Chromium Code Reviews Chromium Code Reviews
Issue 10824019:
Tweak the GPU process sandbox to allow accelerated video decode. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: content/common/sandbox_init_linux.cc |
| diff --git a/content/common/sandbox_init_linux.cc b/content/common/sandbox_init_linux.cc |
| index a67a784232aa70bcd6c856baf2546384bbab83da..beb45574c7de9c3e1a49088d77a21dc33bf67c5e 100644 |
| --- a/content/common/sandbox_init_linux.cc |
| +++ b/content/common/sandbox_init_linux.cc |
| @@ -12,6 +12,7 @@ |
| #endif |
| #include <asm/unistd.h> |
| +#include <dlfcn.h> |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <linux/audit.h> |
| @@ -146,6 +147,21 @@ bool IsFileSystemSyscall(int sysno) { |
| } |
| } |
| +bool IsAcceleratedVideoDecodeEnabled() { |
|
jln (very slow on Chromium)
2012/07/26 17:53:54
Any chance that gpu/ could export a function like
Jorge Lucangeli Obes
2012/07/26 18:33:36
The code does not live in gpu/, it lives in conten
jln (very slow on Chromium)
2012/07/26 19:06:39
Ok, we don't want to start refactoring code just f
|
| + // Accelerated video decode is currently enabled on Chrome OS, |
| + // but not on Linux: crbug.com/137247. |
| + bool is_enabled = false; |
| +#if defined(OS_CHROMEOS) |
|
jln (very slow on Chromium)
2012/07/26 17:53:54
Please use IsChromeOS().
Jorge Lucangeli Obes
2012/07/26 18:33:36
Done.
piman
2012/07/26 20:33:52
FYI, IsChromeOS is different from #ifdef OS_CHROME
|
| + is_enabled = true; |
| +#endif |
| + |
| + const CommandLine& command_line = *CommandLine::ForCurrentProcess(); |
| + is_enabled &= !command_line.HasSwitch( |
|
jln (very slow on Chromium)
2012/07/26 17:53:54
please, use && here so that we benefit from lazy e
Jorge Lucangeli Obes
2012/07/26 18:33:36
Done.
|
| + switches::kDisableAcceleratedVideoDecode); |
| + |
| + return is_enabled; |
| +} |
| + |
| static const char kDriRcPath[] = "/etc/drirc"; |
| // TODO(jorgelo): limited to /etc/drirc for now, extend this to cover |
| @@ -270,10 +286,20 @@ playground2::Sandbox::ErrorCode GpuProcessPolicy_x86_64(int sysno) { |
| case __NR_fchmod: |
| return EPERM; // ATI binary driver. |
| case __NR_open: |
| - // Hook open() in the GPU process to allow opening /etc/drirc, |
| - // needed by Mesa. |
| - // The hook needs dup(), lseek(), and close() to be allowed. |
| - return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL); |
| + // Accelerated video decode is enabled by default only on Chrome OS. |
| + if (IsAcceleratedVideoDecodeEnabled()) { |
| + // Accelerated video decode needs to open /dev/dri/card0, and |
| + // dup()'ing an already open file descriptor does not work. |
| + // Allow open() even though it severely weakens the sandbox, |
| + // to test the sandboxing mechanism in general. |
| + // TODO(jorgelo): remove this once we solve the libva issue. |
| + return playground2::Sandbox::SB_ALLOWED; |
| + } else { |
| + // Hook open() in the GPU process to allow opening /etc/drirc, |
| + // needed by Mesa. |
| + // The hook needs dup(), lseek(), and close() to be allowed. |
| + return playground2::Sandbox::ErrorCode(GpuOpenSIGSYS_Handler, NULL); |
| + } |
| default: |
| if (IsGettimeSyscall(sysno) || |
| IsKillSyscall(sysno)) { // GPU watchdog. |
| @@ -390,8 +416,17 @@ playground2::Sandbox::ErrorCode AllowAllPolicy(int sysno) { |
| // Warms up/preloads resources needed by the policies. |
| void WarmupPolicy(playground2::Sandbox::EvaluateSyscall policy) { |
| #if defined(__x86_64__) |
| - if (policy == GpuProcessPolicy_x86_64) |
| + if (policy == GpuProcessPolicy_x86_64) { |
| OpenWithCache(kDriRcPath, O_RDONLY); |
| + // Accelerated video decode dlopen()'s this shared object |
| + // inside the sandbox, so preload it now. |
| + // TODO(jorgelo): generalize this to other platforms. |
| + if (IsAcceleratedVideoDecodeEnabled()) { |
| + const char kI965DrvVideoPath_64[] = |
| + "/usr/lib64/va/drivers/i965_drv_video.so"; |
| + dlopen(kI965DrvVideoPath_64, RTLD_NOW|RTLD_GLOBAL|RTLD_NODELETE); |
| + } |
| + } |
| #endif |
| } |
