Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(120)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/sandbox_linux/sandbox_linux.cc

Issue 449333002: Remove shared worker process related codes. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/sandbox_init_mac.cc ('k') | content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <dirent.h> 5 #include <dirent.h>
6 #include <fcntl.h> 6 #include <fcntl.h>
7 #include <sys/resource.h> 7 #include <sys/resource.h>
8 #include <sys/stat.h> 8 #include <sys/stat.h>
9 #include <sys/time.h> 9 #include <sys/time.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after
347 #if defined(__LP64__) 347 #if defined(__LP64__)
348 // On 64 bits, V8 and possibly others will reserve massive memory ranges and 348 // On 64 bits, V8 and possibly others will reserve massive memory ranges and
349 // rely on on-demand paging for allocation. Unfortunately, even 349 // rely on on-demand paging for allocation. Unfortunately, even
350 // MADV_DONTNEED ranges count towards RLIMIT_AS so this is not an option. 350 // MADV_DONTNEED ranges count towards RLIMIT_AS so this is not an option.
351 // See crbug.com/169327 for a discussion. 351 // See crbug.com/169327 for a discussion.
352 // On the GPU process, irrespective of V8, we can exhaust a 4GB address space 352 // On the GPU process, irrespective of V8, we can exhaust a 4GB address space
353 // under normal usage, see crbug.com/271119 353 // under normal usage, see crbug.com/271119
354 // For now, increase limit to 16GB for renderer and worker and gpu processes 354 // For now, increase limit to 16GB for renderer and worker and gpu processes
355 // to accomodate. 355 // to accomodate.
356 if (process_type == switches::kRendererProcess || 356 if (process_type == switches::kRendererProcess ||
357 process_type == switches::kWorkerProcess ||
358 process_type == switches::kGpuProcess) { 357 process_type == switches::kGpuProcess) {
359 address_space_limit = 1L << 34; 358 address_space_limit = 1L << 34;
360 } 359 }
361 #endif // defined(__LP64__) 360 #endif // defined(__LP64__)
362 361
363 // On all platforms, add a limit to the brk() heap that would prevent 362 // On all platforms, add a limit to the brk() heap that would prevent
364 // allocations that can't be index by an int. 363 // allocations that can't be index by an int.
365 const rlim_t kNewDataSegmentMaxSize = std::numeric_limits<int>::max(); 364 const rlim_t kNewDataSegmentMaxSize = std::numeric_limits<int>::max();
366 365
367 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); 366 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit);
(...skipping 18 matching lines...) Expand all
386 int ret = IGNORE_EINTR(close(proc_fd_)); 385 int ret = IGNORE_EINTR(close(proc_fd_));
387 CHECK_EQ(0, ret); 386 CHECK_EQ(0, ret);
388 proc_fd_ = -1; 387 proc_fd_ = -1;
389 } 388 }
390 } 389 }
391 390
392 void LinuxSandbox::CheckForBrokenPromises(const std::string& process_type) { 391 void LinuxSandbox::CheckForBrokenPromises(const std::string& process_type) {
393 // Make sure that any promise made with GetStatus() wasn't broken. 392 // Make sure that any promise made with GetStatus() wasn't broken.
394 bool promised_seccomp_bpf_would_start = false; 393 bool promised_seccomp_bpf_would_start = false;
395 if (process_type == switches::kRendererProcess || 394 if (process_type == switches::kRendererProcess ||
396 process_type == switches::kWorkerProcess ||
397 process_type == switches::kPpapiPluginProcess) { 395 process_type == switches::kPpapiPluginProcess) {
398 promised_seccomp_bpf_would_start = 396 promised_seccomp_bpf_would_start =
399 (sandbox_status_flags_ != kSandboxLinuxInvalid) && 397 (sandbox_status_flags_ != kSandboxLinuxInvalid) &&
400 (GetStatus() & kSandboxLinuxSeccompBPF); 398 (GetStatus() & kSandboxLinuxSeccompBPF);
401 } 399 }
402 if (promised_seccomp_bpf_would_start) { 400 if (promised_seccomp_bpf_would_start) {
403 CHECK(seccomp_bpf_started_); 401 CHECK(seccomp_bpf_started_);
404 } 402 }
405 } 403 }
406 404
407 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { 405 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const {
408 DCHECK(thread); 406 DCHECK(thread);
409 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); 407 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_));
410 PCHECK(proc_self_task.is_valid()); 408 PCHECK(proc_self_task.is_valid());
411 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), 409 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(),
412 thread)); 410 thread));
413 } 411 }
414 412
415 } // namespace content 413 } // namespace content
OLDNEW
« no previous file with comments | « content/common/sandbox_init_mac.cc ('k') | content/common/sandbox_linux/sandbox_seccomp_bpf_linux.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698