Commit Graph

5 Commits

Author SHA1 Message Date
Loko Kung 2e1b359087 Add wire serialized command buffer padding.
Pads serialized wire command buffers to 8 bytes so that we don't have
misaligned write/reads which can cause SIGILL depending on platform and
compilation mode, i.e. -c dbg in google3 builds.

- Adds helpers for aligning sizeof calls.
- Adds constant for wire padding (8u).
- Modifies BufferConsumer to allocate according to padding. This
  guarantees that when we [de]serialize stuff, the padding should be
  equal on both sides.
- Modifies extra byte serialization code (adding CommandExtension
  struct). This makes it clearer that each extension needs to be
  padded independently. Otherwise, before in wire/client/Buffer.cpp,
  since the read/write handle sizes were being passed as a sum, but
  read out separately from the BufferConsumer, we corrupt our pointers.
- Adds some simple unit tests.

Bug: dawn:1334
Change-Id: Id80e7c01a34b9f01c3f02b3e6c04c3bb3ad0eff9
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110501
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Loko Kung <lokokung@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
2022-11-22 23:19:43 +00:00
Austin Eng ba68620f6f Do not memcpy transparent wire structs on serialization
This removes a serialization optimization where structs could be
memcpy'ed. memcpy is still used for deserialization of structs.

Structs may contain padding bytes which when copied can leak
uninitialized data across a trusted boundary. In Chrome, this
means previously-written or uninitialized bytes in the GPU process
could leak into the Renderer process.

In the future, we may be able to bring this back by introducing
a concept of safe-to-memcpy structs, or by forking the code so
that Renderer->GPU process uses the unsafe memcpy, and
GPU->Renderer uses to the safe member-by-member version.

An alternative might be to ensure that everything returned from
the WebGPU API has initialized padding, but this invariant is not
trivial to guarantee.

Fixed: chromium:1359098
Change-Id: I91151251d1ab999e0f5552e1efccc472e451cc10
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/102461
Reviewed-by: Brandon Jones <bajones@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Austin Eng <enga@chromium.org>
2022-09-16 14:14:08 +00:00
Corentin Wallez 87af04b769 dawn::wire: Separate ObjectHandle to its own header.
This allows using it without including all of WireCmd_autogen.h. Start
using in client::ObjectBase to use the typedef for ObjectId.

Bug: dawn:1451
Change-Id: I80e7247cc0e83ae48818b0d73b5236c6980204d1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/93145
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
2022-06-14 13:22:16 +00:00
Austin Eng 6a224fbd52 Remove custom serialization of device properties
Fixed: chromium:1315260
Change-Id: I1b4847289f34034a2a0bb5f5c8405ccf9d8e9c3b
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92120
Commit-Queue: Austin Eng <enga@chromium.org>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Auto-Submit: Austin Eng <enga@chromium.org>
2022-05-31 20:07:39 +00:00
Ben Clayton 20cbe6d9e8 tint->dawn: Move src/dawn_wire -> src/dawn/wire
Bug: dawn:1275
Change-Id: I56535bf4d387c4bd423140705ea70812be073eac
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/79081
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
2022-02-04 12:51:25 +00:00