From e5856a7a015a8a4d790b51136881a32364ee912a Mon Sep 17 00:00:00 2001
From: "thestig@chromium.org"
 <thestig@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 10 Dec 2009 02:08:10 +0000
Subject: Linux: Adjust /proc/pid/oom_adj to sacrifice plugin and renderer
 processes to the OOM killer.

BUG=29752
TEST=During out of memory conditions, Linux kernel picks a plugin/renderer over the browser process.
Review URL: http://codereview.chromium.org/467058

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34222 0039d316-1c4b-4281-b951-d872f2087c98
---
 sandbox/linux/suid/process_util.h       | 21 +++++++++++++++
 sandbox/linux/suid/process_util_linux.c | 45 +++++++++++++++++++++++++++++++++
 sandbox/linux/suid/sandbox.c            | 16 +++++++++++-
 3 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 sandbox/linux/suid/process_util.h
 create mode 100644 sandbox/linux/suid/process_util_linux.c

(limited to 'sandbox/linux')

diff --git a/sandbox/linux/suid/process_util.h b/sandbox/linux/suid/process_util.h
new file mode 100644
index 0000000..68ff81d
--- /dev/null
+++ b/sandbox/linux/suid/process_util.h
@@ -0,0 +1,21 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// The following is duplicated from base/process_utils.h.
+// We shouldn't link against C++ code in a setuid binary.
+
+#ifndef SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
+#define SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
+
+#include <stdbool.h>
+#include <sys/types.h>
+
+static const char kAdjustOOMScoreSwitch[] = "--adjust-oom-score";
+
+// This adjusts /proc/process/oom_adj so the Linux OOM killer will prefer
+// certain process types over others. The range for the adjustment is
+// [-17,15], with [0,15] being user accessible.
+bool AdjustOOMScore(pid_t process, int score);
+
+#endif  // SANDBOX_LINUX_SUID_PROCESS_UTIL_H_
diff --git a/sandbox/linux/suid/process_util_linux.c b/sandbox/linux/suid/process_util_linux.c
new file mode 100644
index 0000000..4a574ad
--- /dev/null
+++ b/sandbox/linux/suid/process_util_linux.c
@@ -0,0 +1,45 @@
+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// The following is the C version of code from base/process_utils_linux.cc.
+// We shouldn't link against C++ code in a setuid binary.
+
+#include "process_util.h"
+
+#include <fcntl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+bool AdjustOOMScore(pid_t process, int score) {
+  if (score < 0 || score > 15)
+    return false;
+
+  char oom_adj[35];  // "/proc/" + log_2(2**64) + "/oom_adj\0"
+                     //    6     +       20     +     9         = 35
+  snprintf(oom_adj, sizeof(oom_adj), "/proc/%lu", process);
+
+  struct stat statbuf;
+  if (stat(oom_adj, &statbuf) < 0)
+    return false;
+  if (getuid() != statbuf.st_uid)
+    return false;
+
+  strcat(oom_adj, "/oom_adj");
+  int fd = open(oom_adj, O_WRONLY);
+  if (fd < 0)
+    return false;
+
+  char buf[3];  // 0 <= |score| <= 15;
+  snprintf(buf, sizeof(buf), "%d", score);
+  size_t len = strlen(buf);
+
+  ssize_t bytes_written = write(fd, buf, len);
+  close(fd);
+  return (bytes_written == len);
+}
diff --git a/sandbox/linux/suid/sandbox.c b/sandbox/linux/suid/sandbox.c
index f54bcd1..04073d4 100644
--- a/sandbox/linux/suid/sandbox.c
+++ b/sandbox/linux/suid/sandbox.c
@@ -26,6 +26,7 @@
 #include <unistd.h>
 
 #include "linux_util.h"
+#include "process_util.h"
 #include "suid_unsafe_environment_variables.h"
 
 #if !defined(CLONE_NEWPID)
@@ -309,7 +310,7 @@ int main(int argc, char **argv) {
   // when you call it with --find-inode INODE_NUMBER.
   if (argc == 3 && (0 == strcmp(argv[1], kFindInodeSwitch))) {
     pid_t pid;
-    char *endptr;
+    char* endptr;
     ino_t inode = strtoull(argv[2], &endptr, 10);
     if (inode == ULLONG_MAX || *endptr)
       return 1;
@@ -318,6 +319,19 @@ int main(int argc, char **argv) {
     printf("%d\n", pid);
     return 0;
   }
+  // Likewise, we cannot adjust /proc/pid/oom_adj for sandboxed renderers
+  // because those files are owned by root. So we need another helper here.
+  if (argc == 4 && (0 == strcmp(argv[1], kAdjustOOMScoreSwitch))) {
+    char* endptr;
+    int score;
+    pid_t pid = strtoul(argv[2], &endptr, 10);
+    if (pid == ULONG_MAX || *endptr)
+      return 1;
+    score = strtol(argv[3], &endptr, 10);
+    if (score == LONG_MAX || score == LONG_MIN || *endptr)
+      return 1;
+    return AdjustOOMScore(pid, score);
+  }
 
   if (!MoveToNewPIDNamespace())
     return 1;
-- 
cgit v1.1