Message ID | 20240206175841.32717-3-detheridge@ti.com |
---|---|
State | Superseded |
Delegated to: | Ryan Eatmon |
Headers | show |
Series | cleanup old/add new chromium | expand |
Hi Darren In commit message title, s/bbapend/bbappend On 06/02/24 23:28, Etheridge, Darren via lists.yoctoproject.org wrote: > From: Darren Etheridge <detheridge@ ti. com> This applies a patch for > meta-browser/chromium-ozone-wayland to make the sandboxing work with > the Imagination GPU components without the need for the --no-sandbox > flag. GPU acceleration in Chromium > ZjQcmQRYFpfptBannerStart > This message was sent from outside of Texas Instruments. > Do not click links or open attachments unless you recognize the source > of this email and know the content is safe. > ZjQcmQRYFpfptBannerEnd > From: Darren Etheridge <detheridge@ti.com> > > This applies a patch for meta-browser/chromium-ozone-wayland to make the > sandboxing work with the Imagination GPU components without the need for > the --no-sandbox flag. > > GPU acceleration in Chromium is dependant on IMG DDK 23.3. It works > across AXE/BXS/8XE GPU's. No acceleration is expected for SGX. > > Also add an upstream patch to stop Chromium from segfaulting when it is > run with no input devices connected to the board. > Patch was retrieved from: > https://urldefense.com/v3/__https://chromium.googlesource.com/chromium/src/*/323077958301bc321d840a2c2b983ab469934753__;Kw!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HHSGHXOR$ > > Signed-off-by: Darren Etheridge <detheridge@ti.com> > --- > meta-arago-distro/conf/layer.conf | 2 + > ...omium-ozone-wayland_111.0.5563.64.bbappend | 8 ++ > ...dbox-allow-access-to-PowerVR-GPU-fro.patch | 74 +++++++++++++++++++ > ...-chromium-32307795-fix-nullprt-deref.patch | 52 +++++++++++++ > 4 files changed, 136 insertions(+) > create mode 100644 meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend > create mode 100644 meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch > create mode 100644 meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch > > diff --git a/meta-arago-distro/conf/layer.conf b/meta-arago-distro/conf/layer.conf > index 40b0f5bb..b0221860 100644 > --- a/meta-arago-distro/conf/layer.conf > +++ b/meta-arago-distro/conf/layer.conf > @@ -24,9 +24,11 @@ LAYERDEPENDS_meta-arago-distro = " \ > # clang-layer > > LAYERRECOMMENDS_meta-arago-distro = " \ > + chromium-browser-layer \ > " > > BBFILES_DYNAMIC += " \ > + chromium-browser-layer:${LAYERDIR}/dynamic-layers/chromium-browser-layer/recipes*/*/*.bbappend \ > " > > BB_DANGLINGAPPENDS_WARNONLY = "true" > diff --git a/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend > new file mode 100644 > index 00000000..df93e26b > --- /dev/null > +++ b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend > @@ -0,0 +1,8 @@ > +PR:append = ".arago0" > + > +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}_${PV}:" > + > +SRC_URI:append = " \ > + file://0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch \ > + file://0002-upstream-chromium-32307795-fix-nullprt-deref.patch \ > + " > diff --git a/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch > new file mode 100644 > index 00000000..1930f976 > --- /dev/null > +++ b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch > @@ -0,0 +1,74 @@ > +From 11267fe76f81dce283d565d517b679aa2be44466 Mon Sep 17 00:00:00 2001 > +From: Darren Etheridge <detheridge@ti.com> > +Date: Fri, 26 Jan 2024 10:54:49 -0600 > +Subject: [PATCH] chromium: gpu: sandbox: allow access to PowerVR GPU from > + sandbox > + > +Chromium runs in a sandbox to limit access to the system, however > +the PowerVR drivers for the Imagination GPU used on TI hardware need > +some extra libraries along with the DRM device nodes to be opened up. > +This patch opens up the necessary pieces. > + > +Signed-off-by: Darren Etheridge <detheridge@ti.com> > +--- > + content/gpu/gpu_sandbox_hook_linux.cc | 16 +++++++++++++++- > + 1 file changed, 15 insertions(+), 1 deletion(-) > + > +diff --git a/content/gpu/gpu_sandbox_hook_linux.cc b/content/gpu/gpu_sandbox_hook_linux.cc > +index d93285a..1f8aafd 100644 > +--- a/content/gpu/gpu_sandbox_hook_linux.cc > ++++ b/content/gpu/gpu_sandbox_hook_linux.cc > +@@ -67,6 +67,11 @@ inline bool UseChromecastSandboxAllowlist() { > + #endif > + } > + > ++inline bool IsGPUIMGRogue() { > ++ return true; > ++} > ++ > ++ > + inline bool IsArchitectureArm() { > + #if defined(ARCH_CPU_ARM_FAMILY) > + return true; > +@@ -441,6 +446,11 @@ std::vector<BrokerFilePermission> FilePermissionsForGpu( > + > + AddVulkanICDPermissions(&permissions); > + > ++ if (IsGPUIMGRogue()) { > ++ // Add standard DRM permissions for snapdragon/PowerVR: > ++ AddDrmGpuPermissions(&permissions); > ++ } > ++ > + if (IsChromeOS()) { > + // Permissions are additive, there can be multiple GPUs in the system. > + AddStandardChromeOsPermissions(&permissions); > +@@ -508,6 +518,8 @@ void LoadArmGpuLibraries() { > + DRI_DRIVER_DIR "/mediatek_dri.so", > + DRI_DRIVER_DIR "/rockchip_dri.so", > + DRI_DRIVER_DIR "/asahi_dri.so", > ++ DRI_DRIVER_DIR "/pvr_dri.so", > ++ DRI_DRIVER_DIR "/tidss_dri.so", > + #else > + "/usr/lib64/dri/msm_dri.so", > + "/usr/lib64/dri/panfrost_dri.so", > +@@ -515,6 +527,8 @@ void LoadArmGpuLibraries() { > + "/usr/lib64/dri/rockchip_dri.so", > + "/usr/lib64/dri/asahi_dri.so", > + "/usr/lib/dri/msm_dri.so", > ++ "/usr/lib/dri/tidss_dri.so", > ++ "/usr/lib/dri/pvr_dri.so", > + "/usr/lib/dri/panfrost_dri.so", > + "/usr/lib/dri/mediatek_dri.so", > + "/usr/lib/dri/rockchip_dri.so", > +@@ -632,7 +646,7 @@ sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU( > + command_set.set(sandbox::syscall_broker::COMMAND_ACCESS); > + command_set.set(sandbox::syscall_broker::COMMAND_OPEN); > + command_set.set(sandbox::syscall_broker::COMMAND_STAT); > +- if (IsChromeOS() && > ++ if ((IsGPUIMGRogue() || IsChromeOS()) && > + (options.use_amd_specific_policies || > + options.use_intel_specific_policies || > + options.use_virtio_specific_policies || IsArchitectureArm())) { > +-- > +2.36.1 > + > diff --git a/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch > new file mode 100644 > index 00000000..5624de96 > --- /dev/null > +++ b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch > @@ -0,0 +1,52 @@ > +From 323077958301bc321d840a2c2b983ab469934753 Mon Sep 17 00:00:00 2001 > +From: Max Ihlenfeldt <max@igalia.com> > +Date: Wed, 02 Aug 2023 15:46:56 +0000 > +Subject: [PATCH] ozone/wayland: Fix nullptr deref in WaylandWindowManager > + > +When no input devices are available (e.g. embedded devices), > +`connection_->window_drag_controller()` returns nullptr. Add a check to > +ensure we don't accidentally dereference that. > + > +See alsohttps://urldefense.com/v3/__https://github.com/OSSystems/meta-browser/issues/736__;!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HPEd77cm$. > + > +Bug: 578890 > +Change-Id: I472d0dfabfea6b4d072ede98c8593370524f54f0 > +Reviewed-on:https://urldefense.com/v3/__https://chromium-review.googlesource.com/c/chromium/src/*/4724882__;Kw!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HIEZ9BQ2$ > +Reviewed-by: Antonio Gomes <tonikitoo@igalia.com> > +Commit-Queue: Max Ihlenfeldt <max@igalia.com> > +Cr-Commit-Position: refs/heads/main@{#1178426} > +--- > + > +diff --git a/ui/ozone/platform/wayland/host/wayland_window_manager.cc b/ui/ozone/platform/wayland/host/wayland_window_manager.cc > +index e4a8e4541..24999725 100644 > +--- a/ui/ozone/platform/wayland/host/wayland_window_manager.cc > ++++ b/ui/ozone/platform/wayland/host/wayland_window_manager.cc > +@@ -96,15 +96,19 @@ > + > + WaylandWindow* WaylandWindowManager::GetCurrentPointerOrTouchFocusedWindow() > + const { > +- // In case there is an ongoing window dragging session, favor the window > +- // according to the active drag source. > +- // > +- // TODO(https://urldefense.com/v3/__https://crbug.com/1317063__;!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HB0E-tho$): Apply the same logic to data drag sessions > +- // too? > +- if (auto drag_source = connection_->window_drag_controller()->drag_source()) { > +- return *drag_source == mojom::DragEventSource::kMouse > +- ? GetCurrentPointerFocusedWindow() > +- : GetCurrentTouchFocusedWindow(); > ++ // Might be nullptr if no input devices are available. > ++ if (connection_->window_drag_controller()) { > ++ // In case there is an ongoing window dragging session, favor the window > ++ // according to the active drag source. > ++ // > ++ // TODO(https://urldefense.com/v3/__https://crbug.com/1317063__;!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HB0E-tho$): Apply the same logic to data drag > ++ // sessions too? > ++ if (auto drag_source = > ++ connection_->window_drag_controller()->drag_source()) { > ++ return *drag_source == mojom::DragEventSource::kMouse > ++ ? GetCurrentPointerFocusedWindow() > ++ : GetCurrentTouchFocusedWindow(); > ++ } > + } > + > + for (const auto& entry : window_map_) { > -- > 2.36.1 > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#15119):https://urldefense.com/v3/__https://lists.yoctoproject.org/g/meta-arago/message/15119__;!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HB62lNke$ > Mute This Topic:https://urldefense.com/v3/__https://lists.yoctoproject.org/mt/104202896/7030289__;!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HFMYHaK3$ > Group Owner: meta-arago+owner@lists.yoctoproject.org > Unsubscribe:https://urldefense.com/v3/__https://lists.yoctoproject.org/g/meta-arago/unsub__;!!G3vK!Q1ZI2dsaxka-0vu202whhUsEmBDa9DSQPM71DvdmC9MGFHwvBAjQmNdPgEtm1NZeBloRSk1T5iINRfCzyBwGDC_domr6HOegsw2j$ [c-shilwant@ti.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
diff --git a/meta-arago-distro/conf/layer.conf b/meta-arago-distro/conf/layer.conf index 40b0f5bb..b0221860 100644 --- a/meta-arago-distro/conf/layer.conf +++ b/meta-arago-distro/conf/layer.conf @@ -24,9 +24,11 @@ LAYERDEPENDS_meta-arago-distro = " \ # clang-layer LAYERRECOMMENDS_meta-arago-distro = " \ + chromium-browser-layer \ " BBFILES_DYNAMIC += " \ + chromium-browser-layer:${LAYERDIR}/dynamic-layers/chromium-browser-layer/recipes*/*/*.bbappend \ " BB_DANGLINGAPPENDS_WARNONLY = "true" diff --git a/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend new file mode 100644 index 00000000..df93e26b --- /dev/null +++ b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64.bbappend @@ -0,0 +1,8 @@ +PR:append = ".arago0" + +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}_${PV}:" + +SRC_URI:append = " \ + file://0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch \ + file://0002-upstream-chromium-32307795-fix-nullprt-deref.patch \ + " diff --git a/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch new file mode 100644 index 00000000..1930f976 --- /dev/null +++ b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0001-chromium-gpu-sandbox-allow-access-to-PowerVR-GPU-fro.patch @@ -0,0 +1,74 @@ +From 11267fe76f81dce283d565d517b679aa2be44466 Mon Sep 17 00:00:00 2001 +From: Darren Etheridge <detheridge@ti.com> +Date: Fri, 26 Jan 2024 10:54:49 -0600 +Subject: [PATCH] chromium: gpu: sandbox: allow access to PowerVR GPU from + sandbox + +Chromium runs in a sandbox to limit access to the system, however +the PowerVR drivers for the Imagination GPU used on TI hardware need +some extra libraries along with the DRM device nodes to be opened up. +This patch opens up the necessary pieces. + +Signed-off-by: Darren Etheridge <detheridge@ti.com> +--- + content/gpu/gpu_sandbox_hook_linux.cc | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/content/gpu/gpu_sandbox_hook_linux.cc b/content/gpu/gpu_sandbox_hook_linux.cc +index d93285a..1f8aafd 100644 +--- a/content/gpu/gpu_sandbox_hook_linux.cc ++++ b/content/gpu/gpu_sandbox_hook_linux.cc +@@ -67,6 +67,11 @@ inline bool UseChromecastSandboxAllowlist() { + #endif + } + ++inline bool IsGPUIMGRogue() { ++ return true; ++} ++ ++ + inline bool IsArchitectureArm() { + #if defined(ARCH_CPU_ARM_FAMILY) + return true; +@@ -441,6 +446,11 @@ std::vector<BrokerFilePermission> FilePermissionsForGpu( + + AddVulkanICDPermissions(&permissions); + ++ if (IsGPUIMGRogue()) { ++ // Add standard DRM permissions for snapdragon/PowerVR: ++ AddDrmGpuPermissions(&permissions); ++ } ++ + if (IsChromeOS()) { + // Permissions are additive, there can be multiple GPUs in the system. + AddStandardChromeOsPermissions(&permissions); +@@ -508,6 +518,8 @@ void LoadArmGpuLibraries() { + DRI_DRIVER_DIR "/mediatek_dri.so", + DRI_DRIVER_DIR "/rockchip_dri.so", + DRI_DRIVER_DIR "/asahi_dri.so", ++ DRI_DRIVER_DIR "/pvr_dri.so", ++ DRI_DRIVER_DIR "/tidss_dri.so", + #else + "/usr/lib64/dri/msm_dri.so", + "/usr/lib64/dri/panfrost_dri.so", +@@ -515,6 +527,8 @@ void LoadArmGpuLibraries() { + "/usr/lib64/dri/rockchip_dri.so", + "/usr/lib64/dri/asahi_dri.so", + "/usr/lib/dri/msm_dri.so", ++ "/usr/lib/dri/tidss_dri.so", ++ "/usr/lib/dri/pvr_dri.so", + "/usr/lib/dri/panfrost_dri.so", + "/usr/lib/dri/mediatek_dri.so", + "/usr/lib/dri/rockchip_dri.so", +@@ -632,7 +646,7 @@ sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU( + command_set.set(sandbox::syscall_broker::COMMAND_ACCESS); + command_set.set(sandbox::syscall_broker::COMMAND_OPEN); + command_set.set(sandbox::syscall_broker::COMMAND_STAT); +- if (IsChromeOS() && ++ if ((IsGPUIMGRogue() || IsChromeOS()) && + (options.use_amd_specific_policies || + options.use_intel_specific_policies || + options.use_virtio_specific_policies || IsArchitectureArm())) { +-- +2.36.1 + diff --git a/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch new file mode 100644 index 00000000..5624de96 --- /dev/null +++ b/meta-arago-distro/dynamic-layers/chromium-browser-layer/recipes-browser/chromium/chromium-ozone-wayland_111.0.5563.64/0002-upstream-chromium-32307795-fix-nullprt-deref.patch @@ -0,0 +1,52 @@ +From 323077958301bc321d840a2c2b983ab469934753 Mon Sep 17 00:00:00 2001 +From: Max Ihlenfeldt <max@igalia.com> +Date: Wed, 02 Aug 2023 15:46:56 +0000 +Subject: [PATCH] ozone/wayland: Fix nullptr deref in WaylandWindowManager + +When no input devices are available (e.g. embedded devices), +`connection_->window_drag_controller()` returns nullptr. Add a check to +ensure we don't accidentally dereference that. + +See also https://github.com/OSSystems/meta-browser/issues/736. + +Bug: 578890 +Change-Id: I472d0dfabfea6b4d072ede98c8593370524f54f0 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4724882 +Reviewed-by: Antonio Gomes <tonikitoo@igalia.com> +Commit-Queue: Max Ihlenfeldt <max@igalia.com> +Cr-Commit-Position: refs/heads/main@{#1178426} +--- + +diff --git a/ui/ozone/platform/wayland/host/wayland_window_manager.cc b/ui/ozone/platform/wayland/host/wayland_window_manager.cc +index e4a8e4541..24999725 100644 +--- a/ui/ozone/platform/wayland/host/wayland_window_manager.cc ++++ b/ui/ozone/platform/wayland/host/wayland_window_manager.cc +@@ -96,15 +96,19 @@ + + WaylandWindow* WaylandWindowManager::GetCurrentPointerOrTouchFocusedWindow() + const { +- // In case there is an ongoing window dragging session, favor the window +- // according to the active drag source. +- // +- // TODO(https://crbug.com/1317063): Apply the same logic to data drag sessions +- // too? +- if (auto drag_source = connection_->window_drag_controller()->drag_source()) { +- return *drag_source == mojom::DragEventSource::kMouse +- ? GetCurrentPointerFocusedWindow() +- : GetCurrentTouchFocusedWindow(); ++ // Might be nullptr if no input devices are available. ++ if (connection_->window_drag_controller()) { ++ // In case there is an ongoing window dragging session, favor the window ++ // according to the active drag source. ++ // ++ // TODO(https://crbug.com/1317063): Apply the same logic to data drag ++ // sessions too? ++ if (auto drag_source = ++ connection_->window_drag_controller()->drag_source()) { ++ return *drag_source == mojom::DragEventSource::kMouse ++ ? GetCurrentPointerFocusedWindow() ++ : GetCurrentTouchFocusedWindow(); ++ } + } + + for (const auto& entry : window_map_) {