There are ways to send surfaces cross-process on each OS. In fact, they're basically the same ways surfman sends them across threads. They require some extra APIs surfman doesn't use yet, though. e.g. on macOS you can convert an IOSurface to a Mach port and back.
-
-
You don't have to mark a surface global to use these APIs. I don't bother to wrap those APIs at the moment because we shouldn't be sending surfaces cross-process in general. Any process that can access the GPU should basically be considered trusted.
1 reply 0 retweets 0 likes -
Replying to @pcwalton @asajeffrey and
Why does Firefox do that then? I've searched for a long time, and AFAICT that's the only way to share surfaces.
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
Because the content process can access the GPU in Firefox. This is a large security deficiency in Firefox relative to Chrome :( They're actively fixing it.
1 reply 0 retweets 2 likes -
Replying to @pcwalton @asajeffrey and
Oh, I misunderstood things about the Mach ports. https://bugs.chromium.org/p/chromium/issues/detail?id=323304 …
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
In general, it's too risky to put content JS and GPU access in the same process. GPU drivers are just too buggy, especially on macOS. Even an out-of-bounds VRAM read could be used to effectively take screenshots of the user's desktop.
2 replies 1 retweet 3 likes -
Replying to @pcwalton @asajeffrey and
Reading the Chromium ticket, we also use globally registered Mach ports in ipc-channel, don't we? Is this something we would like to get rid of at some point?
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
Do we? It's been so long since I really dove into ipc-channel. Manish, Nika, and I have been talking about switching ipc-channel to be a layer on top of Chromium's Mojo IPC at some point, which would let us stop having to maintain that stuff.
2 replies 0 retweets 0 likes -
Replying to @pcwalton @asajeffrey and
IIIRC we generate random names for globally registered Mach ports because that's the only thing the kernel will allow us to share, and the Real Way is XPC services. But at this point I sound like Don Quixote hah.
3 replies 0 retweets 0 likes -
Apple has made it harder and harder to do anything with Mach ports. I do have a Rust crate that gives you access to a child processes' task port but its CI is broken because apparently that doesn't work in anyone's Mac CI anymore:https://github.com/luser/spawn-task-port …
1 reply 0 retweets 3 likes
Another reason why we shouldn't be using cross process texture sharing for anything. The other reason is that I don't trust it to work reliably on X11 for a second.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.