This removes a serialization optimization where structs could be
memcpy'ed. memcpy is still used for deserialization of structs.
Structs may contain padding bytes which when copied can leak
uninitialized data across a trusted boundary. In Chrome, this
means previously-written or uninitialized bytes in the GPU process
could leak into the Renderer process.
In the future, we may be able to bring this back by introducing
a concept of safe-to-memcpy structs, or by forking the code so
that Renderer->GPU process uses the unsafe memcpy, and
GPU->Renderer uses to the safe member-by-member version.
An alternative might be to ensure that everything returned from
the WebGPU API has initialized padding, but this invariant is not
trivial to guarantee.
Fixed: chromium:1359098
Change-Id: I91151251d1ab999e0f5552e1efccc472e451cc10
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/102461
Reviewed-by: Brandon Jones <bajones@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Austin Eng <enga@chromium.org>
This allows using it without including all of WireCmd_autogen.h. Start
using in client::ObjectBase to use the typedef for ObjectId.
Bug: dawn:1451
Change-Id: I80e7247cc0e83ae48818b0d73b5236c6980204d1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/93145
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
Austin Eng
Corentin Wallez
Ben Clayton