Oh cross threads! Ok that makes more sense.
-
-
Servo makes sure that any threads using the GPU are all in the same process. There might be clever way to get surfaces sent between processes, but we're not using it.
1 reply 0 retweets 0 likes -
Replying to @asajeffrey @pcwalton and
There are definitely support for IPC surfaces in the serde serialisation stuff, and we mark surfaces on macOS global for that very purpose. Glad to know we don’t actually use that though.
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
There are ways to send surfaces cross-process on each OS. In fact, they're basically the same ways surfman sends them across threads. They require some extra APIs surfman doesn't use yet, though. e.g. on macOS you can convert an IOSurface to a Mach port and back.
2 replies 0 retweets 0 likes -
You don't have to mark a surface global to use these APIs. I don't bother to wrap those APIs at the moment because we shouldn't be sending surfaces cross-process in general. Any process that can access the GPU should basically be considered trusted.
1 reply 0 retweets 0 likes -
Replying to @pcwalton @asajeffrey and
Why does Firefox do that then? I've searched for a long time, and AFAICT that's the only way to share surfaces.
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
Because the content process can access the GPU in Firefox. This is a large security deficiency in Firefox relative to Chrome :( They're actively fixing it.
1 reply 0 retweets 2 likes -
Replying to @pcwalton @asajeffrey and
Oh, I misunderstood things about the Mach ports. https://bugs.chromium.org/p/chromium/issues/detail?id=323304 …
1 reply 0 retweets 0 likes -
Replying to @nokusu @asajeffrey and
In general, it's too risky to put content JS and GPU access in the same process. GPU drivers are just too buggy, especially on macOS. Even an out-of-bounds VRAM read could be used to effectively take screenshots of the user's desktop.
2 replies 1 retweet 3 likes -
What's the safer alternative? Just using IPC to transfer desired draw calls/layer state/whatever? (Presumably as long as you have shared memory to transfer textures it'd be OK?)
1 reply 0 retweets 0 likes
Yeah, proxy high-level graphics commands over to another trusted process, using memory-safe IPC code.
-
-
Replying to @pcwalton @TedMielczarek and
Ideally content JS would be in a process by itself, with even layout in a separate process. I don't know if this is possible, though. Even if we had a memory-safe JIT, we'd want to do that for Spectre mitigation.
1 reply 0 retweets 3 likes -
Replying to @pcwalton @TedMielczarek and
We'd have to put the DOM in shared memory. Either that or send DOM diffs from the content process to the layout process. Hey,
@nokusu, feel like rearchitecting layout again?2 replies 0 retweets 1 like - 10 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.