable this on Windows on Arm64. Regardless, if AV1 needs RDD it's certainly not working now as the process just crashes.
AV1 can be decoded without using a separate process but it was considered a security risk to do so. The purpose of the RDD process is to sandbox AV1 to reduce that risk. That risk should be considered when deciding on whether to leave AV1 default enabled for Arm64.

I've confirmed that this is the same issue with parallel DLL loading.
We've already had a reply from Microsoft over one way of turning this off in the registry by creating:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe]
"MaxLoaderThreads"=dword:00000001

It looks like they have a way of setting this by some other means automatically, I'm not totally clear as to whether that sets the registry or uses a different mechanism, but that doesn't really matter.

(In reply to Michael Froman [:mjf] from comment #16)

(In reply to Eric Rahm [:erahm] from comment #15)

(In reply to Michael Froman [:mjf] from comment #14)

Turning off RDD almost certainly means turning off AV1 also, so that will not be my decision. Jean-Yves?

Just to be clear: we only want to disable this on Windows on Arm64. Regardless, if AV1 needs RDD it's certainly not working now as the process just crashes.

AV1 can be decoded without using a separate process but it was considered a security risk to do so. The purpose of the RDD process is to sandbox AV1 to reduce that risk. That risk should be considered when deciding on whether to leave AV1 default enabled for Arm64.

Right, but disabling the RDD process on arm64 until Microsoft can roll out this change should be uncontroversial, as it just crashes now anyway.

Will the patch at bug 1514874 fix this issue for us?

(In reply to Asa Dotzler [:asa] from comment #18)

Will the patch at bug 1514874 fix this issue for us?

It will remove the 5 second delay from startup, but fix the functionality of the RDD process (av1 videos).

*but it won't fix the functionality

I've spoken to mjf on IRC, I'm going to disable the RDD process and AV1 on arm64 until we can fix the RDD process:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=65708e024a80b82297a60d86291c0061ba73b2fd

I've tested the opt try build on x86 and rdd process and av1 are still enabled and working.
I've also confirmed they are disabled on the aarch64 build and that the delay has gone.

disabling AV1 on windows ARM64 seem an acceptable compromise, I doubt it would work well anyway

https://hg.mozilla.org/mozilla-central/rev/3951a4f90911

I'm looking at adding the registry entries to the installer to set the MaxLoaderThreads and fix this issue (for normal installs) in bug 1519368.

Reproduced the issue on affected Nightly 66 and 67 (2019-01-01) on laptop Lenovo Yoga with Windows 10 x64.
Verified - Fixed on Firefox Beta 66.0 (2019-03-11) on the OS mentioned above.