shared IOSurfaces: kIOSurfaceIsGlobal deprecated in El-Cap/OSX 10.11?

App & System Services Core OS
natbro
natbro OP
Created Sep ’15
Replies 6
Boosts 0
Views 2.1k
Participants 4

For sharing GPU data without copying between processes we've typically been able to create an IOSurface in the client and specify kIOSurfaceIsGlobal

IOSurfaceRef foo = IOSurfaceCreate((CFDictionaryRef)@{(id)kIOSurfaceWidth: @512, (id)kIOSurfaceHeight: @512, (id)kIOSurfaceBytesPerElement: @4,
  (id)kIOSurfaceIsGlobal: @YES});


then use IOSurfaceGetID to get a value to pass between processes which can then be turned back into an IOSurfaceRef

IOSurfaceID foo_id = IOSurfaceGetID(foo);
...
IOSurface foo2 = IOSurfaceLookup(foo_id);


the kIOSurfaceIsGlobal flag has been required to allow this getid/lookup to work between processes, but is marked as deprecated in 10.11

/ kIOSurfaceIsGlobal - CFBoolean     If true, the IOSurface may be looked up by any task in the system by its ID.  Dep    recated in Mac OS X 10.11. */¬
99 extern const CFStringRef kIOSurfaceIsGlobal▸▸ ▸ ▸ ▸ IOSFC_AVAILABLE_BUT_DEPRECATED(__MAC_10_6, __MAC_10_11, __IPHONE_NA    , __IPHONE_NA);¬


is there a future-proof way to share IOSurfaces between processes? fwiw, it always seemed scary to me from a security perspective that even specially created IOSurfaces might be globally findable by a uint_32 ID, but it is a very important way to prevent copying big video and data buffers and for splitting apart complex rendering between processes.

Replies  6
Boosts  0
Views  2.1k
Participants  4
Ken Thomases
Ken Thomases OP
Sep ’15

You should use IOSurfaceCreateXPCObject() or IOSurfaceCreateMachPort() and then transfer the resulting object or port to the other process(es) through the appropriate IPC mechanism. Those other processes can use IOSurfaceLookupFromXPCObject() or IOSurfaceLookupFromMachPort() to get a reference to the IOSurface from the object or port.

1
natbro
natbro OP
Sep ’15

well, IOSurfaceCreateXPCObject()/IOSurfaceLookupFromXPCObject() and IOSurfaceCreateMachPort()/IOSurfaceLookupFromMachPort() are perhaps more secure methods for sharing IOSurface references between processes, but it's still not clear what replaces kIOSurfaceIsGlobal. perhaps all IOSurface objects are technically global by default starting in 10.11 and so this flag is irrelevant? some confirmation on this would be useful.

0
Ken Thomases
Ken Thomases OP
Sep ’15

Your theory is that Apple made all surfaces insecure with no way to make them secure? You could certainly test that. Don't specify kIOSurfaceIsGlobal and then try to obtain the surface in another process using IOSurfaceLookup().


I'm 99% certain that Apple is simply deprecating global access to surfaces. It was a big security hole and not necessary given that there are secure ways to share them.

0
natbro
natbro OP
Sep ’15

Agree - I meant only that I suspect that if kIOSurfaceIsGlobal is deprecated then /within the kernel/ all IOSurface objects are backed by shared and/or VRAM-backed 'global' memory and you no longer have to specify this flag to be able to later share them (securely) between processes. It would just be nice to know for sure that this is the case - you're right, I'll give it a try in 10.10 and 10.11 and see whappens.

0
truant valentin
truant valentin OP
Jun ’17

Have you been able to share your pixelBuffers without the kIOSurfaceIsGlobal key ?


Did you find a work around ?


Thank you.

0
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
Jun ’17

I’m not sure if this meets your requirements but since 10.7 you’ve been able to share IOSurfaces via XPC (see 

IOSurfaceCreateXPCObject
and 
IOSurfaceLookupFromXPCObject
in 
<IOSurface/IOSurfaceAPI.h>
).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
shared IOSurfaces: kIOSurfaceIsGlobal deprecated in El-Cap/OSX 10.11?
First post date Last post date
 
 
Q