Preload the Asahi drivers when preparing the GPU sandbox
This replaces 4119913's changes and instead uses the existing dlopen calls for kmsro drivers. Bug: None Change-Id: I3206f516dddd1f05715484a579bdef34ab0b36dd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4186738 Reviewed-by: Matthew Denton <mpdenton@chromium.org> Commit-Queue: Matthew Denton <mpdenton@chromium.org> Reviewed-by: Kenneth Russell <kbr@chromium.org> Cr-Commit-Position: refs/heads/main@{#1095970}
This commit is contained in:
Ryan Gonzalez
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
9d932a1d89
commit
f2cd9905a3
@ -405,12 +405,6 @@ int GpuMain(MainFunctionParams parameters) {
|
||||
namespace {
|
||||
|
||||
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
||||
bool IsAsahiGpu(const gpu::GPUInfo::GPUDevice& device) {
|
||||
// Asahi's vendor ID is a stub value (0xffffffff), so match the vendor name
|
||||
// instead.
|
||||
return device.vendor_string.find("Asahi") != std::string::npos;
|
||||
}
|
||||
|
||||
bool StartSandboxLinux(gpu::GpuWatchdogThread* watchdog_thread,
|
||||
const gpu::GPUInfo* gpu_info,
|
||||
const gpu::GpuPreferences& gpu_prefs) {
|
||||
@ -436,8 +430,6 @@ bool StartSandboxLinux(gpu::GpuWatchdogThread* watchdog_thread,
|
||||
angle::IsVirtIO(gpu_info->active_gpu().vendor_id);
|
||||
sandbox_options.use_nvidia_specific_policies =
|
||||
angle::IsNVIDIA(gpu_info->active_gpu().vendor_id);
|
||||
sandbox_options.use_asahi_specific_policies =
|
||||
IsAsahiGpu(gpu_info->active_gpu());
|
||||
for (const auto& gpu : gpu_info->secondary_gpus) {
|
||||
if (angle::IsAMD(gpu.vendor_id))
|
||||
sandbox_options.use_amd_specific_policies = true;
|
||||
@ -445,8 +437,6 @@ bool StartSandboxLinux(gpu::GpuWatchdogThread* watchdog_thread,
|
||||
sandbox_options.use_intel_specific_policies = true;
|
||||
else if (angle::IsNVIDIA(gpu.vendor_id))
|
||||
sandbox_options.use_nvidia_specific_policies = true;
|
||||
else if (IsAsahiGpu(gpu))
|
||||
sandbox_options.use_asahi_specific_policies = true;
|
||||
}
|
||||
}
|
||||
sandbox_options.accelerated_video_decode_enabled =
|
||||
|
||||
@ -393,21 +393,12 @@ void AddVulkanICDPermissions(std::vector<BrokerFilePermission>* permissions) {
|
||||
}
|
||||
}
|
||||
|
||||
void AddStandardGpuPermissions(
|
||||
std::vector<BrokerFilePermission>* permissions,
|
||||
const sandbox::policy::SandboxSeccompBPF::Options& options) {
|
||||
void AddStandardGpuPermissions(std::vector<BrokerFilePermission>* permissions) {
|
||||
static const char kDriCardBasePath[] = "/dev/dri/card";
|
||||
static const char kNvidiaCtlPath[] = "/dev/nvidiactl";
|
||||
static const char kNvidiaDeviceBasePath[] = "/dev/nvidia";
|
||||
static const char kNvidiaDeviceModeSetPath[] = "/dev/nvidia-modeset";
|
||||
static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params";
|
||||
static const char kAsahiDri[] =
|
||||
#if defined(DRI_DRIVER_DIR)
|
||||
DRI_DRIVER_DIR "/asahi_dri.so"
|
||||
#else
|
||||
"/usr/lib64/dri/asahi_dri.so"
|
||||
#endif
|
||||
;
|
||||
static const char kDevShm[] = "/dev/shm/";
|
||||
|
||||
// For shared memory.
|
||||
@ -439,11 +430,6 @@ void AddStandardGpuPermissions(
|
||||
permissions->push_back(BrokerFilePermission::ReadOnly(sw_path));
|
||||
}
|
||||
}
|
||||
|
||||
// For Asahi drivers.
|
||||
if (options.use_asahi_specific_policies) {
|
||||
permissions->push_back(BrokerFilePermission::ReadOnly(kAsahiDri));
|
||||
}
|
||||
}
|
||||
|
||||
std::vector<BrokerFilePermission> FilePermissionsForGpu(
|
||||
@ -474,7 +460,7 @@ std::vector<BrokerFilePermission> FilePermissionsForGpu(
|
||||
AddIntelGpuPermissions(&permissions);
|
||||
}
|
||||
if (options.use_nvidia_specific_policies) {
|
||||
AddStandardGpuPermissions(&permissions, options);
|
||||
AddStandardGpuPermissions(&permissions);
|
||||
}
|
||||
if (options.use_virtio_specific_policies) {
|
||||
AddVirtIOGpuPermissions(&permissions);
|
||||
@ -492,7 +478,7 @@ std::vector<BrokerFilePermission> FilePermissionsForGpu(
|
||||
}
|
||||
}
|
||||
|
||||
AddStandardGpuPermissions(&permissions, options);
|
||||
AddStandardGpuPermissions(&permissions);
|
||||
return permissions;
|
||||
}
|
||||
|
||||
@ -521,15 +507,18 @@ void LoadArmGpuLibraries() {
|
||||
DRI_DRIVER_DIR "/panfrost_dri.so",
|
||||
DRI_DRIVER_DIR "/mediatek_dri.so",
|
||||
DRI_DRIVER_DIR "/rockchip_dri.so",
|
||||
DRI_DRIVER_DIR "/asahi_dri.so",
|
||||
#else
|
||||
"/usr/lib64/dri/msm_dri.so",
|
||||
"/usr/lib64/dri/panfrost_dri.so",
|
||||
"/usr/lib64/dri/mediatek_dri.so",
|
||||
"/usr/lib64/dri/rockchip_dri.so",
|
||||
"/usr/lib64/dri/asahi_dri.so",
|
||||
"/usr/lib/dri/msm_dri.so",
|
||||
"/usr/lib/dri/panfrost_dri.so",
|
||||
"/usr/lib/dri/mediatek_dri.so",
|
||||
"/usr/lib/dri/rockchip_dri.so",
|
||||
"/usr/lib/dri/asahi_dri.so",
|
||||
#endif
|
||||
nullptr
|
||||
};
|
||||
|
||||
@ -29,7 +29,6 @@ class SANDBOX_POLICY_EXPORT SandboxSeccompBPF {
|
||||
bool use_intel_specific_policies = false; // For ChromiumOS.
|
||||
bool use_virtio_specific_policies = false; // For ChromiumOS VM.
|
||||
bool use_nvidia_specific_policies = false; // For Linux.
|
||||
bool use_asahi_specific_policies = false; // For Linux.
|
||||
|
||||
// Options for GPU's PreSandboxHook.
|
||||
bool accelerated_video_decode_enabled = false;
|
||||
|
||||
Reference in New Issue
Block a user