Defense in Depth: Isolating Mesa From the Kernel

Learn about innovative security approaches for graphics drivers in this 15-minute conference talk from XDC 2023. Explore how to protect against potential exploits in GL and Vulkan drivers when exposed to hostile web content through WebGL and WebGPU. Discover a novel approach that builds upon DRM native-context methodology to isolate usermode drivers from direct kernel access by implementing a hardened helper process using virtgpu tunneling. Understand how this architecture creates an additional security barrier, making it more difficult for attackers to chain usermode driver exploits with kernel vulnerabilities, while maintaining minimal performance impact.