There are definitely support for IPC surfaces in the serde serialisation stuff, and we mark surfaces on macOS global for that very purpose. Glad to know we don’t actually use that though.
-
-
Replying to @nokusu @asajeffrey and
There are ways to send surfaces cross-process on each OS. In fact, they're basically the same ways surfman sends them across threads. They require some extra APIs surfman doesn't use yet, though. e.g. on macOS you can convert an IOSurface to a Mach port and back.
2 replies 0 retweets 0 likes -
You don't have to mark a surface global to use these APIs. I don't bother to wrap those APIs at the moment because we shouldn't be sending surfaces cross-process in general. Any process that can access the GPU should basically be considered trusted.
1 reply 0 retweets 0 likes -
Replying to @pcwalton @asajeffrey and
Why does Firefox do that then? I've searched for a long time, and AFAICT that's the only way to share surfaces.
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
Because the content process can access the GPU in Firefox. This is a large security deficiency in Firefox relative to Chrome :( They're actively fixing it.
1 reply 0 retweets 2 likes -
Replying to @pcwalton @asajeffrey and
Oh, I misunderstood things about the Mach ports. https://bugs.chromium.org/p/chromium/issues/detail?id=323304 …
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
In general, it's too risky to put content JS and GPU access in the same process. GPU drivers are just too buggy, especially on macOS. Even an out-of-bounds VRAM read could be used to effectively take screenshots of the user's desktop.
2 replies 1 retweet 3 likes -
Replying to @pcwalton @asajeffrey and
Reading the Chromium ticket, we also use globally registered Mach ports in ipc-channel, don't we? Is this something we would like to get rid of at some point?
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
Do we? It's been so long since I really dove into ipc-channel. Manish, Nika, and I have been talking about switching ipc-channel to be a layer on top of Chromium's Mojo IPC at some point, which would let us stop having to maintain that stuff.
2 replies 0 retweets 0 likes -
Replying to @pcwalton @asajeffrey and
IIIRC we generate random names for globally registered Mach ports because that's the only thing the kernel will allow us to share, and the Real Way is XPC services. But at this point I sound like Don Quixote hah.
3 replies 0 retweets 0 likes
Yeah, I would love to just outsource that code to Google.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.