Fix SGI_video_sync cpu usage and rendering issues with Nvidia driver.

content/common/sandbox_linux/bpf_gpu_policy_linux.cc

Index: content/common/sandbox_linux/bpf_gpu_policy_linux.cc
diff --git a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
index 7dc9fa7cd762e29b23b39117d455015035cf20a0..47c0bebeecc5450188030a1203daa616046d8dfd 100644
--- a/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
+++ b/content/common/sandbox_linux/bpf_gpu_policy_linux.cc
@@ -22,6 +22,7 @@
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
+#include "base/strings/stringprintf.h"
 #include "build/build_config.h"
 #include "content/common/sandbox_linux/sandbox_bpf_base_policy_linux.h"
 #include "content/common/sandbox_linux/sandbox_seccomp_bpf_linux.h"
@@ -131,18 +132,17 @@ intptr_t GpuSIGSYS_Handler(const struct arch_seccomp_data& args,
 #endif  // !defined(__aarch64__)
     case __NR_faccessat:
       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
-        return
-            broker_process->Access(reinterpret_cast<const char*>(args.args[1]),
-                                    static_cast<int>(args.args[2]));
+        return broker_process->Access(
+            reinterpret_cast<const char*>(args.args[1]),
+            static_cast<int>(args.args[2]));
       } else {
         return -EPERM;
       }
     case __NR_openat:
       // Allow using openat() as open().
       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
-        return
-            broker_process->Open(reinterpret_cast<const char*>(args.args[1]),
-                                 static_cast<int>(args.args[2]));
+        return broker_process->Open(reinterpret_cast<const char*>(args.args[1]),
+                                    static_cast<int>(args.args[2]));
       } else {
         return -EPERM;
       }
@@ -229,12 +229,10 @@ bool UpdateProcessTypeAndEnableSandbox(
 
 }  // namespace
 
-GpuProcessPolicy::GpuProcessPolicy() : GpuProcessPolicy(false) {
-}
+GpuProcessPolicy::GpuProcessPolicy() : GpuProcessPolicy(false) {}
 
 GpuProcessPolicy::GpuProcessPolicy(bool allow_mincore)
-    : broker_process_(NULL), allow_mincore_(allow_mincore) {
-}
+    : broker_process_(NULL), allow_mincore_(allow_mincore) {}
 
 GpuProcessPolicy::~GpuProcessPolicy() {}
 
@@ -312,14 +310,14 @@ bool GpuProcessPolicy::PreSandboxHook() {
         I965DrvVideoPath = "/usr/lib/va/drivers/i965_drv_video.so";
       }
 
-      dlopen(I965DrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen(I965DrvVideoPath, RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
       if (I965HybridDrvVideoPath)
-        dlopen(I965HybridDrvVideoPath, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
-      dlopen("libva.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+        dlopen(I965HybridDrvVideoPath, RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
+      dlopen("libva.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #if defined(USE_OZONE)
-      dlopen("libva-drm.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen("libva-drm.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #elif defined(USE_X11)
-      dlopen("libva-x11.so.1", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen("libva-x11.so.1", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
 #endif
     }
   }
@@ -332,6 +330,12 @@ void GpuProcessPolicy::InitGpuBrokerProcess(
     const std::vector<BrokerFilePermission>& permissions_extra) {
   static const char kDriRcPath[] = "/etc/drirc";
   static const char kDriCard0Path[] = "/dev/dri/card0";
+  static const char kDriCardBasePath[] = "/dev/dri/card";
+
+  static const char kNvidiaCtlPath[] = "/dev/nvidiactl";
+  static const char kNvidiaDeviceBasePath[] = "/dev/nvidia";
+  static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params";
+
   static const char kDevShm[] = "/dev/shm/";
 
   CHECK(broker_process_ == NULL);
@@ -340,16 +344,30 @@ void GpuProcessPolicy::InitGpuBrokerProcess(
   std::vector<BrokerFilePermission> permissions;
   permissions.push_back(BrokerFilePermission::ReadWrite(kDriCard0Path));
   permissions.push_back(BrokerFilePermission::ReadOnly(kDriRcPath));
+
   if (!IsChromeOS()) {
+    // For shared memory.
     permissions.push_back(
         BrokerFilePermission::ReadWriteCreateUnlinkRecursive(kDevShm));
-  } else if (UseV4L2Codec()){
+    // For multi-card DRI setups. NOTE: /dev/dri/card0 was already added above.
+    for (int i = 1; i <= 9; ++i) {
+      permissions.push_back(BrokerFilePermission::ReadWrite(
+          base::StringPrintf("%s%d", kDriCardBasePath, i)));
+    }
+    // For Nvidia GLX driver.
+    permissions.push_back(BrokerFilePermission::ReadWrite(kNvidiaCtlPath));
+    for (int i = 0; i <= 9; ++i) {
+      permissions.push_back(BrokerFilePermission::ReadWrite(
+          base::StringPrintf("%s%d", kNvidiaDeviceBasePath, i)));
+    }
+    permissions.push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath));
+  } else if (UseV4L2Codec()) {
     AddV4L2GpuWhitelist(&permissions);
     if (UseLibV4L2()) {
-      dlopen("/usr/lib/libv4l2.so", RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+      dlopen("/usr/lib/libv4l2.so", RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
       // This is a device-specific encoder plugin.
       dlopen("/usr/lib/libv4l/plugins/libv4l-encplugin.so",
-          RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE);
+             RTLD_NOW | RTLD_GLOBAL | RTLD_NODELETE);
     }
   }