Isolating GPU Access in its Own Process (Foss-North 2018)
0 likes805 views
The document discusses the architecture and benefits of isolating GPU access in web browsers, particularly within the Chromium framework. Key reasons for using a separate GPU process include enhancing security, robustness, and dependency separation, which help prevent crashes and resource leaks. It also details the communication architecture for processing video frames and provides insights on implementation design in browser rendering processes.
Isolating GPU Access in its Own Process (Foss-North 2018)
- 2. Isolating GPU Access in its own process @pati_gallardo Patricia Aas Foss-North, Gothenburg, Sweden, 2018
- 3. Patricia Aas - Vivaldi Browser Programmer - mainly in C++ Currently : Vivaldi Technologies Previously : Cisco Systems, Knowit, Opera Software Master in Computer Science - main language Java Twitter : @pati_gallardo
- 5. @pati_gallardo Disclaimer: This Talk Is a bit Linux Focused ¯_(ツ)_/¯
- 6. - What is Chromium? - Why have a GPU process? - Communication Architecture - Passing A Video Frame - Can I Use? @pati_gallardo
- 8. Konqueror Safari Chrome Brave Vivaldi Opera KHTML Webkit Blink KDE Apple Google
- 9. Process Architecture Browser Gpu BrokerZygote Renderer GpuZygote Init Renderer Renderer Process Relationships Tabs
- 10. Composition The Browser Window is composed of many views produced by many cooperating processes @pati_gallardo
- 11. - What is Chromium? - Why have a GPU process? - Communication Architecture - Passing A Video Frame - Can I Use? @pati_gallardo
- 12. @pati_gallardo Why Not Do GPU Composition in The Browser Process?
- 13. Well, Actually… On Android It Does… But I Digress… @pati_gallardo
- 14. 1. Security 2. Robustness 3. Dependency Separation @pati_gallardo
- 16. Example Texture memory being leaked across processes - From Other Programs on the Users Machine - From Other Tabs - From the Browser @pati_gallardo
- 20. Graphics Drivers Crashing the Browser - Prevent bugs in GPU drivers from crashing the browser - Make sure graphics code in WebGL can’t crash the browser - Compensate for Graphics Driver Bugs/Inconsistencies @pati_gallardo
- 22. Keep GPU Process Dependencies Out of the Renderer process - Minimize the renderer sandbox - Can Have Different Dependencies @pati_gallardo
- 24. Before We Dive In - Deep Breath :D@pati_gallardo
- 25. “We can solve any problem by introducing an extra level of indirection. …except for the problem of too many levels of indirection” Fundamental theorem of software engineering Andrew Koenig/Butler Lampson/David J. Wheeler @pati_gallardo
- 26. - What is Chromium? - Why have a GPU process? - Communication Architecture - Passing A Video Frame - Can I Use? @pati_gallardo
- 27. IPC, Commands & Synchronization @pati_gallardo
- 28. Process Architecture Browser Gpu BrokerZygote Renderer GpuZygote Init Renderer Renderer Process Relationships Tabs
- 29. Communication Architecture Renderer Gpu Process Browser Renderer IPC Channels Shared Memory Gpu Memory BuffersCommand Buffers
- 30. High Level Design Client - Server Architecture Emulates OpenGl ES2.0 Actual Graphics Implementation is Platform Specific Composition in GPU Process Page Composition Controlled From Renderer @pati_gallardo
- 31. OpenGL ES2 calls are serialized into “Commands” That are placed in a Ring Buffer in Shared Memory called a “Command Buffer”. The GPU process de-serializes them, does validation, maybe some workarounds, and executes them using the Platform Graphics System. @pati_gallardo Implementation Design
- 32. Client Renderer / Browser - Write commands to shared memory - Update ‘put’ pointer - Signal GPU process @pati_gallardo
- 33. Server GPU Process - Read commands from shared memory - Validate command and arguments - Make actual call@pati_gallardo
- 35. Gpu Process Command Buffer IPC Channel Command Stream Ordering Barrier Unverified Sync Token Wait Sync Token Wait Sync TokenCommandCommand Command Command Command Command CommandVerified Sync TokenBrowser Renderer Renderer Command Command CommandCommand CommandCommand
- 36. Sync Token - Inserts a synchronization fence into the command stream - Can be attached to a resource (texture) that cannot be used before all previous commands have been processed @pati_gallardo
- 37. Mailbox Holder 1. Mailbox - unique name 2. SyncToken - fence 3. Texture Target Type (if texture backed) @pati_gallardo
- 38. - What is Chromium? - Why have a GPU process? - Communication Architecture - Passing A Video Frame - Can this work for you? @pati_gallardo
- 40. Compositing in Chromium - Software Compositing is Done In the Browser Process - Hardware/GPU Compositing is Done in the GPU Process (Except on Android where there is a GPU thread in the Browser Process) @pati_gallardo
- 41. Insert Some Hand Waving The full architecture is massive We will follow one path A software decoded video frame @pati_gallardo
- 42. Getting a Video Frame into the Page @pati_gallardo
- 43. Software Decoded Video Frame - Decoded Frame in Memory in RENDERER PROCESS - GPU Composition is done in the GPU PROCESS - The Frame needs to be uploaded to the GPU as a Texture @pati_gallardo
- 44. “At a high enough level of abstraction, everything looks the same.” Law of PowerPoint Architecture Patricia Aas, 2018 @pati_gallardo
- 46. Decoding Video Browser Process Network stack Renderer Decoder* VideoFrame Memory Buffer Y Plane U Plane V Plane Internet * Sometimes decodeing is done in the GPU process
- 49. OES_EGL_image_external Extension that creates EGLImage texture targets from EGLImages “Each TEXTURE_EXTERNAL_OES texture object may require up to 3 texture image units for each texture unit to which it is bound.” @pati_gallardo
- 50. VideoFrame VideoFrame Memory Buffer V Plane Y Plane U Plane Shared Memory Gpu ProcessRenderer Transform the Video Frame into a GPU Resource Y Plane Texture UV Plane Texture Plane Resources Y Plane GpuMemoryBufferUV Planes GpuMemoryBuffer MailboxHolder SyncToken MailboxMailbox MailboxHolder
- 52. VideoFrame Shared Memory Gpu ProcessRenderer Y Plane Texture UV Plane Texture Plane Resources Y Plane GpuMemoryBufferUV Planes GpuMemoryBuffer MailboxHolder SyncToken Mailbox Mailbox MailboxHolder Transferrable Resource Texture filter GL_LINEAR Texture target GL_TEXTURE_2D Transferrable Resource Texture filter GL_LINEAR Texture target GL_TEXTURE_2D Id: 0 Id: 1 Move into a Transferrable Resource
- 54. YUVVideoDrawQuad Gpu ProcessRenderer Y Plane Texture UV Plane Texture MailboxHolder SyncToken Mailbox MailboxHolder Mailbox RenderPass Resources Id: 0 Id: 1 Transferrable Resource Texture filter GL_LINEAR Texture target GL_TEXTURE_2D Transferrable Resource Texture filter GL_LINEAR Texture target GL_TEXTURE_2D Id: 0 Id: 1 LayerTreeResourceProvider
- 56. YUVVideoDrawQuad Resources Id: 0 Id: 1 Render The Frame! GLRenderer::DrawYUVVideoQuad clip_region
- 58. Examples : Chromium GLES2 Extensions ● CHROMIUM_image ● CHROMIUM_texture_mailbox ● CHROMIUM_sync_point @pati_gallardo
- 59. - What is Chromium? - Why have a GPU process? - Communication Architecture - Passing A Video Frame - Can I Use? @pati_gallardo
- 60. Not Exactly Cut And Paste @pati_gallardo
- 61. Three APIs are in use in the renderer 1. Opengl ES2 2. Chromium GL ES2 Extensions 3. Chromium APIs @pati_gallardo
- 62. “All non-trivial abstractions, to some degree, are leaky.” Law of Leaky Abstractions Joel Spolsky, 2002 @pati_gallardo
- 63. - Ok, but… Can I Use? - Hm, don’t know… Maybe? ¯_(ツ)_/¯ @pati_gallardo
- 64. @pati_gallardo
- 65. Make Everyone Feel Safe To Be Themselves @pati_gallardo
- 66. Vivaldi Swag Patricia Aas, Vivaldi Technologies @pati_gallardo Photos from pixabay.com
- 68. Copy Video Frame To GPU Memory Buffer - CopyVideoFrameToGpuMemoryBuffers - OutputFormat::NV12_SINGLE_GMB - CopyRowsToNV12Buffer - libyuv::I420ToNV12 - GpuMemoryBufferImplSharedMemory @pati_gallardo
- 69. VideoFrame FrameResources gfx::Size PlaneResource Mailbox Unique Name SyncToken MailboxHolder PlaneResource PlaneResource 2. CreateImageCHROMIUM GpuMemoryBuffer GpuMemoryBufferVideoFramePool Resource lifetime ownership MailboxHolder MailboxHolder 3. BindTexImage2DCHROMIUM image_id 1. BindTexture texture_target texture_id 1 to 3 1 to 3
- 71. VideoFrameProvider Client VideoFrameController Client InputHandler Client LayerTreeHostImpl VideoFrameCompositor VideoRendererSink OnBeginFrame DidDrawFrame UpdateCurrentFrame GetCurrentFrame PutCurrentFrame VideoRendererImpl Render OnFrameDropped VideoFrameProviderClientImplVideoFrameProviderClientImplVideoFrameProviderClientImpl Video Frame Painting VideoFrame current_frame_ VideoLayerImpl active_video_layer_ DecodersVideoResourceUpdater
- 72. Useful files to read gpu_memory_buffer_video_frame_pool.cc video_resource_updater.cc gl_renderer.cc (GLRenderer::DrawYUVVideoQuad) program_binding.cc (ProgramKey::YUVVideo) @pati_gallardo
- 74. Share Group - Command Buffers in the same share group must be in the same Command Stream - gl::GLFence - eglFenceSyncKHR (EGL_KHR_fence_sync) - eglWaitSyncKHR (EGL_KHR_wait_sync) @pati_gallardo