chromium/src
0
Fork 0
Code Activity
Files
fda19616dc73268e333d45b341e56956fed85b49
src/base/linux_util.h
Igor Kraskevich bfc62af588 Check that Renderer tids don't belong to Browser from the Browser process 
This change is relevant only to Chrome on Android because other
platforms don't have ADPF support.

At the moment the GPU process checks that Renderer tids don't belong to
itself and the Browser process before including them into the ADPF hint
session. This check works incorrectly (= always fails) on Beta and
Stable because the GPU process doesn't have access to the list of
threads of the Browser process. As a result, Renderer threads are
missing from the ADPF hint session. It works correctly on Canary and Dev
because the Chrome app is marked as "profileable".

With this change, the GPU process checks that Renderer tids don't belong
to itself, and then asks the Browser process to check that these tids
don't belong to Browser via a mojo message. The GPU and the Browser
processes have access to the list of the own threads (using
/proc/self/task) on all channels, so this change fixes Chrome ADPF usage
on Beta and Stable.

While this is effectively a bug fix, it's hidden behind a disabled by
default `EnableADPFAsyncThreadsVerification` feature to make sure that
we can roll it out safely and properly evaluate the impact on field
metrics for Beta and Stable.

b/302096134#comment41 has a link to the design doc with the discussion
of other options considered and the security implications.

Local testing with a custom build branded as "Chrome Beta" shows the
same behavior as the current Chrome app (i.e. Renderer threads missing
from the ADPF session) when the feature is disabled, and fixed behavior
(i.e. Renderer threads are in the ADPF session) when the feature is
enabled.

Bug: b/302096134
Change-Id: Iaf6fa6cf9ba7394e19f985b5f4681845594b8337
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4921772
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Liza Burakova <liza@chromium.org>
Reviewed-by: Jonathan Ross <jonross@chromium.org>
Commit-Queue: Igor Kraskevich <kraskevich@google.com>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1210849}
2023-10-17 15:09:28 +00:00

66 lines
2.6 KiB
C++
Raw Blame History

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef BASE_LINUX_UTIL_H_
#define BASE_LINUX_UTIL_H_
#include <stdint.h>
#include <sys/types.h>
#include <string>
#include <vector>
#include "base/base_export.h"
namespace base {
// This is declared here so the crash reporter can access the memory directly
// in compromised context without going through the standard library.
BASE_EXPORT extern char g_linux_distro[];
// Get the Linux Distro if we can, or return "Unknown".
BASE_EXPORT std::string GetLinuxDistro();
#if defined(UNIT_TEST)
// Get the value of given key from the given input (content of the
// /etc/os-release file. Exposed for testing.
BASE_EXPORT std::string GetKeyValueFromOSReleaseFileForTesting(
const std::string& input,
const char* key);
#endif // defined(UNIT_TEST)
// Set the Linux Distro string.
BASE_EXPORT void SetLinuxDistro(const std::string& distro);
// For a given process |pid|, get a list of all its threads. On success, returns
// true and appends the list of threads to |tids|. Otherwise, returns false.
BASE_EXPORT bool GetThreadsForProcess(pid_t pid, std::vector<pid_t>* tids);
// Get a list of all threads for the current process. On success, returns true
// and appends the list of threads to |tids|. Otherwise, returns false.
// Unlike the function above, this function reads /proc/self/tasks, not
// /proc/<pid>/tasks. On Android, the former should always be accessible to
// GPU and Browser processes, while the latter may or may not be accessible
// depending on the system and the app configuration.
BASE_EXPORT bool GetThreadsForCurrentProcess(std::vector<pid_t>* tids);
// For a given process |pid|, look through all its threads and find the first
// thread with /proc/[pid]/task/[thread_id]/syscall whose first N bytes matches
// |expected_data|, where N is the length of |expected_data|.
// Returns the thread id or -1 on error. If |syscall_supported| is
// set to false the kernel does not support syscall in procfs.
BASE_EXPORT pid_t FindThreadIDWithSyscall(pid_t pid,
const std::string& expected_data,
bool* syscall_supported);
// For a given process |pid|, look through all its threads and find the first
// thread with /proc/[pid]/task/[thread_id]/status where NSpid matches |ns_tid|.
// Returns the thread id or -1 on error. If |ns_pid_supported| is
// set to false the kernel does not support NSpid in procfs.
BASE_EXPORT pid_t FindThreadID(pid_t pid, pid_t ns_tid, bool* ns_pid_supported);
} // namespace base
#endif // BASE_LINUX_UTIL_H_
View Git Blame Copy Permalink