| commit | 804d061b2e17c0a98c35b0e3aa64d4997d2d42b7 | [log] [tgz] |
|---|---|---|
| author | Brandon Castellano <bcastell@google.com> | Fri Feb 21 18:27:00 2025 +0000 |
| committer | CQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com> | Thu Mar 06 09:29:53 2025 -0800 |
| tree | afa002b5c23667455e41d215040a79d64983e907 | |
| parent | 7592110a9804aa28f67c2dfcae4b801135f46938 [diff] |
[Vulkan-Loader] Ensure directories have read permissions
As part of the io2 migration, we must ensure all directories are
explicitly *Opened* instead of using common *Connect* operations, since
the latter does not use any flags/rights. Because of this, when a
directory is connected to like a service, the connection lacks any
rights.
The Vulkan loader callbacks that open directories and connect to
services do not take any flag arguments, so we need to infer what the
target is based on the path. As all of these paths have well known
formats, so we make two assumptions:
1. Paths such as `/loader-gpu-devices/class/gpu/001` should be
connected to as a service (i.e. to the underlying device
protocol).
2. The `/loader-gpu-devices` directory should be opened as a
directory.
3. All other class paths that don't point to a particular device
instance, such `/loader-gpu-devices/class/gpu`, should be opened as
directories.
Opening directories with PERM_READABLE will be required to enumerate
child entries of these paths.
This only works right now as in io1, many operations - like directory
enumeration - were unprivileged. In order to start enforcing the new io2
rights model, we need to require that callers opening directories (or
other node types) explicitly set the flags/rights they want.
Bug: 376575307
Change-Id: I04d6cee4e17d083e212b4948bee17f6b13744cc0
Reviewed-on: https://fuchsia-review.googlesource.com/c/third_party/Vulkan-Loader/+/1211784
Reviewed-by: Craig Stout <cstout@google.com>
Commit-Queue: Brandon Castellano <bcastell@google.com>
This project provides the Khronos official Vulkan Loader for all platforms except Android
Vulkan is an explicit API, enabling direct control over how GPUs actually work. As such, Vulkan supports systems that have multiple GPUs, each running with a different driver, or ICD (Installable Client Driver). Vulkan also supports multiple global contexts (instances, in Vulkan terminology). The ICD loader is a library that is placed between a Vulkan application and any number of Vulkan drivers, in order to support multiple drivers and the instance-level functionality that works across these drivers. Additionally, the loader manages inserting Vulkan layer libraries, such as validation layers, between an application and the drivers.
This repository contains the Vulkan loader that is used for Linux, Windows, MacOS, and iOS. There is also a separate loader, maintained by Google, which is used on Android.
The following components are available in this repository:
Please see the CONTRIBUTING.md file in this repository for more details. Please see the GOVERNANCE.md file in this repository for repository management details.
BUILD.md includes directions for building all components.
Architecture and interface information for the loader is in docs/LoaderInterfaceArchitecture.md.
Updates to this repository which correspond to a new Vulkan specification release are tagged using the following format: v<version> (e.g., v1.3.266).
Note: Marked version releases have undergone thorough testing but do not imply the same quality level as SDK tags. SDK tags follow the vulkan-sdk-<version>.<patch> format (e.g., vulkan-sdk-1.3.266.0).
This scheme was adopted following the 1.3.266 Vulkan specification release.
This work is released as open source under a Apache-style license from Khronos including a Khronos copyright.
While this project has been developed primarily by LunarG, Inc., there are many other companies and individuals making this possible: Valve Corporation, funding project development; Khronos providing oversight and hosting of the project.