OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <dirent.h> | 5 #include <dirent.h> |
6 #include <fcntl.h> | 6 #include <fcntl.h> |
7 #include <sys/resource.h> | 7 #include <sys/resource.h> |
8 #include <sys/stat.h> | 8 #include <sys/stat.h> |
9 #include <sys/time.h> | 9 #include <sys/time.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
347 #if defined(__LP64__) | 347 #if defined(__LP64__) |
348 // On 64 bits, V8 and possibly others will reserve massive memory ranges and | 348 // On 64 bits, V8 and possibly others will reserve massive memory ranges and |
349 // rely on on-demand paging for allocation. Unfortunately, even | 349 // rely on on-demand paging for allocation. Unfortunately, even |
350 // MADV_DONTNEED ranges count towards RLIMIT_AS so this is not an option. | 350 // MADV_DONTNEED ranges count towards RLIMIT_AS so this is not an option. |
351 // See crbug.com/169327 for a discussion. | 351 // See crbug.com/169327 for a discussion. |
352 // On the GPU process, irrespective of V8, we can exhaust a 4GB address space | 352 // On the GPU process, irrespective of V8, we can exhaust a 4GB address space |
353 // under normal usage, see crbug.com/271119 | 353 // under normal usage, see crbug.com/271119 |
354 // For now, increase limit to 16GB for renderer and worker and gpu processes | 354 // For now, increase limit to 16GB for renderer and worker and gpu processes |
355 // to accomodate. | 355 // to accomodate. |
356 if (process_type == switches::kRendererProcess || | 356 if (process_type == switches::kRendererProcess || |
357 process_type == switches::kWorkerProcess || | |
358 process_type == switches::kGpuProcess) { | 357 process_type == switches::kGpuProcess) { |
359 address_space_limit = 1L << 34; | 358 address_space_limit = 1L << 34; |
360 } | 359 } |
361 #endif // defined(__LP64__) | 360 #endif // defined(__LP64__) |
362 | 361 |
363 // On all platforms, add a limit to the brk() heap that would prevent | 362 // On all platforms, add a limit to the brk() heap that would prevent |
364 // allocations that can't be index by an int. | 363 // allocations that can't be index by an int. |
365 const rlim_t kNewDataSegmentMaxSize = std::numeric_limits<int>::max(); | 364 const rlim_t kNewDataSegmentMaxSize = std::numeric_limits<int>::max(); |
366 | 365 |
367 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); | 366 bool limited_as = AddResourceLimit(RLIMIT_AS, address_space_limit); |
(...skipping 18 matching lines...) Expand all Loading... |
386 int ret = IGNORE_EINTR(close(proc_fd_)); | 385 int ret = IGNORE_EINTR(close(proc_fd_)); |
387 CHECK_EQ(0, ret); | 386 CHECK_EQ(0, ret); |
388 proc_fd_ = -1; | 387 proc_fd_ = -1; |
389 } | 388 } |
390 } | 389 } |
391 | 390 |
392 void LinuxSandbox::CheckForBrokenPromises(const std::string& process_type) { | 391 void LinuxSandbox::CheckForBrokenPromises(const std::string& process_type) { |
393 // Make sure that any promise made with GetStatus() wasn't broken. | 392 // Make sure that any promise made with GetStatus() wasn't broken. |
394 bool promised_seccomp_bpf_would_start = false; | 393 bool promised_seccomp_bpf_would_start = false; |
395 if (process_type == switches::kRendererProcess || | 394 if (process_type == switches::kRendererProcess || |
396 process_type == switches::kWorkerProcess || | |
397 process_type == switches::kPpapiPluginProcess) { | 395 process_type == switches::kPpapiPluginProcess) { |
398 promised_seccomp_bpf_would_start = | 396 promised_seccomp_bpf_would_start = |
399 (sandbox_status_flags_ != kSandboxLinuxInvalid) && | 397 (sandbox_status_flags_ != kSandboxLinuxInvalid) && |
400 (GetStatus() & kSandboxLinuxSeccompBPF); | 398 (GetStatus() & kSandboxLinuxSeccompBPF); |
401 } | 399 } |
402 if (promised_seccomp_bpf_would_start) { | 400 if (promised_seccomp_bpf_would_start) { |
403 CHECK(seccomp_bpf_started_); | 401 CHECK(seccomp_bpf_started_); |
404 } | 402 } |
405 } | 403 } |
406 | 404 |
407 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { | 405 void LinuxSandbox::StopThreadAndEnsureNotCounted(base::Thread* thread) const { |
408 DCHECK(thread); | 406 DCHECK(thread); |
409 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); | 407 base::ScopedFD proc_self_task(OpenProcTaskFd(proc_fd_)); |
410 PCHECK(proc_self_task.is_valid()); | 408 PCHECK(proc_self_task.is_valid()); |
411 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), | 409 CHECK(sandbox::ThreadHelpers::StopThreadAndWatchProcFS(proc_self_task.get(), |
412 thread)); | 410 thread)); |
413 } | 411 } |
414 | 412 |
415 } // namespace content | 413 } // namespace content |
OLD | NEW |