[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] WebVulkan

To: Justin Novosad <junov@google.com>
Subject: Re: [Public WebGL] WebVulkan
From: "Kearwood \"Kip\" Gilbert" <kgilbert@mozilla.com>
Date: Mon, 8 Aug 2016 14:34:43 -0700
Cc: Florian Bösch <pyalot@gmail.com>, Jeff Gilbert <jgilbert@mozilla.com>, Mark Callow <khronos@callow.im>, Brandon Jones <bajones@google.com>, Floh <floooh@gmail.com>, Steve Baker <steve@sjbaker.org>, public webgl <public_webgl@khronos.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=SHJIHPl3lU2ps2gHYmwI33nYfSOnEH9G5ceuwlk6grw=; b=q2Vb5WQGzKR7C4Jj78jsKJxgsakYx2mZR04NNnXxb8TZuEpoL5QPx/0+uA9uQXBj5p eMCB3PknULj94g6vKa163pSvuVV1J76K8HzmnJyArZ07zWTKPFLJMp2gs5nzhiUENDzf yCNmUywmfbvXLyiF4z0yXz0moEmm04vQnf/kr2tOtavl+PvupjTQebnhws+gcnnK1Iu6 Q0k+h7A04+VSdeMZqCl3fTMyJSQJM6SgzoPCruntbqF+VpeNkotIrlKXU4Ci6FiA8se9 VHFgjKr4DG4JdVcSRHd6mioMM3ZbWEBE/ZQbbGQD780yoj9kOEXK50aeY/pSCmSx7kAu mevw==
In-reply-to: <CABpaAqQsLYi6+K7N+NqpVx-0dZRussHBNsdX5Ay4J7gBKmRJXQ@mail.gmail.com>
List-archive: <https://www.khronos.org/webgl/public-mailing-list/archives/>
List-id: Public WebGL Mailing List <public_webgl.khronos.org>
List-owner: <mailto:owners-public_webgl@khronos.org>
List-post: <mailto:public_webgl@khronos.org>
List-subscribe: <mailto:majordomo@khronos.org?body=subscribe%20public_webgl>
List-unsubscribe: <mailto:majordomo@khronos.org?body=unsubscribe%20public_webgl>
References: <CAOK8ODhP9Tt7=fQR-RY-9H1GMzn5HG+Pyt76P3OE9bSwCMBv2w@mail.gmail.com> <04b4740568382d51786a725ef3e8236d.squirrel@webmail.sjbaker.org> <CAF00CNSFOF+GSSA480fOZr8oWeVHX56VoER_nV0ynOABQ9ZKYg@mail.gmail.com> <CAEGwwi1LMNeg8ybf+pU6NCGZZuLpdVgtzUGD5TPOMQw+WcL4Yg@mail.gmail.com> <CAOK8ODjTN+iMJ80c1wu0mMxys5kyCae0denNN4d+b38tTThYpA@mail.gmail.com> <CAEGwwi0k96QPe_Q-xNGhEuYgYryQVrVrr1v85iyksu-hJ0wPCQ@mail.gmail.com> <CAOK8ODhATSR8-MNfYm98t1DgMHkPOENhJjxMFSHeJJ1xh07WPA@mail.gmail.com> <CAEGwwi1PS79AF+npr-myCcRp0-hH_M3Y3prHwS8mUqC1Nu_aJA@mail.gmail.com> <4E76237F-20EE-4903-B07A-3DEC51A817CC@mozilla.com> <F0786621-98D1-4AF9-94C6-8BC51AE5F62C@callow.im> <CAOztSJ2SO=sA+O2g6LEdBJ5HyzBTEatxzBAbxzRDv6n=19z2RQ@mail.gmail.com> <CAOK8ODjMK7uOgF_0+=dwVLO62KJz-fu419pWAYKV9m6tHU_DvQ@mail.gmail.com> <CABpaAqQsLYi6+K7N+NqpVx-0dZRussHBNsdX5Ay4J7gBKmRJXQ@mail.gmail.com>
Sender: owners-public_webgl@khronos.org

IIRC, GPU drivers already enforce process isolation. Could this be solved by offloading each WebVulkan context to a separate process? Could we guarantee that modern GPU’s that support Vulkan include an MMU and apply memory protection?

Otherwise, I would be glad to help in any way when it comes time to add “webby-ness” to Vulkan. :-)

Cheers,

- Kearwood “Kip” Gilbert

On Aug 8, 2016, at 2:22 PM, Justin Novosad <junov@google.com> wrote:

On Mon, Aug 8, 2016 at 4:33 PM, Florian Bösch <pyalot@gmail.com> wrote:
On Mon, Aug 8, 2016 at 9:27 PM, Jeff Gilbert <jgilbert@mozilla.com> wrote:
I'm confident we can expose something like Vulkan on top of Metal without too much friction.
It's the "like" bit that worries me, a bit. I'm sure Epic and Unity3D would find it rather convenient if they could plug their Vulkan backends more or less straight into the web (via web-assembly no doubt). It's also the case that all the documentation, books, references, tooling, middlewares, etc. that do start to exist for Vulkan, would help.

If you can par down on Vulkan but keep it vulkan compatible (insofar as that doesn't conflict with the webby-ness of the web), fine, call it Vulkan ES or something. The trouble starts when Vulkan ES doesn't conform to the principles, signatures and behaviors that Vulkan establishes, just as that's everytime incredibly troublesome when that happens in GL land (floating point textures anybody?).

To clarify the constraints of "webby-ness", the main thing that really ties our hands is security. We cannot allow scripts or web assembly (or any other form of executable code downloaded from the web) to have a means of accessing memory that lies outside of its execution context. For example, _javascript_ code can only access memory belonging to objects that are on the JS heap. Therefore, the Vulkan memory model simply cannot be exposed to the web. Without proper execution context isolation, it becomes a lot easier for attackers to find exploits for writing web pages that do things like take over your machine.

References:
- Re: [Public WebGL] WebVulkan
  - From: Florian Bösch <pyalot@gmail.com>
- Re: [Public WebGL] WebVulkan
  - From: "Steve Baker" <steve@sjbaker.org>
- Re: [Public WebGL] WebVulkan
  - From: Floh <floooh@gmail.com>
- Re: [Public WebGL] WebVulkan
  - From: Brandon Jones <bajones@google.com>
- Re: [Public WebGL] WebVulkan
  - From: Florian Bösch <pyalot@gmail.com>
- Re: [Public WebGL] WebVulkan
  - From: Brandon Jones <bajones@google.com>
- Re: [Public WebGL] WebVulkan
  - From: Florian Bösch <pyalot@gmail.com>
- Re: [Public WebGL] WebVulkan
  - From: Brandon Jones <bajones@google.com>
- Re: [Public WebGL] WebVulkan
  - From: "Kearwood \"Kip\" Gilbert" <kgilbert@mozilla.com>
- Re: [Public WebGL] WebVulkan
  - From: Mark Callow <khronos@callow.im>
- Re: [Public WebGL] WebVulkan
  - From: Jeff Gilbert <jgilbert@mozilla.com>
- Re: [Public WebGL] WebVulkan
  - From: Florian Bösch <pyalot@gmail.com>
- Re: [Public WebGL] WebVulkan
  - From: Justin Novosad <junov@google.com>

Prev by Date: Re: [Public WebGL] WebVulkan
Next by Date: Re: [Public WebGL] WebVulkan
Previous by thread: Re: [Public WebGL] WebVulkan
Next by thread: Re: [Public WebGL] WebVulkan
Index(es):
- Date
- Thread