Add a new driver bug workaround SANDBOX_START_EARLY

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
 
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include <memory>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
+#include "base/sys_info.h"
 #include "build/build_config.h"
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
 #include "sandbox/linux/syscall_broker/broker_process.h"
@@ skipping 69 matching lines @@
 #endif
   return accelerated_encode_enabled;
 }
 
 bool IsAcceleratedVideoDecodeEnabled() {
   const base::CommandLine& command_line =
       *base::CommandLine::ForCurrentProcess();
   return !command_line.HasSwitch(switches::kDisableAcceleratedVideoDecode);
 }
 
+bool IsLLVMPipeDriver() {
+  // The only white-listed Mesa driver that starts threads is the llvmpipe
+  // driver. So only this driver will set kGpuSandboxStartEarly.
+  const base::CommandLine& command_line =
+      *base::CommandLine::ForCurrentProcess();
+  return command_line.HasSwitch(switches::kGpuSandboxStartEarly) &&
+         command_line.HasSwitch(switches::kGpuDriverVendor) &&
+         command_line.GetSwitchValueASCII(switches::kGpuDriverVendor) == "Mesa";
+}
+
 intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
                            void* aux_broker_process) {
   RAW_CHECK(aux_broker_process);
   BrokerProcess* broker_process =
       static_cast<BrokerProcess*>(aux_broker_process);
   switch (args.nr) {
 #if !defined(__aarch64__)
     case __NR_access:
       return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
                                     static_cast<int>(args.args[1]));
@@ skipping 193 matching lines @@
         dlopen(I965HybridDrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
       dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
 #if defined(USE_OZONE)
       dlopen("libva-drm.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
 #elif defined(USE_X11)
       dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
 #endif
     }
   }
 
+  if (IsLLVMPipeDriver()) {
+    // uname is used from GpuControlList when calling
+    // gpu::ApplyGpuDriverBugWorkarounds.
+    base::SysInfo::OperatingSystemVersion();
+
+    std::vector<std::string> driver_libraries;
+
+    // TODO(j.isorce): crbug.com/264818 refactor ui/gl/gl_implementation.cc to
+    // return a list of libs to load depending on the gl implementation that is
+    // going to be used.
+    driver_libraries.push_back("libGL.so");
+    driver_libraries.push_back("libGLESv2.so.2");
+    driver_libraries.push_back("libEGL.so.1");
+
+    // FIXME(j.isorce): During gyp/gn step parse "dridriverdir" variable from

[Ken Russell (switch to Gerrit), 2016/05/05 21:38:03]

FIXME -> TODO

+    // pkgconfig/dri.pc to get the path to dri directory
+    // dri.pc comes from mesa-common-dev package.
+    // example: dridriverdir=/usr/lib/x86_64-linux-gnu/dri
+    // example: dridriverdir=/usr/local/lib/dri
+    // driver_libraries.push_back($dridriverdir"/swrast_dri.so");
+    // because dri is never in ld.so.conf and relative path only work from
+    // executable dir (i.e. chrome).
+    driver_libraries.push_back("/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so");
+
+    for (size_t i = 0; i < driver_libraries.size(); ++i) {
+        dlopen(driver_libraries[i].c_str(),
+               RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
+    }
+  }
+
   return true;
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
     sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void),
     const std::vector<BrokerFilePermission>& permissions_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
   static const char kDevShm[] = "/dev/shm/";
 
@@ skipping 22 matching lines @@
   }
 
   broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions);
   // The initialization callback will perform generic initialization and then
   // call broker_sandboxer_callback.
   CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
                                          broker_sandboxer_allocator)));
 }
 
 }  // namespace content