gpu: Validate dma-buf size against driver requirements during Vulkan import [chromium/src : main]

0 views

Skip to first unread message

Tzarial (Gerrit)

unread,

May 19, 2026, 10:20:58 PM (5 days ago) May 19

to Vasiliy Telezhnikov, Chromium LUCI CQ, chromium...@chromium.org, alexmo...@chromium.org, cblume...@chromium.org, creis...@chromium.org, navigation...@chromium.org, ozone-...@chromium.org, penghuan...@chromium.org

Attention needed from Vasiliy Telezhnikov

Tzarial added 4 comments

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Tzarial . resolved

Thank you for the detailed review! I updated the fix to be more targeted.

File content/browser/renderer_host/render_process_host_impl.cc

Line 1744, Patchset 1: /*enable_extra_handles_validation=*/true, GetUIThreadTaskRunner({}));

Vasiliy Telezhnikov . unresolved

This will break chrome os and linux. There is reason why we added this bool and not just turned the validation everywhere and it is because we don't know the memory layout that fd points to, so knowing format+size is not enough to validate the file descriptor size.

Tzarial

Removed this and added more targeted logic.

File gpu/vulkan/vulkan_image_linux.cc

Line 76, Patchset 1: base::CheckedNumeric<uint64_t> min_required = size.width();

Vasiliy Telezhnikov . unresolved

Not sure I understood the logic here. This checks that fd has size that is at least width*height bytes, while we know that in most cases we'd need more? How does this help?
If the assumption that we need _at least_ this amount, it's not true either in general case, it can be smaller.

Tzarial

Changed to use GetMemoryRequirements(0), so that it gets the size the driver expects for the specific image format, tiling, and modifiers.

File ui/gfx/native_pixmap_handle.cc

Line 188, Patchset 1: if (static_cast<uint64_t>(fd_size) < handle.planes[i].size) {

Vasiliy Telezhnikov . unresolved

This can't work because we don't know the size unfortunately. On ChromeOS is might be somewhat usable, it's completely made up number on linux.

Tzarial

Removed this query.

Open in Gerrit

Related details

Attention is currently required from:

Vasiliy Telezhnikov

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Vasiliy Telezhnikov (Gerrit)

unread,

May 20, 2026, 3:03:19 PM (4 days ago) May 20

to Tzarial, Chromium LUCI CQ, chromium...@chromium.org, alexmo...@chromium.org, cblume...@chromium.org, creis...@chromium.org, navigation...@chromium.org, ozone-...@chromium.org, penghuan...@chromium.org

Attention needed from Tzarial

Vasiliy Telezhnikov added 1 comment

File gpu/vulkan/vulkan_image_linux.cc

Line 118, Patchset 3 (Latest): if (static_cast<uint64_t>(fd_size) < requirements.size) {

Vasiliy Telezhnikov . unresolved

I guess it's as good as it gets, though it's not quite the right thing either, because:

Drivers can have alignment requirement for external images that are not reflected here.
Drivers can return wrong memory requirements because they don't use it.

We did see both in the past, so please add a kill-switch and DumpWithoutCrashing so we can see early if this actually breaks legit flows.

Open in Gerrit

Related details

Attention is currently required from:

Tzarial

Submit Requirements:

Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Reply all

Reply to author

Forward

0 new messages