Fix SGI_video_sync cpu usage and rendering issues with Nvidia driver.

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/sandbox_linux/bpf_gpu_policy_linux.h"
 
 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include <memory>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
+#include "base/strings/stringprintf.h"
 #include "build/build_config.h"
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
 #include "content/common/set_process_title.h"
 #include "content/public/common/content_switches.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.h"
 #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
 #include "sandbox/linux/syscall_broker/broker_file_permission.h"
 #include "sandbox/linux/syscall_broker/broker_process.h"
@@ skipping 89 matching lines @@
     case __NR_open:
 #if defined(MEMORY_SANITIZER)
       // http://crbug.com/372840
       __msan_unpoison_string(reinterpret_cast<const char*>(args.args[0]));
 #endif
       return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
                                   static_cast<int>(args.args[1]));
 #endif  // !defined(__aarch64__)
     case __NR_faccessat:
       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
-        return
-            broker_process->Access(reinterpret_cast<const char*>(args.args[1]),
-                                    static_cast<int>(args.args[2]));
+        return broker_process->Access(
+            reinterpret_cast<const char*>(args.args[1]),
+            static_cast<int>(args.args[2]));
       } else {
         return -EPERM;
       }
     case __NR_openat:
       // Allow using openat() as open().
       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
-        return
-            broker_process->Open(reinterpret_cast<const char*>(args.args[1]),
-                                 static_cast<int>(args.args[2]));
+        return broker_process->Open(reinterpret_cast<const char*>(args.args[1]),
+                                    static_cast<int>(args.args[2]));
       } else {
         return -EPERM;
       }
     default:
       RAW_CHECK(false);
       return -ENOSYS;
   }
 }
 
 void AddV4L2GpuWhitelist(std::vector<BrokerFilePermission>* permissions) {
@@ skipping 66 matching lines @@
 bool UpdateProcessTypeAndEnableSandbox(
     sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void)) {
   DCHECK(broker_sandboxer_allocator);
   UpdateProcessTypeToGpuBroker();
   return SandboxSeccompBPF::StartSandboxWithExternalPolicy(
       base::WrapUnique(broker_sandboxer_allocator()), base::ScopedFD());
 }
 
 }  // namespace
 
-GpuProcessPolicy::GpuProcessPolicy() : GpuProcessPolicy(false) {
-}
+GpuProcessPolicy::GpuProcessPolicy() : GpuProcessPolicy(false) {}
 
 GpuProcessPolicy::GpuProcessPolicy(bool allow_mincore)
-    : broker_process_(NULL), allow_mincore_(allow_mincore) {
-}
+    : broker_process_(NULL), allow_mincore_(allow_mincore) {}
 
 GpuProcessPolicy::~GpuProcessPolicy() {}
 
 // Main policy for x86_64/i386. Extended by CrosArmGpuProcessPolicy.
 ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
   switch (sysno) {
 #if !defined(OS_CHROMEOS)
     case __NR_ftruncate:
 #endif
     case __NR_ioctl:
@@ skipping 57 matching lines @@
       const char* I965DrvVideoPath = NULL;
       const char* I965HybridDrvVideoPath = NULL;
 
       if (IsArchitectureX86_64()) {
         I965DrvVideoPath = "/usr/lib64/va/drivers/i965_drv_video.so";
         I965HybridDrvVideoPath = "/usr/lib64/va/drivers/hybrid_drv_video.so";
       } else if (IsArchitectureI386()) {
         I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
       }
 
-      dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen(I965DrvVideoPath, RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
       if (I965HybridDrvVideoPath)
-        dlopen(I965HybridDrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
-      dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+        dlopen(I965HybridDrvVideoPath, RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
+      dlopen("libva.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #if defined(USE_OZONE)
-      dlopen("libva-drm.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen("libva-drm.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #elif defined(USE_X11)
-      dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen("libva-x11.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #endif
     }
   }
 
   return true;
 }
 
 void GpuProcessPolicy::InitGpuBrokerProcess(
     sandbox::bpf_dsl::Policy* (*broker_sandboxer_allocator)(void),
     const std::vector<BrokerFilePermission>& permissions_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
+  static const char kDriCardBasePath[] = "/dev/dri/card";
+
+  static const char kNvidiaCtlPath[] = "/dev/nvidiactl";
+  static const char kNvidiaDeviceBasePath[] = "/dev/nvidia";
+  static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params";
+
   static const char kDevShm[] = "/dev/shm/";
 
   CHECK(broker_process_ == NULL);
 
   // All GPU process policies need these files brokered out.
   std::vector<BrokerFilePermission> permissions;
   permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path));
   permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath));
+
   if (!IsChromeOS()) {
+    // For shared memory.
     permissions.push_back(
         BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm));
-  } else if (UseV4L2Codec()){
+    // For multi-card DRI setups. NOTE: /dev/dri/card0 was already added above.
+    for (int i = 1; i <= 9; ++i) {
+      permissions.push_back(BrokerFilePermission::ReadWrite(
+          base::StringPrintf("%s%d", kDriCardBasePath, i)));
+    }
+    // For Nvidia GLX driver.
+    permissions.push_back(BrokerFilePermission::ReadWrite(kNvidiaCtlPath));
+    for (int i = 0; i <= 9; ++i) {
+      permissions.push_back(BrokerFilePermission::ReadWrite(
+          base::StringPrintf("%s%d", kNvidiaDeviceBasePath, i)));
+    }
+    permissions.push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath));
+  } else if (UseV4L2Codec()) {
     AddV4L2GpuWhitelist(&permissions);
     if (UseLibV4L2()) {
-      dlopen("/usr/lib/libv4l2.so", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen("/usr/lib/libv4l2.so", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
       // This is a device-specific encoder plugin.
       dlopen("/usr/lib/libv4l/plugins/libv4l-encplugin.so",
-          RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+             RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
     }
   }
 
   // Add eventual extra files from permissions_extra.
   for (const auto& perm : permissions_extra) {
     permissions.push_back(perm);
   }
 
   broker_process_ = new BrokerProcess(GetFSDeniedErrno(), permissions);
   // The initialization callback will perform generic initialization and then
   // call broker_sandboxer_callback.
   CHECK(broker_process_->Init(base::Bind(&UpdateProcessTypeAndEnableSandbox,
                                          broker_sandboxer_allocator)));
 }
 
 }  // namespace content