Split NaCl SFI and non-SFI helpers into separate processes

components/nacl/zygote/nacl_fork_delegate_linux.cc

Index: components/nacl/zygote/nacl_fork_delegate_linux.cc
diff --git a/components/nacl/zygote/nacl_fork_delegate_linux.cc b/components/nacl/zygote/nacl_fork_delegate_linux.cc
index 0e5f8e7eccc23c1a44a5a718c34164aa1271385e..af3c43e3aa11ddfeb6d1e635ce9b32385c455e0a 100644
--- a/components/nacl/zygote/nacl_fork_delegate_linux.cc
+++ b/components/nacl/zygote/nacl_fork_delegate_linux.cc
@@ -27,6 +27,7 @@
 #include "base/process/kill.h"
 #include "base/process/launch.h"
 #include "base/third_party/dynamic_annotations/dynamic_annotations.h"
+#include "build/build_config.h"
 #include "components/nacl/common/nacl_paths.h"
 #include "components/nacl/common/nacl_switches.h"
 #include "components/nacl/loader/nacl_helper_linux.h"
@@ -42,6 +43,18 @@ const char kNaClHelperReservedAtZero[] =
     "--reserved_at_zero=0xXXXXXXXXXXXXXXXX";
 const char kNaClHelperRDebug[] = "--r_debug=0xXXXXXXXXXXXXXXXX";
 
+bool NonSFIModeIsEnabled() {
+#if defined(OS_CHROMEOS) && defined(ARCH_CPU_ARMEL)
+  const bool kEnabledByDefault = true;
+#else
+  const bool kEnabledByDefault = false;
+#endif
+
+  return kEnabledByDefault ||
+         CommandLine::ForCurrentProcess()->HasSwitch(
+             switches::kEnableNaClNonSfiMode);

[mdempsky, 2014/05/10 03:01:50]

Argh, this switch isn't passed down to the zygote process currently.  I need to
figure out a way to plumb it down.

[mdempsky, 2014/05/12 22:38:31]

Done.

+}
+
 #if defined(ARCH_CPU_X86)
 bool NonZeroSegmentBaseIsSlow() {
   base::CPU cpuid;
@@ -108,14 +121,26 @@ bool SendIPCRequestAndReadReply(int ipc_channel,
 
 }  // namespace.
 
-NaClForkDelegate::NaClForkDelegate()
-    : status_(kNaClHelperUnused),
-      fd_(-1) {}
+namespace nacl {
+
+void AddNaClZygoteForkDelegates(
+    ScopedVector<content::ZygoteForkDelegate>* delegates) {
+  delegates->push_back(new NaClForkDelegate(false /* nonsfi_mode */));
+  delegates->push_back(new NaClForkDelegate(true /* nonsfi_mode */));
+}
+
+NaClForkDelegate::NaClForkDelegate(bool nonsfi_mode)
+    : nonsfi_mode_(nonsfi_mode), status_(kNaClHelperUnused), fd_(-1) {
+}
 
 void NaClForkDelegate::Init(const int sandboxdesc,
                             const bool enable_layer1_sandbox) {
   VLOG(1) << "NaClForkDelegate::Init()";
-  int fds[2];
+
+  // Only launch the non-SFI helper process if non-SFI mode is enabled.
+  if (nonsfi_mode_ && !NonSFIModeIsEnabled()) {
+    return;
+  }
 
   scoped_ptr<sandbox::SetuidSandboxClient> setuid_sandbox_client(
       sandbox::SetuidSandboxClient::Create());
@@ -127,7 +152,8 @@ void NaClForkDelegate::Init(const int sandboxdesc,
   // Confirm a hard-wired assumption.
   DCHECK_EQ(sandboxdesc, nacl_sandbox_descriptor);
 
-  CHECK(socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds) == 0);
+  int fds[2];
+  PCHECK(0 == socketpair(PF_UNIX, SOCK_SEQPACKET, 0, fds));
   base::FileHandleMappingVector fds_to_map;
   fds_to_map.push_back(std::make_pair(fds[1], kNaClZygoteDescriptor));
   fds_to_map.push_back(std::make_pair(sandboxdesc, nacl_sandbox_descriptor));
@@ -262,7 +288,8 @@ void NaClForkDelegate::Init(const int sandboxdesc,
 void NaClForkDelegate::InitialUMA(std::string* uma_name,
                                   int* uma_sample,
                                   int* uma_boundary_value) {
-  *uma_name = "NaCl.Client.Helper.InitState";
+  *uma_name = nonsfi_mode_ ? "NaCl.Client.HelperNonSFI.InitState"
+                           : "NaCl.Client.Helper.InitState";
   *uma_sample = status_;
   *uma_boundary_value = kNaClHelperStatusBoundary;
 }
@@ -279,10 +306,14 @@ bool NaClForkDelegate::CanHelp(const std::string& process_type,
                                std::string* uma_name,
                                int* uma_sample,
                                int* uma_boundary_value) {
-  if (process_type != switches::kNaClLoaderProcess &&
-      process_type != switches::kNaClLoaderNonSfiProcess)
+  // We can only help with a specific process type depending on nonsfi_mode_.
+  const char* helpable_process_type = nonsfi_mode_
+                                          ? switches::kNaClLoaderNonSfiProcess
+                                          : switches::kNaClLoaderProcess;
+  if (process_type != helpable_process_type)
     return false;
-  *uma_name = "NaCl.Client.Helper.StateOnFork";
+  *uma_name = nonsfi_mode_ ? "NaCl.Client.HelperNonSFI.StateOnFork"
+                           : "NaCl.Client.Helper.StateOnFork";
   *uma_sample = status_;
   *uma_boundary_value = kNaClHelperStatusBoundary;
   return true;
@@ -305,9 +336,7 @@ pid_t NaClForkDelegate::Fork(const std::string& process_type,
   write_pickle.WriteInt(nacl::kNaClForkRequest);
   // TODO(hamaji): When we split the helper binary for non-SFI mode
   // from nacl_helper, stop sending this information.
-  const bool uses_nonsfi_mode =
-    process_type == switches::kNaClLoaderNonSfiProcess;
-  write_pickle.WriteBool(uses_nonsfi_mode);
+  write_pickle.WriteBool(nonsfi_mode_);
   write_pickle.WriteString(channel_id);
 
   char reply_buf[kNaClMaxIPCMessageLength];
@@ -375,3 +404,5 @@ bool NaClForkDelegate::GetTerminationStatus(pid_t pid, bool known_dead,
   *exit_code = remote_exit_code;
   return true;
 }
+
+}  // namespace nacl