Google Git
Sign in
dawn/dawn/refs/heads/chromium/7879
commit
23cf554e645f61acabcd10aac24bfe6d6b0eeeec
[log]
author
Lokbondo Kung <lokokung@google.com>
Fri Jun 05 23:02:56 2026 -0700
committer
dawn-scoped@luci-project-accounts.iam.gserviceaccount.com <dawn-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri Jun 05 23:02:56 2026 -0700
tree
e47721032ea12e4d302fed91a7ecfe9407138823
parent
c801e774e7ecdf68f03f326ca4570732de3ca5c1 [diff]
Reland "[native] Guarantee thread safety during the map async callback."

- This is a reland of commit fd625322444f0c207ac196e258d218a9237ce72e
- Moves locking in map callback in tests. The lock should be held for
  the entire duration of the expectation handling, not only during the
  callback because the callback captures a reference to the `slot`
  which could be invalidated if the expectation states were modified.
  On top of that, it was causing a lock inversion issue under TSAN
  noted in the bug. The original lock was also incorrect because we
  would take that lock when we access all the buffers to Unmap or
  Destroy the expectation buffers, but also try to take the lock again
  in the callback. That means it could have been possible to deadlock
  if we were using AllowSpontaneous instead of AllowProcessEvents,
  i.e. imagine taking the lock, calling Unmap which spontaneously
  calls the callback which tries to take the lock again in the same
  thread.

Bug: 517692772
Original change's description:
> [native] Guarantee thread safety during the map async callback.
>
> - This change makes the pending map mutex into a recursive one so
>   that it can be held throughout the duration of the map async
>   callback. This ensures that during the callback, there cannot be
>   a race with Unmap or Destroy.
> - This addresses the security bug below by because on the server,
>   the call to GetMappedRange always happens in the scope of the map
>   async callback. This means that even if an Unmap or Destroy
>   races, either the Unmap/Destroy will happen first, thereby
>   resulting in a failed map async callback, or the callback will
>   happen first before the Unmap goes through.
> - Note that we needed to use a recursive mutex instead of a normal
>   one because otherwise, a map async callback that calls Unmap
>   would deadlock.
>
> Bug: 517692772
> Change-Id: I25068c3722a138ec3014a5b942457e5d484462ec
> Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/313216
> Reviewed-by: Kai Ninomiya <kainino@chromium.org>
> Reviewed-by: Kyle Charbonneau <kylechar@google.com>
> Commit-Queue: Loko Kung <lokokung@google.com>

Bug: 517692772
Change-Id: Ic07bacc8e99cf8305038c1489458218a3f138e6c
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/313915
Auto-Submit: Loko Kung <lokokung@google.com>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
3 files changed
tree: e47721032ea12e4d302fed91a7ecfe9407138823
  1. .github/
  2. .vscode/
  3. agents/
  4. build_overrides/
  5. docs/
  6. generator/
  7. include/
  8. infra/
  9. scripts/
  10. src/
  11. test/
  12. third_party/
  13. tools/
  14. webgpu-cts/
  15. build
  16. buildtools
  17. testing
  18. .bazelrc
  19. .bazelversion
  20. .clang-format
  21. .clang-format-ignore
  22. .clang-tidy
  23. .git-blame-ignore-revs
  24. .gitattributes
  25. .gitignore
  26. .gitmodules
  27. .gn
  28. .style.yapf
  29. .vpython3
  30. AUTHORS
  31. BUILD.bazel
  32. BUILD.gn
  33. CMakeLists.txt
  34. CMakeSettings.json
  35. CODE_OF_CONDUCT.md
  36. codereview.settings
  37. CONTRIBUTING.md
  38. CPPLINT.cfg
  39. DEPS
  40. DIR_METADATA
  41. go.mod
  42. go.sum
  43. go_presubmit_support.py
  44. LICENSE
  45. MODULE.bazel
  46. MODULE.bazel.lock
  47. OWNERS
  48. PRESUBMIT.py
  49. PRESUBMIT_test.py
  50. README.chromium
  51. README.md
  52. unsafe_buffers_paths.txt
  53. WATCHLISTS
  54. WORKSPACE.bazel
README.md

Build Status Matrix Space

Dawn, a WebGPU implementation

Dawn is an open-source and cross-platform implementation of the WebGPU standard. More precisely it implements webgpu.h that is a one-to-one mapping with the WebGPU IDL. Dawn is meant to be integrated as part of a larger system and is the underlying implementation of WebGPU in Chromium.

Dawn provides several WebGPU building blocks:

  • WebGPU C/C++ headers that applications and other building blocks use.
    • The webgpu.h version that Dawn implements.
    • A C++ wrapper for the webgpu.h.
  • A “native” implementation of WebGPU using platforms' GPU APIs: D3D12, Metal, Vulkan and OpenGL. See per API support for more details.
  • A client-server implementation of WebGPU for applications that are in a sandbox without access to native drivers
  • Tint is a compiler for the WebGPU Shader Language (WGSL) that can be used in standalone to convert shaders from and to WGSL.

Helpful links:

Documentation table of content

Developer documentation:

User documentation: (TODO, figure out what overlaps with the webgpu.h docs)

License

BSD 3-Clause License, please see LICENSE.

Disclaimer

This is not an officially supported Google product.