Support memory size > 4 GB for the gpu and renderer processes on Linux

Chrome crashes if web apps allocate more than 4 GB of memory. Raise the sandbox memory limit for the gpu/renderer processes to 8 GB or 16 GB on Linux if the system has enough memory. (Mac and Windows also have a memory limit > 4GB.) Bug: 756834 Change-Id: I2b447079132398a257eb46ca51ff9c2371f67b2b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1581829Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Commit-Queue: Maggie Chen <magchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#654655}

Support memory size > 4 GB for the gpu and renderer processes on Linux
Chrome crashes if web apps allocate more than 4 GB of memory. Raise the sandbox memory limit for the gpu/renderer processes to 8 GB or 16 GB on Linux if the system has enough memory. (Mac and Windows also have a memory limit > 4GB.) Bug: 756834 Change-Id: I2b447079132398a257eb46ca51ff9c2371f67b2b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1581829Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Commit-Queue: Maggie Chen <magchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#654655}
ab92580c · magchen · Commit Bot · b1757d28 · ab92580c
Commit ab92580c authored Apr 26, 2019 by magchen Committed by Commit Bot Apr 26, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 3 deletions

services/service_manager/sandbox/linux/sandbox_linux.cc services/service_manager/sandbox/linux/sandbox_linux.cc +23 -3

No files found.
--- a/services/service_manager/sandbox/linux/sandbox_linux.cc
+++ b/services/service_manager/sandbox/linux/sandbox_linux.cc
@@ -410,11 +410,31 @@ bool SandboxLinux::seccomp_bpf_with_tsync_supported() const {
  return seccomp_bpf_with_tsync_supported_;
 }
+rlim_t GetProcessDataSizeLimit(SandboxType sandbox_type) {
+#if defined(ARCH_CPU_64_BITS)
+  if (sandbox_type == SANDBOX_TYPE_GPU ||
+      sandbox_type == SANDBOX_TYPE_RENDERER) {
+    // Allow the GPU/RENDERER process's sandbox to access more physical memory
+    // if it's available on the system.
+    constexpr rlim_t GB = 1024 * 1024 * 1024;
+    const rlim_t physical_memory = base::SysInfo::AmountOfPhysicalMemory();
+    if (physical_memory > 16 * GB) {
+      return 16 * GB;
+    } else if (physical_memory > 8 * GB) {
+      return 8 * GB;
+    }
+  }
+#endif
+  return static_cast<rlim_t>(sandbox::kDataSizeLimit);
+}
 bool SandboxLinux::LimitAddressSpace(int* error) {
 #if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \
    !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER)
  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
-  if (SandboxTypeFromCommandLine(*command_line) == SANDBOX_TYPE_NO_SANDBOX) {
+  SandboxType sandbox_type = SandboxTypeFromCommandLine(*command_line);
+  if (sandbox_type == SANDBOX_TYPE_NO_SANDBOX) {
    return false;
  }
@@ -424,8 +444,8 @@ bool SandboxLinux::LimitAddressSpace(int* error) {
  // using integer overflows that require large allocations, heap spray, or
  // other memory-hungry attack modes.
-  *error = sandbox::ResourceLimits::Lower(
+  rlim_t process_data_size_limit = GetProcessDataSizeLimit(sandbox_type);
-      RLIMIT_DATA, static_cast<rlim_t>(sandbox::kDataSizeLimit));
+  *error = sandbox::ResourceLimits::Lower(RLIMIT_DATA, process_data_size_limit);
  // Cache the resource limit before turning on the sandbox.
  base::SysInfo::AmountOfVirtualMemory();