Add the disallow_unsafe_apis toggle.

Some APIs exposed by Dawn are not expected to be fully secured until after the first Origin Trial of WebGPU. To prevent their usage we add a new toggle that will be set by default by Chromium. This toggle throws a validation error when an unsafe API is used. Bug: chromium:1138528 Change-Id: I831db70bdac5128ebc32d36d55a0eaefc42c1807 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/31443 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Corentin Wallez <cwallez@chromium.org>
2025-12-20 02:15:43 +00:00 · 2020-11-03 10:54:56 +00:00
parent 43ef0a365b
commit 8d248300c4
7 changed files with 309 additions and 105 deletions
--- a/src/dawn_native/ComputePassEncoder.cpp
+++ b/src/dawn_native/ComputePassEncoder.cpp
@@ -70,6 +70,14 @@ namespace dawn_native {
        mEncodingContext->TryEncode(this, [&](CommandAllocator* allocator) -> MaybeError {
            DAWN_TRY(GetDevice()->ValidateObject(indirectBuffer));

+            // Indexed dispatches need a compute-shader based validation to check that the dispatch
+            // sizes aren't too big. Disallow them as unsafe until the validation is implemented.
+            if (GetDevice()->IsToggleEnabled(Toggle::DisallowUnsafeAPIs)) {
+                return DAWN_VALIDATION_ERROR(
+                    "DispatchIndirect is disallowed because it doesn't validate that the dispatch "
+                    "size is valid yet.");
+            }
+
            if (indirectOffset % 4 != 0) {
                return DAWN_VALIDATION_ERROR("Indirect offset must be a multiple of 4");
            }