Add a new driver bug workaround SANDBOX_START_EARLY

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
 
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
@@ skipping 11 matching lines @@
 #include "base/files/file_enumerator.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "build/build_config.h"
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
+#include "gpu/config/gpu_switches.h"
+#include "gpu/ipc/service/switches.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
 #include "sandbox/linux/syscall_broker/broker_process.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
+#include "ui/gl/init/gl_factory.h"
 
 using sandbox::arch_seccomp_data;
 using sandbox::bpf_dsl::Allow;
 using sandbox::bpf_dsl::ResultExpr;
 using sandbox::bpf_dsl::Trap;
 using sandbox::syscall_broker::BrokerFilePermission;
 using sandbox::syscall_broker::BrokerProcess;
 using sandbox::SyscallSets;
 
 namespace content {
@@ skipping 275 matching lines @@
         dlopen(I965HybridDrvVideoPath, RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
       dlopen("libva.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #if defined(USE_OZONE)
       dlopen("libva-drm.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #elif defined(USE_X11)
       dlopen("libva-x11.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #endif
     }
   }
 
+  // If kGpuSandboxStartEarly is set then we need to warmup by loading gl and
+  // driver libraries before to actually run the sandbox. Another approach would
+  // be to white list these libraries using the broker file permissons. But
+  // that would require to white list all single dependencies which is not easy
+  // and there is no much value compared to the following.
+  const base::CommandLine& command_line =
+      *base::CommandLine::ForCurrentProcess();
+  if (command_line.HasSwitch(switches::kGpuSandboxStartEarly)) {
+    gl::GLImplementation gl_iml = gl::kGLImplementationNone;
+    std::vector<gl::GLImplementation> allowed_impls =
+        gl::init::GetAllowedGLImplementations();
+    bool fallback_to_osmesa = false;
+    bool result =
+        gl::SelectGLImplementation(allowed_impls, &gl_iml, &fallback_to_osmesa);
+    if (!result)
+      LOG(ERROR) << "Failed to select a gl implementation";
+
+    std::vector<std::string> driver_libraries;
+    if (result) {
+      result = gl::init::GetNativeLibraryNamesFromGLImplementation(
+          gl_iml, &driver_libraries);
+      if (!result) {
+        LOG(ERROR) << "Failed to retrieve libraries for "
+                   << gl::GetGLImplementationName(gl_iml);
+      }
+    }
+
+#if defined(DRI_DRIVER_DIR)
+    // Mesa always fallback to software driver in the 3 following cases:
+    // 1- there is no real driver.
+    // 2- it fails to load a real driver.
+    // 3- User set the env var LIBGL_ALWAYS_SOFTWARE.
+    if (result && command_line.HasSwitch(switches::kGpuDriverVendor) &&
+        command_line.GetSwitchValueASCII(switches::kGpuDriverVendor) ==
+            "Mesa") {
+      base::FilePath swrast_lib(DRI_DRIVER_DIR);
+      swrast_lib = swrast_lib.Append("swrast_dri.so");
+      driver_libraries.push_back(swrast_lib.value());
+    }
+#endif
+
+    for (const auto& lib_name : driver_libraries) {
+      void* dl =
+          dlopen(lib_name.c_str(), RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
+      if (!dl) {
+        LOG(ERROR) << "Failed to open " << lib_name << " with error "
+                   << dlerror();
+      }
+    }
+  }
+
   return true;
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
     sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void),
     const std::vector<BrokerFilePermission>& permissions_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
   static const char kDriCardBasePath[] = "/dev/dri/card";
 
@@ skipping 42 matching lines @@
   }
 
   broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions);
   // The initialization callback will perform generic initialization and then
   // call broker_sandboxer_callback.
   CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
                                          broker_sandboxer_allocator)));
 }
 
 }  // namespace content