summaryrefslogtreecommitdiffstats
path: root/sandbox/linux/suid
diff options
context:
space:
mode:
authorthestig@chromium.org <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-10 02:08:10 +0000
committerthestig@chromium.org <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-12-10 02:08:10 +0000
commite5856a7a015a8a4d790b51136881a32364ee912a (patch)
treec96a355ab2e2f663770f4c123244b28031a82b52 /sandbox/linux/suid
parent8a0590e6696b0a6377cfc4cb71fa66beeef047d6 (diff)
downloadchromium_src-e5856a7a015a8a4d790b51136881a32364ee912a.zip
chromium_src-e5856a7a015a8a4d790b51136881a32364ee912a.tar.gz
chromium_src-e5856a7a015a8a4d790b51136881a32364ee912a.tar.bz2
Linux: Adjust /proc/pid/oom_adj to sacrifice plugin and renderer processes to the OOM killer.
BUG=29752 TEST=During out of memory conditions, Linux kernel picks a plugin/renderer over the browser process. Review URL: http://codereview.chromium.org/467058 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34222 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/linux/suid')
-rw-r--r--sandbox/linux/suid/process_util.h21
-rw-r--r--sandbox/linux/suid/process_util_linux.c45
-rw-r--r--sandbox/linux/suid/sandbox.c16
3 files changed, 81 insertions, 1 deletions
diff --git a/sandbox/linux/suid/process_util.h b/sandbox/linux/suid/process_util.h
new file mode 100644
index 0000000..68ff81d
--- /dev/null
+++ b/sandbox/linux/suid/process_util.h
@@ -0,0 +1,21 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// The following is duplicated from base/process_utils.h.
+// We shouldn't link against C++ code in a setuid binary.
+
+#ifndef SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
+#define SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
+
+#include <stdbool.h>
+#include <sys/types.h>
+
+static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score";
+
+// This adjusts /proc/process/oom_adj so the Linux OOM killer will prefer
+// certain process types over others. The range for the adjustment is
+// [-17,15], with [0,15] being user accessible.
+bool AdjustOOMScore(pid_t process, int score);
+
+#endif // SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
diff --git a/sandbox/linux/suid/process_util_linux.c b/sandbox/linux/suid/process_util_linux.c
new file mode 100644
index 0000000..4a574ad
--- /dev/null
+++ b/sandbox/linux/suid/process_util_linux.c
@@ -0,0 +1,45 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// The following is the C version of code from base/process_utils_linux.cc.
+// We shouldn't link against C++ code in a setuid binary.
+
+#include "process_util.h"
+
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+bool AdjustOOMScore(pid_t process, int score) {
+ if (score < 0 || score > 15)
+ return false;
+
+ char oom_adj[35]; // "/proc/" + log_2(2**64) + "/oom_adj\0"
+ // 6 + 20 + 9 = 35
+ snprintf(oom_adj, sizeof(oom_adj), "/proc/%lu", process);
+
+ struct stat statbuf;
+ if (stat(oom_adj, &statbuf) < 0)
+ return false;
+ if (getuid() != statbuf.st_uid)
+ return false;
+
+ strcat(oom_adj, "/oom_adj");
+ int fd = open(oom_adj, O_WRONLY);
+ if (fd < 0)
+ return false;
+
+ char buf[3]; // 0 <= |score| <= 15;
+ snprintf(buf, sizeof(buf), "%d", score);
+ size_t len = strlen(buf);
+
+ ssize_t bytes_written = write(fd, buf, len);
+ close(fd);
+ return (bytes_written == len);
+}
diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c
index f54bcd1..04073d4 100644
--- a/sandbox/linux/suid/sandbox.c
+++ b/sandbox/linux/suid/sandbox.c
@@ -26,6 +26,7 @@
#include <unistd.h>
#include "linux_util.h"
+#include "process_util.h"
#include "suid_unsafe_environment_variables.h"
#if !defined(CLONE_NEWPID)
@@ -309,7 +310,7 @@ int main(int argc, char **argv) {
// when you call it with --find-inode INODE_NUMBER.
if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) {
pid_t pid;
- char *endptr;
+ char* endptr;
ino_t inode = strtoull(argv[2], &endptr, 10);
if (inode == ULLONG_MAX || *endptr)
return 1;
@@ -318,6 +319,19 @@ int main(int argc, char **argv) {
printf("%d\n", pid);
return 0;
}
+ // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers
+ // because those files are owned by root. So we need another helper here.
+ if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) {
+ char* endptr;
+ int score;
+ pid_t pid = strtoul(argv[2], &endptr, 10);
+ if (pid == ULONG_MAX || *endptr)
+ return 1;
+ score = strtol(argv[3], &endptr, 10);
+ if (score == LONG_MAX || score == LONG_MIN || *endptr)
+ return 1;
+ return AdjustOOMScore(pid, score);
+ }
if (!MoveToNewPIDNamespace())
return 1;