Pads serialized wire command buffers to 8 bytes so that we don't have
misaligned write/reads which can cause SIGILL depending on platform and
compilation mode, i.e. -c dbg in google3 builds.
- Adds helpers for aligning sizeof calls.
- Adds constant for wire padding (8u).
- Modifies BufferConsumer to allocate according to padding. This
guarantees that when we [de]serialize stuff, the padding should be
equal on both sides.
- Modifies extra byte serialization code (adding CommandExtension
struct). This makes it clearer that each extension needs to be
padded independently. Otherwise, before in wire/client/Buffer.cpp,
since the read/write handle sizes were being passed as a sum, but
read out separately from the BufferConsumer, we corrupt our pointers.
- Adds some simple unit tests.
Bug: dawn:1334
Change-Id: Id80e7c01a34b9f01c3f02b3e6c04c3bb3ad0eff9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110501
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Loko Kung <lokokung@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
This removes a serialization optimization where structs could be
memcpy'ed. memcpy is still used for deserialization of structs.
Structs may contain padding bytes which when copied can leak
uninitialized data across a trusted boundary. In Chrome, this
means previously-written or uninitialized bytes in the GPU process
could leak into the Renderer process.
In the future, we may be able to bring this back by introducing
a concept of safe-to-memcpy structs, or by forking the code so
that Renderer->GPU process uses the unsafe memcpy, and
GPU->Renderer uses to the safe member-by-member version.
An alternative might be to ensure that everything returned from
the WebGPU API has initialized padding, but this invariant is not
trivial to guarantee.
Fixed: chromium:1359098
Change-Id: I91151251d1ab999e0f5552e1efccc472e451cc10
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/102461
Reviewed-by: Brandon Jones <bajones@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Austin Eng <enga@chromium.org>
This allows using it without including all of WireCmd_autogen.h. Start
using in client::ObjectBase to use the typedef for ObjectId.
Bug: dawn:1451
Change-Id: I80e7247cc0e83ae48818b0d73b5236c6980204d1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/93145
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>