summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/process_util.h7
-rw-r--r--base/process_util_linux.cc18
-rw-r--r--chrome/app/chrome_dll_main.cc37
-rw-r--r--chrome/browser/zygote_host_linux.cc41
-rw-r--r--chrome/browser/zygote_host_linux.h2
-rw-r--r--sandbox/linux/suid/process_util.h21
-rw-r--r--sandbox/linux/suid/process_util_linux.c45
-rw-r--r--sandbox/linux/suid/sandbox.c16
-rw-r--r--sandbox/sandbox.gyp2
9 files changed, 175 insertions, 14 deletions
diff --git a/base/process_util.h b/base/process_util.h
index 41d1d17..1122de7 100644
--- a/base/process_util.h
+++ b/base/process_util.h
@@ -100,6 +100,13 @@ FilePath GetProcessExecutablePath(ProcessHandle process);
// CPU-related ticks. Returns -1 on parse error.
// Exposed for testing.
int ParseProcStatCPU(const std::string& input);
+
+static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score";
+
+// This adjusts /proc/process/oom_adj so the Linux OOM killer will prefer
+// certain process types over others. The range for the adjustment is
+// [-17,15], with [0,15] being user accessible.
+bool AdjustOOMScore(ProcessId process, int score);
#endif
#if defined(OS_POSIX)
diff --git a/base/process_util_linux.cc b/base/process_util_linux.cc
index bd6bcf3..1a7e090 100644
--- a/base/process_util_linux.cc
+++ b/base/process_util_linux.cc
@@ -513,7 +513,6 @@ void OnNoMemory() {
} // namespace
extern "C" {
-
#if !defined(LINUX_USE_TCMALLOC)
typedef void* (*malloc_type)(size_t size);
@@ -600,7 +599,6 @@ int posix_memalign(void** ptr, size_t alignment, size_t size) {
}
#endif // !defined(LINUX_USE_TCMALLOC)
-
} // extern C
void EnableTerminationOnOutOfMemory() {
@@ -610,4 +608,20 @@ void EnableTerminationOnOutOfMemory() {
// malloc and friends and make them die on out of memory.
}
+bool AdjustOOMScore(ProcessId process, int score) {
+ if (score < 0 || score > 15)
+ return false;
+
+ FilePath oom_adj("/proc");
+ oom_adj = oom_adj.Append(Int64ToString(process));
+ oom_adj = oom_adj.AppendASCII("oom_adj");
+
+ if (!file_util::PathExists(oom_adj))
+ return false;
+
+ std::string score_str = IntToString(score);
+ return (static_cast<int>(score_str.length()) ==
+ file_util::WriteFile(oom_adj, score_str.c_str(), score_str.length()));
+}
+
} // namespace base
diff --git a/chrome/app/chrome_dll_main.cc b/chrome/app/chrome_dll_main.cc
index 3531e80..e78cec7 100644
--- a/chrome/app/chrome_dll_main.cc
+++ b/chrome/app/chrome_dll_main.cc
@@ -245,6 +245,37 @@ static void SetUpGLibLogHandler() {
NULL);
}
}
+
+static void AdjustLinuxOOMScore(const std::string& process_type) {
+ const int kMiscScore = 7;
+ const int kPluginScore = 10;
+ int score = -1;
+
+ if (process_type == switches::kPluginProcess) {
+ score = kPluginScore;
+ } else if (process_type == switches::kUtilityProcess ||
+ process_type == switches::kWorkerProcess) {
+ score = kMiscScore;
+ } else if (process_type == switches::kProfileImportProcess) {
+ NOTIMPLEMENTED();
+#ifndef DISABLE_NACL
+ } else if (process_type == switches::kNaClProcess) {
+ score = kPluginScore;
+#endif
+ } else if (process_type == switches::kZygoteProcess ||
+ process_type.empty()) {
+ // Pass - browser / zygote process stays at 0.
+ } else if (process_type == switches::kExtensionProcess ||
+ process_type == switches::kRendererProcess) {
+ // Set in chrome/browser/zygote_host_linux.cc.
+ NOTREACHED() << "process type " << process_type
+ << "should go through the zygote.";
+ } else {
+ NOTREACHED() << "Unknown process type";
+ }
+ if (score > -1)
+ base::AdjustOOMScore(base::GetCurrentProcId(), score);
+}
#endif // defined(OS_LINUX)
// Register the invalid param handler and pure call handler to be able to
@@ -601,6 +632,12 @@ int ChromeMain(int argc, char** argv) {
MainFunctionParams main_params(parsed_command_line, sandbox_wrapper,
&autorelease_pool);
+ // Note: If you are adding a new process type below, be sure to adjust the
+ // AdjustLinuxOOMScore function too.
+#if defined(OS_LINUX)
+ AdjustLinuxOOMScore(process_type);
+#endif
+
// TODO(port): turn on these main() functions as they've been de-winified.
int rv = -1;
if (process_type == switches::kRendererProcess) {
diff --git a/chrome/browser/zygote_host_linux.cc b/chrome/browser/zygote_host_linux.cc
index 5e811f7..33f0dff 100644
--- a/chrome/browser/zygote_host_linux.cc
+++ b/chrome/browser/zygote_host_linux.cc
@@ -49,7 +49,8 @@ static void SaveSUIDUnsafeEnvironmentVariables() {
ZygoteHost::ZygoteHost()
: pid_(-1),
- init_(false) {
+ init_(false),
+ using_suid_sandbox_(false) {
}
ZygoteHost::~ZygoteHost() {
@@ -100,24 +101,23 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) {
cmd_line.AppendSwitch(switches::kEnableSeccompSandbox);
}
- const char* sandbox_binary = sandbox_cmd.c_str();
+ sandbox_binary_ = sandbox_cmd.c_str();
struct stat st;
- bool using_suid_sandbox = false;
- if (!sandbox_cmd.empty() && stat(sandbox_binary, &st) == 0) {
- if (access(sandbox_binary, X_OK) == 0 &&
+ if (!sandbox_cmd.empty() && stat(sandbox_binary_.c_str(), &st) == 0) {
+ if (access(sandbox_binary_.c_str(), X_OK) == 0 &&
(st.st_uid == 0) &&
(st.st_mode & S_ISUID) &&
(st.st_mode & S_IXOTH)) {
- using_suid_sandbox = true;
- cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary));
+ using_suid_sandbox_ = true;
+ cmd_line.PrependWrapper(ASCIIToWide(sandbox_binary_.c_str()));
SaveSUIDUnsafeEnvironmentVariables();
} else {
LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
"configured correctly. Rather than run without sandboxing "
"I'm aborting now. You need to make sure that "
- << sandbox_binary << " is mode 4755 and owned by root.";
+ << sandbox_binary_ << " is mode 4755 and owned by root.";
}
}
@@ -127,7 +127,7 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) {
fds_to_map.push_back(std::make_pair(sfd, 5));
int dummy_fd = -1;
- if (using_suid_sandbox) {
+ if (using_suid_sandbox_) {
dummy_fd = socket(PF_UNIX, SOCK_DGRAM, 0);
CHECK(dummy_fd >= 0);
fds_to_map.push_back(std::make_pair(dummy_fd, 7));
@@ -137,7 +137,7 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) {
base::LaunchApp(cmd_line.argv(), fds_to_map, false, &process);
CHECK(process != -1) << "Failed to launch zygote process";
- if (using_suid_sandbox) {
+ if (using_suid_sandbox_) {
// In the SUID sandbox, the real zygote is forked from the sandbox.
// We need to look for it.
// But first, wait for the zygote to tell us it's running.
@@ -156,7 +156,7 @@ void ZygoteHost::Init(const std::string& sandbox_cmd) {
if (base::FileDescriptorGetInode(&inode, dummy_fd)) {
close(dummy_fd);
std::vector<std::string> get_inode_cmdline;
- get_inode_cmdline.push_back(sandbox_binary);
+ get_inode_cmdline.push_back(sandbox_binary_);
get_inode_cmdline.push_back(base::kFindInodeSwitch);
get_inode_cmdline.push_back(Int64ToString(inode));
CommandLine get_inode_cmd(get_inode_cmdline);
@@ -207,6 +207,25 @@ pid_t ZygoteHost::ForkRenderer(
if (HANDLE_EINTR(read(control_fd_, &pid, sizeof(pid))) != sizeof(pid))
return base::kNullProcessHandle;
+ const int kRendererScore = 5;
+ if (using_suid_sandbox_) {
+ base::ProcessHandle sandbox_helper_process;
+ base::file_handle_mapping_vector dummy_map;
+ std::vector<std::string> adj_oom_score_cmdline;
+
+ adj_oom_score_cmdline.push_back(sandbox_binary_);
+ adj_oom_score_cmdline.push_back(base::kAdjustOOMScoreSwitch);
+ adj_oom_score_cmdline.push_back(Int64ToString(pid));
+ adj_oom_score_cmdline.push_back(IntToString(kRendererScore));
+ CommandLine adj_oom_score_cmd(adj_oom_score_cmdline);
+ if (base::LaunchApp(adj_oom_score_cmdline, dummy_map, false,
+ &sandbox_helper_process)) {
+ ProcessWatcher::EnsureProcessGetsReaped(sandbox_helper_process);
+ }
+ } else {
+ base::AdjustOOMScore(pid, kRendererScore);
+ }
+
return pid;
}
diff --git a/chrome/browser/zygote_host_linux.h b/chrome/browser/zygote_host_linux.h
index f84a88b..53485e0 100644
--- a/chrome/browser/zygote_host_linux.h
+++ b/chrome/browser/zygote_host_linux.h
@@ -55,6 +55,8 @@ class ZygoteHost {
int control_fd_; // the socket to the zygote
pid_t pid_;
bool init_;
+ bool using_suid_sandbox_;
+ std::string sandbox_binary_;
};
#endif // CHROME_BROWSER_ZYGOTE_HOST_LINUX_H_
diff --git a/sandbox/linux/suid/process_util.h b/sandbox/linux/suid/process_util.h
new file mode 100644
index 0000000..68ff81d
--- /dev/null
+++ b/sandbox/linux/suid/process_util.h
@@ -0,0 +1,21 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// The following is duplicated from base/process_utils.h.
+// We shouldn't link against C++ code in a setuid binary.
+
+#ifndef SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
+#define SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
+
+#include <stdbool.h>
+#include <sys/types.h>
+
+static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score";
+
+// This adjusts /proc/process/oom_adj so the Linux OOM killer will prefer
+// certain process types over others. The range for the adjustment is
+// [-17,15], with [0,15] being user accessible.
+bool AdjustOOMScore(pid_t process, int score);
+
+#endif // SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
diff --git a/sandbox/linux/suid/process_util_linux.c b/sandbox/linux/suid/process_util_linux.c
new file mode 100644
index 0000000..4a574ad
--- /dev/null
+++ b/sandbox/linux/suid/process_util_linux.c
@@ -0,0 +1,45 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// The following is the C version of code from base/process_utils_linux.cc.
+// We shouldn't link against C++ code in a setuid binary.
+
+#include "process_util.h"
+
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+bool AdjustOOMScore(pid_t process, int score) {
+ if (score < 0 || score > 15)
+ return false;
+
+ char oom_adj[35]; // "/proc/" + log_2(2**64) + "/oom_adj\0"
+ // 6 + 20 + 9 = 35
+ snprintf(oom_adj, sizeof(oom_adj), "/proc/%lu", process);
+
+ struct stat statbuf;
+ if (stat(oom_adj, &statbuf) < 0)
+ return false;
+ if (getuid() != statbuf.st_uid)
+ return false;
+
+ strcat(oom_adj, "/oom_adj");
+ int fd = open(oom_adj, O_WRONLY);
+ if (fd < 0)
+ return false;
+
+ char buf[3]; // 0 <= |score| <= 15;
+ snprintf(buf, sizeof(buf), "%d", score);
+ size_t len = strlen(buf);
+
+ ssize_t bytes_written = write(fd, buf, len);
+ close(fd);
+ return (bytes_written == len);
+}
diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c
index f54bcd1..04073d4 100644
--- a/sandbox/linux/suid/sandbox.c
+++ b/sandbox/linux/suid/sandbox.c
@@ -26,6 +26,7 @@
#include <unistd.h>
#include "linux_util.h"
+#include "process_util.h"
#include "suid_unsafe_environment_variables.h"
#if !defined(CLONE_NEWPID)
@@ -309,7 +310,7 @@ int main(int argc, char **argv) {
// when you call it with --find-inode INODE_NUMBER.
if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) {
pid_t pid;
- char *endptr;
+ char* endptr;
ino_t inode = strtoull(argv[2], &endptr, 10);
if (inode == ULLONG_MAX || *endptr)
return 1;
@@ -318,6 +319,19 @@ int main(int argc, char **argv) {
printf("%d\n", pid);
return 0;
}
+ // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers
+ // because those files are owned by root. So we need another helper here.
+ if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) {
+ char* endptr;
+ int score;
+ pid_t pid = strtoul(argv[2], &endptr, 10);
+ if (pid == ULONG_MAX || *endptr)
+ return 1;
+ score = strtol(argv[3], &endptr, 10);
+ if (score == LONG_MAX || score == LONG_MIN || *endptr)
+ return 1;
+ return AdjustOOMScore(pid, score);
+ }
if (!MoveToNewPIDNamespace())
return 1;
diff --git a/sandbox/sandbox.gyp b/sandbox/sandbox.gyp
index eccd772..e457661 100644
--- a/sandbox/sandbox.gyp
+++ b/sandbox/sandbox.gyp
@@ -12,6 +12,8 @@
'sources': [
'linux/suid/linux_util.c',
'linux/suid/linux_util.h',
+ 'linux/suid/process_util.h',
+ 'linux/suid/process_util_linux.c',
'linux/suid/sandbox.c',
],
'cflags': [