Loading build/RELEASE +1 −1 Original line number Original line Diff line number Diff line 139.0.7258.158 140.0.7339.81 No newline at end of file No newline at end of file build/cromite.gn_args +2 −8 Original line number Original line Diff line number Diff line Loading @@ -4,7 +4,6 @@ build_contextual_search=false build_with_tflite_lib=false build_with_tflite_lib=false chrome_pgo_phase=0 chrome_pgo_phase=0 dcheck_always_on=false dcheck_always_on=false disable_android_lint=true disable_fieldtrial_testing_config=true disable_fieldtrial_testing_config=true enable_hangout_services_extension=false enable_hangout_services_extension=false enable_iterator_debugging=false enable_iterator_debugging=false Loading Loading @@ -68,10 +67,6 @@ if (target_os == "android" || target_os == "win") { enable_platform_dts_audio = false enable_platform_dts_audio = false enable_passthrough_audio_codecs = false enable_passthrough_audio_codecs = false # Do not compile libmonochrome.so with RELR relocations # since supported only on API 28+ use_relr_relocations=false # disabled the use of the context snapshot # disabled the use of the context snapshot # see https://github.com/uazo/cromite/pull/317 for context # see https://github.com/uazo/cromite/pull/317 for context use_v8_context_snapshot = false use_v8_context_snapshot = false Loading @@ -84,9 +79,6 @@ use_minikin_hyphenation = false # initial commit: https://source.chromium.org/chromium/chromium/src/+/fd9a841f7a63b9f5510f6b713d9c833d259c63ad # initial commit: https://source.chromium.org/chromium/chromium/src/+/fd9a841f7a63b9f5510f6b713d9c833d259c63ad enable_bound_session_credentials = false enable_bound_session_credentials = false # Use LogErrorNotReached() for NOTREACHED_IN_MIGRATION() enable_log_error_not_reached = true # Allows building without //third_party/unrar included, for license reasons # Allows building without //third_party/unrar included, for license reasons safe_browsing_use_unrar = false safe_browsing_use_unrar = false Loading Loading @@ -125,6 +117,8 @@ if (target_os == "android") { cromite_pref_hash_seed_bin = getenv("CROMITE_PREF_HASH_SEED_BIN") cromite_pref_hash_seed_bin = getenv("CROMITE_PREF_HASH_SEED_BIN") disable_android_lint = true _is_debug_build = getenv("TARGET_ISDEBUG") _is_debug_build = getenv("TARGET_ISDEBUG") if (_is_debug_build == "true") { if (_is_debug_build == "true") { # print("Debug build on") # print("Debug build on") Loading build/cromite_patches_list.txt +1 −5 Original line number Original line Diff line number Diff line Loading @@ -6,7 +6,7 @@ Force-use-vpython3-for-some-scripts.patch Permit-PGO-for-debug-builds.patch Permit-PGO-for-debug-builds.patch Fix-chromium-vanilla.patch Fix-chromium-vanilla.patch Final-patch-for-chromium-vanilla.patch Final-patch-for-chromium-vanilla.patch Restore-chrome-password-store.patch Remove-EV-certificates.patch Remove-EV-certificates.patch do-not-hide-.orig-files.patch do-not-hide-.orig-files.patch do-not-add-suffix-to-package-name.patch do-not-add-suffix-to-package-name.patch Loading Loading @@ -93,11 +93,9 @@ Disable-feeds-support-by-default.patch Disable-DRM-media-origin-IDs-preprovisioning.patch Disable-DRM-media-origin-IDs-preprovisioning.patch Disable-smart-selection-by-default.patch Disable-smart-selection-by-default.patch Guard-for-user-agent-reduction.patch Guard-for-user-agent-reduction.patch AImageReader-CFI-crash-mitigations.patch Add-menu-item-to-view-source.patch Add-menu-item-to-view-source.patch Revert-removal-of-execution-context-address-space.patch Revert-removal-of-execution-context-address-space.patch Block-gateway-attacks-via-websockets.patch Block-gateway-attacks-via-websockets.patch Enable-prefetch-privacy-changes-by-default.patch Enable-darken-websites-checkbox-in-themes.patch Enable-darken-websites-checkbox-in-themes.patch Remove-blocklisted-URLs-upon-bookmark-creation.patch Remove-blocklisted-URLs-upon-bookmark-creation.patch Disable-the-DIAL-repeating-discovery.patch Disable-the-DIAL-repeating-discovery.patch Loading Loading @@ -275,7 +273,6 @@ Enable-Global-Privacy-Control.patch Enable-Do-Not-Track-by-default.patch Enable-Do-Not-Track-by-default.patch Media-fingerprinting-mitigations.patch Media-fingerprinting-mitigations.patch Use-BoringSSL-for-RandBytes.patch Use-BoringSSL-for-RandBytes.patch Restore-chrome-password-store.patch Disable-support-for-pointer-device-id.patch Disable-support-for-pointer-device-id.patch Disable-CSS-blink-feature-support.patch Disable-CSS-blink-feature-support.patch Close-Sessions-On-Ip-Change.patch Close-Sessions-On-Ip-Change.patch Loading @@ -296,7 +293,6 @@ Enable-component-updater.patch Android-fonts-fingerprinting-mitigation.patch Android-fonts-fingerprinting-mitigation.patch Disable-Android-Tab-Declutter.patch Disable-Android-Tab-Declutter.patch Disable-CSSDynamicRangeLimit.patch Disable-CSSDynamicRangeLimit.patch Android-Import-Passwords.patch Disable-prefers-reduced-motion.patch Disable-prefers-reduced-motion.patch Disable-css-preferred-text-scale.patch Disable-css-preferred-text-scale.patch Disable-Viewport-Segments.patch Disable-Viewport-Segments.patch Loading build/patches/AImageReader-CFI-crash-mitigations.patchdeleted 100644 → 0 +0 −249 Original line number Original line Diff line number Diff line From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Tue, 5 May 2020 07:22:20 +0200 Subject: AImageReader CFI crash mitigations Revert "gpu/android: Remove setup for disabling AImageReader." This reverts commit dcd5a39518246eb999f1cc63bf1ec95d93fd5b2f. Revert "Remove flags to enable/disable AImageReader." This reverts commit 463fa0f2e3b9e418bc26e2c8954463f0b0f76634. Restore GPU bug blacklist for AImageReader on ARM and Qualcomm CPUs Restore the AImageReader blacklist for ARM/Qualcomm chipsets which causes crashes on Android 9 and 10 (at different code locations). See discussions at: * https://github.com/bromite/bromite/issues/445 * https://github.com/bromite/bromite/issues/814 * https://github.com/bromite/bromite/issues/1005 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html --- base/android/android_image_reader_compat.cc | 16 ++++++++++++++++ base/android/android_image_reader_compat.h | 14 ++++++++++++++ chrome/browser/flag-metadata.json | 4 ++++ .../AImageReader-CFI-crash-mitigations.inc | 4 ++++ .../AImageReader-CFI-crash-mitigations.inc | 1 + gpu/config/gpu_driver_bug_list.json | 16 ++++++++++++++++ gpu/config/gpu_finch_features.cc | 5 +++++ gpu/config/gpu_finch_features.h | 1 + gpu/config/gpu_util.cc | 8 ++++++++ gpu/config/gpu_workaround_list.txt | 1 + gpu/ipc/service/gpu_init.cc | 8 ++++++++ media/gpu/android/video_frame_factory_impl.cc | 4 +++- 12 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc create mode 100644 cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc diff --git a/base/android/android_image_reader_compat.cc b/base/android/android_image_reader_compat.cc --- a/base/android/android_image_reader_compat.cc +++ b/base/android/android_image_reader_compat.cc @@ -7,7 +7,23 @@ namespace base { namespace android { +AndroidImageReader& AndroidImageReader::GetInstance() { + // C++11 static local variable initialization is + // thread-safe. + static AndroidImageReader instance; + return instance; +} + +void AndroidImageReader::DisableSupport() { + disable_support_ = true; +} + +bool AndroidImageReader::IsSupported() { + return !disable_support_; +} + bool EnableAndroidImageReader() { + if (!AndroidImageReader::GetInstance().IsSupported()) return false; // Currently we want to enable AImageReader only for android P+ devices. if (__builtin_available(android 28, *)) { return true; diff --git a/base/android/android_image_reader_compat.h b/base/android/android_image_reader_compat.h --- a/base/android/android_image_reader_compat.h +++ b/base/android/android_image_reader_compat.h @@ -10,6 +10,20 @@ namespace base { namespace android { +class BASE_EXPORT AndroidImageReader { + public: + // Thread safe GetInstance. + static AndroidImageReader& GetInstance(); + + bool IsSupported(); + + // Disable image reader support. + void DisableSupport(); + + private: + bool disable_support_ = false; +}; + // Check if the image reader usage is supported. BASE_EXPORT bool EnableAndroidImageReader(); diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json --- a/chrome/browser/flag-metadata.json +++ b/chrome/browser/flag-metadata.json @@ -3627,6 +3627,10 @@ "chrome-signin-team@google.com" ], "expiry_milestone": 138 + },{ + "name": "enable-image-reader", // Bromite: do not expire + "owners": [ "vikassoni@chromium.org", "liberato@chromium.org" ], // flag + "expiry_milestone": -1 }, { "name": "enable-immersive-fullscreen-toolbar", diff --git a/cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc b/cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc new file mode 100644 --- /dev/null +++ b/cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc @@ -0,0 +1,4 @@ +// Enables the Android Image Reader path for Video decoding(for AVDA and MCVD) +CROMITE_FEATURE(kAImageReaderVideoOutput, + "AImageReaderVideoOutput", + base::FEATURE_ENABLED_BY_DEFAULT); diff --git a/cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc b/cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc new file mode 100644 --- /dev/null +++ b/cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc @@ -0,0 +1 @@ +MEDIA_EXPORT BASE_DECLARE_FEATURE(kAImageReaderVideoOutput); diff --git a/gpu/config/gpu_driver_bug_list.json b/gpu/config/gpu_driver_bug_list.json --- a/gpu/config/gpu_driver_bug_list.json +++ b/gpu/config/gpu_driver_bug_list.json @@ -2617,6 +2617,22 @@ "no_downscaled_overlay_promotion" ] }, + { + "id":335, + "cr_bugs": [1051705], + "description": "Disable AImageReader on ARM GPUs", + "os": { + "type": "android", + "version": { + "op": "<", + "value": "10" + } + }, + "gl_vendor": "ARM.*|Qualcomm.*", + "features": [ + "disable_aimagereader" + ] + }, { "id": 381, "cr_bugs": [ diff --git a/gpu/config/gpu_finch_features.cc b/gpu/config/gpu_finch_features.cc --- a/gpu/config/gpu_finch_features.cc +++ b/gpu/config/gpu_finch_features.cc @@ -59,6 +59,11 @@ BASE_FEATURE(kAggressiveShaderCacheLimits, base::FEATURE_DISABLED_BY_DEFAULT); #if BUILDFLAG(IS_ANDROID) +// Use android AImageReader when playing videos with MediaPlayer. +CROMITE_FEATURE(kAImageReaderMediaPlayer, + "AImageReaderMediaPlayer", + base::FEATURE_ENABLED_BY_DEFAULT); + // Use android SurfaceControl API for managing display compositor's buffer queue // and using overlays on Android. Also used by webview to disable surface // SurfaceControl. diff --git a/gpu/config/gpu_finch_features.h b/gpu/config/gpu_finch_features.h --- a/gpu/config/gpu_finch_features.h +++ b/gpu/config/gpu_finch_features.h @@ -26,6 +26,7 @@ GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kUseGles2ForOopR); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kAggressiveShaderCacheLimits); #if BUILDFLAG(IS_ANDROID) +GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kAImageReaderMediaPlayer); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kAndroidSurfaceControl); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kWebViewSurfaceControl); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kWebViewSurfaceControlForTV); diff --git a/gpu/config/gpu_util.cc b/gpu/config/gpu_util.cc --- a/gpu/config/gpu_util.cc +++ b/gpu/config/gpu_util.cc @@ -127,6 +127,9 @@ GpuFeatureStatus GetAndroidSurfaceControlFeatureStatus( #if !BUILDFLAG(IS_ANDROID) return kGpuFeatureStatusDisabled; #else + if (blocklisted_features.count(GPU_FEATURE_TYPE_ANDROID_SURFACE_CONTROL)) + return kGpuFeatureStatusBlocklisted; + if (!gpu_preferences.enable_android_surface_control) return kGpuFeatureStatusDisabled; @@ -348,6 +351,11 @@ void AdjustGpuFeatureStatusToWorkarounds(GpuFeatureInfo* gpu_feature_info, kGpuFeatureStatusSoftware; } } + + if (gpu_feature_info->IsWorkaroundEnabled(DISABLE_AIMAGEREADER)) { + gpu_feature_info->status_values[GPU_FEATURE_TYPE_ANDROID_SURFACE_CONTROL] = + kGpuFeatureStatusBlocklisted; + } } // Estimates roughly user total disk space by counting in the drives where diff --git a/gpu/config/gpu_workaround_list.txt b/gpu/config/gpu_workaround_list.txt --- a/gpu/config/gpu_workaround_list.txt +++ b/gpu/config/gpu_workaround_list.txt @@ -6,6 +6,7 @@ check_egl_fence_before_wait check_ycbcr_studio_g22_left_p709_for_nv12_support disable_2d_canvas_auto_flush disable_accelerated_av1_decode +disable_aimagereader disable_accelerated_av1_encode disable_accelerated_h264_decode disable_accelerated_h264_encode diff --git a/gpu/ipc/service/gpu_init.cc b/gpu/ipc/service/gpu_init.cc --- a/gpu/ipc/service/gpu_init.cc +++ b/gpu/ipc/service/gpu_init.cc @@ -69,6 +69,7 @@ #if BUILDFLAG(IS_ANDROID) #include "ui/gfx/android/android_surface_control_compat.h" +#include "base/android/android_image_reader_compat.h" #endif #if BUILDFLAG(ENABLE_VULKAN) @@ -688,6 +689,13 @@ bool GpuInit::InitializeAndStartSandbox(base::CommandLine* command_line, } #endif // BUILDFLAG(IS_WIN) +#if BUILDFLAG(IS_ANDROID) + // Disable AImageReader if the workaround is enabled. + if (gpu_feature_info_.IsWorkaroundEnabled(DISABLE_AIMAGEREADER)) { + base::android::AndroidImageReader::GetInstance().DisableSupport(); + } +#endif + if (gpu_feature_info_.status_values[GPU_FEATURE_TYPE_VULKAN] != kGpuFeatureStatusEnabled || !InitializeVulkan()) { diff --git a/media/gpu/android/video_frame_factory_impl.cc b/media/gpu/android/video_frame_factory_impl.cc --- a/media/gpu/android/video_frame_factory_impl.cc +++ b/media/gpu/android/video_frame_factory_impl.cc @@ -35,10 +35,12 @@ namespace { gpu::TextureOwner::Mode GetTextureOwnerMode( VideoFrameFactory::OverlayMode overlay_mode) { + const bool enabled = base::android::EnableAndroidImageReader() && + base::FeatureList::IsEnabled(features::kAImageReaderMediaPlayer); switch (overlay_mode) { case VideoFrameFactory::OverlayMode::kDontRequestPromotionHints: case VideoFrameFactory::OverlayMode::kRequestPromotionHints: - return base::android::EnableAndroidImageReader() + return enabled ? gpu::TextureOwner::Mode::kAImageReaderInsecure : gpu::TextureOwner::Mode::kSurfaceTextureInsecure; case VideoFrameFactory::OverlayMode::kSurfaceControlSecure: -- build/patches/Add-AllowUserCertificates-flag.patch +9 −9 Original line number Original line Diff line number Diff line Loading @@ -20,7 +20,7 @@ License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java --- a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java --- a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java +++ b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java +++ b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java @@ -233,6 +233,7 @@ import org.chromium.content_public.browser.LoadUrlParams; @@ -236,6 +236,7 @@ import org.chromium.content_public.browser.LoadUrlParams; import org.chromium.content_public.browser.SelectionPopupController; import org.chromium.content_public.browser.SelectionPopupController; import org.chromium.content_public.browser.WebContents; import org.chromium.content_public.browser.WebContents; import org.chromium.content_public.common.ContentSwitches; import org.chromium.content_public.common.ContentSwitches; Loading @@ -28,7 +28,7 @@ diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActiv import org.chromium.printing.PrintManagerDelegateImpl; import org.chromium.printing.PrintManagerDelegateImpl; import org.chromium.printing.PrintingController; import org.chromium.printing.PrintingController; import org.chromium.printing.PrintingControllerImpl; import org.chromium.printing.PrintingControllerImpl; @@ -977,6 +978,8 @@ public abstract class ChromeActivity extends AsyncInitializationActivity @@ -985,6 +986,8 @@ public abstract class ChromeActivity extends AsyncInitializationActivity super.onStartWithNative(); super.onStartWithNative(); ChromeActivitySessionTracker.getInstance().onStartWithNative(getProfileProviderSupplier()); ChromeActivitySessionTracker.getInstance().onStartWithNative(getProfileProviderSupplier()); Loading @@ -40,7 +40,7 @@ diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActiv diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc --- a/chrome/browser/flags/android/chrome_feature_list.cc --- a/chrome/browser/flags/android/chrome_feature_list.cc +++ b/chrome/browser/flags/android/chrome_feature_list.cc +++ b/chrome/browser/flags/android/chrome_feature_list.cc @@ -179,6 +179,7 @@ const base::Feature* const kFeaturesExposedToJava[] = { @@ -184,6 +184,7 @@ const base::Feature* const kFeaturesExposedToJava[] = { &feed::kFeedPerformanceStudy, &feed::kFeedPerformanceStudy, &feed::kFeedShowSignInCommand, &feed::kFeedShowSignInCommand, &feed::kFeedSignedOutViewDemotion, &feed::kFeedSignedOutViewDemotion, Loading @@ -59,16 +59,16 @@ diff --git a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/f public static final String ADAPTIVE_BUTTON_IN_TOP_TOOLBAR_PAGE_SUMMARY = public static final String ADAPTIVE_BUTTON_IN_TOP_TOOLBAR_PAGE_SUMMARY = "AdaptiveButtonInTopToolbarPageSummary"; "AdaptiveButtonInTopToolbarPageSummary"; public static final String ALLOW_TAB_CLOSING_UPON_MINIMIZATION = public static final String ALLOW_TAB_CLOSING_UPON_MINIMIZATION = @@ -728,6 +729,8 @@ public abstract class ChromeFeatureList { @@ -768,6 +769,8 @@ public abstract class ChromeFeatureList { public static final CachedFlag sAndroidWindowPopupLargeScreen = public static final CachedFlag sAndroidWindowPopupResizeAfterSpawn = newCachedFlag(ANDROID_WINDOW_POPUP_LARGE_SCREEN, false); newCachedFlag(ANDROID_WINDOW_POPUP_RESIZE_AFTER_SPAWN, false); public static final CachedFlag sAppSpecificHistory = newCachedFlag(APP_SPECIFIC_HISTORY, true); public static final CachedFlag sAppSpecificHistory = newCachedFlag(APP_SPECIFIC_HISTORY, true); + public static final CachedFlag sAllowUserCertificates = + public static final CachedFlag sAllowUserCertificates = + newCachedFlag(ALLOW_USER_CERTIFICATES, false); + newCachedFlag(ALLOW_USER_CERTIFICATES, false); public static final CachedFlag sAppSpecificHistoryViewIntent = newCachedFlag(APP_SPECIFIC_HISTORY_VIEW_INTENT, true); public static final CachedFlag sAsyncNotificationManager = public static final CachedFlag sAsyncNotificationManager = newCachedFlag(ASYNC_NOTIFICATION_MANAGER, false, true); @@ -1080,6 +1083,7 @@ public abstract class ChromeFeatureList { public static final CachedFlag sAsyncNotificationManagerForDownload = @@ -1032,6 +1035,7 @@ public abstract class ChromeFeatureList { sAccountForSuppressedKeyboardInsets, sAccountForSuppressedKeyboardInsets, sAllowTabClosingUponMinimization, sAllowTabClosingUponMinimization, sAndroidAppIntegration, sAndroidAppIntegration, Loading Loading
build/RELEASE +1 −1 Original line number Original line Diff line number Diff line 139.0.7258.158 140.0.7339.81 No newline at end of file No newline at end of file
build/cromite.gn_args +2 −8 Original line number Original line Diff line number Diff line Loading @@ -4,7 +4,6 @@ build_contextual_search=false build_with_tflite_lib=false build_with_tflite_lib=false chrome_pgo_phase=0 chrome_pgo_phase=0 dcheck_always_on=false dcheck_always_on=false disable_android_lint=true disable_fieldtrial_testing_config=true disable_fieldtrial_testing_config=true enable_hangout_services_extension=false enable_hangout_services_extension=false enable_iterator_debugging=false enable_iterator_debugging=false Loading Loading @@ -68,10 +67,6 @@ if (target_os == "android" || target_os == "win") { enable_platform_dts_audio = false enable_platform_dts_audio = false enable_passthrough_audio_codecs = false enable_passthrough_audio_codecs = false # Do not compile libmonochrome.so with RELR relocations # since supported only on API 28+ use_relr_relocations=false # disabled the use of the context snapshot # disabled the use of the context snapshot # see https://github.com/uazo/cromite/pull/317 for context # see https://github.com/uazo/cromite/pull/317 for context use_v8_context_snapshot = false use_v8_context_snapshot = false Loading @@ -84,9 +79,6 @@ use_minikin_hyphenation = false # initial commit: https://source.chromium.org/chromium/chromium/src/+/fd9a841f7a63b9f5510f6b713d9c833d259c63ad # initial commit: https://source.chromium.org/chromium/chromium/src/+/fd9a841f7a63b9f5510f6b713d9c833d259c63ad enable_bound_session_credentials = false enable_bound_session_credentials = false # Use LogErrorNotReached() for NOTREACHED_IN_MIGRATION() enable_log_error_not_reached = true # Allows building without //third_party/unrar included, for license reasons # Allows building without //third_party/unrar included, for license reasons safe_browsing_use_unrar = false safe_browsing_use_unrar = false Loading Loading @@ -125,6 +117,8 @@ if (target_os == "android") { cromite_pref_hash_seed_bin = getenv("CROMITE_PREF_HASH_SEED_BIN") cromite_pref_hash_seed_bin = getenv("CROMITE_PREF_HASH_SEED_BIN") disable_android_lint = true _is_debug_build = getenv("TARGET_ISDEBUG") _is_debug_build = getenv("TARGET_ISDEBUG") if (_is_debug_build == "true") { if (_is_debug_build == "true") { # print("Debug build on") # print("Debug build on") Loading
build/cromite_patches_list.txt +1 −5 Original line number Original line Diff line number Diff line Loading @@ -6,7 +6,7 @@ Force-use-vpython3-for-some-scripts.patch Permit-PGO-for-debug-builds.patch Permit-PGO-for-debug-builds.patch Fix-chromium-vanilla.patch Fix-chromium-vanilla.patch Final-patch-for-chromium-vanilla.patch Final-patch-for-chromium-vanilla.patch Restore-chrome-password-store.patch Remove-EV-certificates.patch Remove-EV-certificates.patch do-not-hide-.orig-files.patch do-not-hide-.orig-files.patch do-not-add-suffix-to-package-name.patch do-not-add-suffix-to-package-name.patch Loading Loading @@ -93,11 +93,9 @@ Disable-feeds-support-by-default.patch Disable-DRM-media-origin-IDs-preprovisioning.patch Disable-DRM-media-origin-IDs-preprovisioning.patch Disable-smart-selection-by-default.patch Disable-smart-selection-by-default.patch Guard-for-user-agent-reduction.patch Guard-for-user-agent-reduction.patch AImageReader-CFI-crash-mitigations.patch Add-menu-item-to-view-source.patch Add-menu-item-to-view-source.patch Revert-removal-of-execution-context-address-space.patch Revert-removal-of-execution-context-address-space.patch Block-gateway-attacks-via-websockets.patch Block-gateway-attacks-via-websockets.patch Enable-prefetch-privacy-changes-by-default.patch Enable-darken-websites-checkbox-in-themes.patch Enable-darken-websites-checkbox-in-themes.patch Remove-blocklisted-URLs-upon-bookmark-creation.patch Remove-blocklisted-URLs-upon-bookmark-creation.patch Disable-the-DIAL-repeating-discovery.patch Disable-the-DIAL-repeating-discovery.patch Loading Loading @@ -275,7 +273,6 @@ Enable-Global-Privacy-Control.patch Enable-Do-Not-Track-by-default.patch Enable-Do-Not-Track-by-default.patch Media-fingerprinting-mitigations.patch Media-fingerprinting-mitigations.patch Use-BoringSSL-for-RandBytes.patch Use-BoringSSL-for-RandBytes.patch Restore-chrome-password-store.patch Disable-support-for-pointer-device-id.patch Disable-support-for-pointer-device-id.patch Disable-CSS-blink-feature-support.patch Disable-CSS-blink-feature-support.patch Close-Sessions-On-Ip-Change.patch Close-Sessions-On-Ip-Change.patch Loading @@ -296,7 +293,6 @@ Enable-component-updater.patch Android-fonts-fingerprinting-mitigation.patch Android-fonts-fingerprinting-mitigation.patch Disable-Android-Tab-Declutter.patch Disable-Android-Tab-Declutter.patch Disable-CSSDynamicRangeLimit.patch Disable-CSSDynamicRangeLimit.patch Android-Import-Passwords.patch Disable-prefers-reduced-motion.patch Disable-prefers-reduced-motion.patch Disable-css-preferred-text-scale.patch Disable-css-preferred-text-scale.patch Disable-Viewport-Segments.patch Disable-Viewport-Segments.patch Loading
build/patches/AImageReader-CFI-crash-mitigations.patchdeleted 100644 → 0 +0 −249 Original line number Original line Diff line number Diff line From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Tue, 5 May 2020 07:22:20 +0200 Subject: AImageReader CFI crash mitigations Revert "gpu/android: Remove setup for disabling AImageReader." This reverts commit dcd5a39518246eb999f1cc63bf1ec95d93fd5b2f. Revert "Remove flags to enable/disable AImageReader." This reverts commit 463fa0f2e3b9e418bc26e2c8954463f0b0f76634. Restore GPU bug blacklist for AImageReader on ARM and Qualcomm CPUs Restore the AImageReader blacklist for ARM/Qualcomm chipsets which causes crashes on Android 9 and 10 (at different code locations). See discussions at: * https://github.com/bromite/bromite/issues/445 * https://github.com/bromite/bromite/issues/814 * https://github.com/bromite/bromite/issues/1005 License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html --- base/android/android_image_reader_compat.cc | 16 ++++++++++++++++ base/android/android_image_reader_compat.h | 14 ++++++++++++++ chrome/browser/flag-metadata.json | 4 ++++ .../AImageReader-CFI-crash-mitigations.inc | 4 ++++ .../AImageReader-CFI-crash-mitigations.inc | 1 + gpu/config/gpu_driver_bug_list.json | 16 ++++++++++++++++ gpu/config/gpu_finch_features.cc | 5 +++++ gpu/config/gpu_finch_features.h | 1 + gpu/config/gpu_util.cc | 8 ++++++++ gpu/config/gpu_workaround_list.txt | 1 + gpu/ipc/service/gpu_init.cc | 8 ++++++++ media/gpu/android/video_frame_factory_impl.cc | 4 +++- 12 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc create mode 100644 cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc diff --git a/base/android/android_image_reader_compat.cc b/base/android/android_image_reader_compat.cc --- a/base/android/android_image_reader_compat.cc +++ b/base/android/android_image_reader_compat.cc @@ -7,7 +7,23 @@ namespace base { namespace android { +AndroidImageReader& AndroidImageReader::GetInstance() { + // C++11 static local variable initialization is + // thread-safe. + static AndroidImageReader instance; + return instance; +} + +void AndroidImageReader::DisableSupport() { + disable_support_ = true; +} + +bool AndroidImageReader::IsSupported() { + return !disable_support_; +} + bool EnableAndroidImageReader() { + if (!AndroidImageReader::GetInstance().IsSupported()) return false; // Currently we want to enable AImageReader only for android P+ devices. if (__builtin_available(android 28, *)) { return true; diff --git a/base/android/android_image_reader_compat.h b/base/android/android_image_reader_compat.h --- a/base/android/android_image_reader_compat.h +++ b/base/android/android_image_reader_compat.h @@ -10,6 +10,20 @@ namespace base { namespace android { +class BASE_EXPORT AndroidImageReader { + public: + // Thread safe GetInstance. + static AndroidImageReader& GetInstance(); + + bool IsSupported(); + + // Disable image reader support. + void DisableSupport(); + + private: + bool disable_support_ = false; +}; + // Check if the image reader usage is supported. BASE_EXPORT bool EnableAndroidImageReader(); diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json --- a/chrome/browser/flag-metadata.json +++ b/chrome/browser/flag-metadata.json @@ -3627,6 +3627,10 @@ "chrome-signin-team@google.com" ], "expiry_milestone": 138 + },{ + "name": "enable-image-reader", // Bromite: do not expire + "owners": [ "vikassoni@chromium.org", "liberato@chromium.org" ], // flag + "expiry_milestone": -1 }, { "name": "enable-immersive-fullscreen-toolbar", diff --git a/cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc b/cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc new file mode 100644 --- /dev/null +++ b/cromite_flags/media/base/media_switches_cc/AImageReader-CFI-crash-mitigations.inc @@ -0,0 +1,4 @@ +// Enables the Android Image Reader path for Video decoding(for AVDA and MCVD) +CROMITE_FEATURE(kAImageReaderVideoOutput, + "AImageReaderVideoOutput", + base::FEATURE_ENABLED_BY_DEFAULT); diff --git a/cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc b/cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc new file mode 100644 --- /dev/null +++ b/cromite_flags/media/base/media_switches_h/AImageReader-CFI-crash-mitigations.inc @@ -0,0 +1 @@ +MEDIA_EXPORT BASE_DECLARE_FEATURE(kAImageReaderVideoOutput); diff --git a/gpu/config/gpu_driver_bug_list.json b/gpu/config/gpu_driver_bug_list.json --- a/gpu/config/gpu_driver_bug_list.json +++ b/gpu/config/gpu_driver_bug_list.json @@ -2617,6 +2617,22 @@ "no_downscaled_overlay_promotion" ] }, + { + "id":335, + "cr_bugs": [1051705], + "description": "Disable AImageReader on ARM GPUs", + "os": { + "type": "android", + "version": { + "op": "<", + "value": "10" + } + }, + "gl_vendor": "ARM.*|Qualcomm.*", + "features": [ + "disable_aimagereader" + ] + }, { "id": 381, "cr_bugs": [ diff --git a/gpu/config/gpu_finch_features.cc b/gpu/config/gpu_finch_features.cc --- a/gpu/config/gpu_finch_features.cc +++ b/gpu/config/gpu_finch_features.cc @@ -59,6 +59,11 @@ BASE_FEATURE(kAggressiveShaderCacheLimits, base::FEATURE_DISABLED_BY_DEFAULT); #if BUILDFLAG(IS_ANDROID) +// Use android AImageReader when playing videos with MediaPlayer. +CROMITE_FEATURE(kAImageReaderMediaPlayer, + "AImageReaderMediaPlayer", + base::FEATURE_ENABLED_BY_DEFAULT); + // Use android SurfaceControl API for managing display compositor's buffer queue // and using overlays on Android. Also used by webview to disable surface // SurfaceControl. diff --git a/gpu/config/gpu_finch_features.h b/gpu/config/gpu_finch_features.h --- a/gpu/config/gpu_finch_features.h +++ b/gpu/config/gpu_finch_features.h @@ -26,6 +26,7 @@ GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kUseGles2ForOopR); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kAggressiveShaderCacheLimits); #if BUILDFLAG(IS_ANDROID) +GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kAImageReaderMediaPlayer); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kAndroidSurfaceControl); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kWebViewSurfaceControl); GPU_CONFIG_EXPORT BASE_DECLARE_FEATURE(kWebViewSurfaceControlForTV); diff --git a/gpu/config/gpu_util.cc b/gpu/config/gpu_util.cc --- a/gpu/config/gpu_util.cc +++ b/gpu/config/gpu_util.cc @@ -127,6 +127,9 @@ GpuFeatureStatus GetAndroidSurfaceControlFeatureStatus( #if !BUILDFLAG(IS_ANDROID) return kGpuFeatureStatusDisabled; #else + if (blocklisted_features.count(GPU_FEATURE_TYPE_ANDROID_SURFACE_CONTROL)) + return kGpuFeatureStatusBlocklisted; + if (!gpu_preferences.enable_android_surface_control) return kGpuFeatureStatusDisabled; @@ -348,6 +351,11 @@ void AdjustGpuFeatureStatusToWorkarounds(GpuFeatureInfo* gpu_feature_info, kGpuFeatureStatusSoftware; } } + + if (gpu_feature_info->IsWorkaroundEnabled(DISABLE_AIMAGEREADER)) { + gpu_feature_info->status_values[GPU_FEATURE_TYPE_ANDROID_SURFACE_CONTROL] = + kGpuFeatureStatusBlocklisted; + } } // Estimates roughly user total disk space by counting in the drives where diff --git a/gpu/config/gpu_workaround_list.txt b/gpu/config/gpu_workaround_list.txt --- a/gpu/config/gpu_workaround_list.txt +++ b/gpu/config/gpu_workaround_list.txt @@ -6,6 +6,7 @@ check_egl_fence_before_wait check_ycbcr_studio_g22_left_p709_for_nv12_support disable_2d_canvas_auto_flush disable_accelerated_av1_decode +disable_aimagereader disable_accelerated_av1_encode disable_accelerated_h264_decode disable_accelerated_h264_encode diff --git a/gpu/ipc/service/gpu_init.cc b/gpu/ipc/service/gpu_init.cc --- a/gpu/ipc/service/gpu_init.cc +++ b/gpu/ipc/service/gpu_init.cc @@ -69,6 +69,7 @@ #if BUILDFLAG(IS_ANDROID) #include "ui/gfx/android/android_surface_control_compat.h" +#include "base/android/android_image_reader_compat.h" #endif #if BUILDFLAG(ENABLE_VULKAN) @@ -688,6 +689,13 @@ bool GpuInit::InitializeAndStartSandbox(base::CommandLine* command_line, } #endif // BUILDFLAG(IS_WIN) +#if BUILDFLAG(IS_ANDROID) + // Disable AImageReader if the workaround is enabled. + if (gpu_feature_info_.IsWorkaroundEnabled(DISABLE_AIMAGEREADER)) { + base::android::AndroidImageReader::GetInstance().DisableSupport(); + } +#endif + if (gpu_feature_info_.status_values[GPU_FEATURE_TYPE_VULKAN] != kGpuFeatureStatusEnabled || !InitializeVulkan()) { diff --git a/media/gpu/android/video_frame_factory_impl.cc b/media/gpu/android/video_frame_factory_impl.cc --- a/media/gpu/android/video_frame_factory_impl.cc +++ b/media/gpu/android/video_frame_factory_impl.cc @@ -35,10 +35,12 @@ namespace { gpu::TextureOwner::Mode GetTextureOwnerMode( VideoFrameFactory::OverlayMode overlay_mode) { + const bool enabled = base::android::EnableAndroidImageReader() && + base::FeatureList::IsEnabled(features::kAImageReaderMediaPlayer); switch (overlay_mode) { case VideoFrameFactory::OverlayMode::kDontRequestPromotionHints: case VideoFrameFactory::OverlayMode::kRequestPromotionHints: - return base::android::EnableAndroidImageReader() + return enabled ? gpu::TextureOwner::Mode::kAImageReaderInsecure : gpu::TextureOwner::Mode::kSurfaceTextureInsecure; case VideoFrameFactory::OverlayMode::kSurfaceControlSecure: --
build/patches/Add-AllowUserCertificates-flag.patch +9 −9 Original line number Original line Diff line number Diff line Loading @@ -20,7 +20,7 @@ License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java --- a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java --- a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java +++ b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java +++ b/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActivity.java @@ -233,6 +233,7 @@ import org.chromium.content_public.browser.LoadUrlParams; @@ -236,6 +236,7 @@ import org.chromium.content_public.browser.LoadUrlParams; import org.chromium.content_public.browser.SelectionPopupController; import org.chromium.content_public.browser.SelectionPopupController; import org.chromium.content_public.browser.WebContents; import org.chromium.content_public.browser.WebContents; import org.chromium.content_public.common.ContentSwitches; import org.chromium.content_public.common.ContentSwitches; Loading @@ -28,7 +28,7 @@ diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActiv import org.chromium.printing.PrintManagerDelegateImpl; import org.chromium.printing.PrintManagerDelegateImpl; import org.chromium.printing.PrintingController; import org.chromium.printing.PrintingController; import org.chromium.printing.PrintingControllerImpl; import org.chromium.printing.PrintingControllerImpl; @@ -977,6 +978,8 @@ public abstract class ChromeActivity extends AsyncInitializationActivity @@ -985,6 +986,8 @@ public abstract class ChromeActivity extends AsyncInitializationActivity super.onStartWithNative(); super.onStartWithNative(); ChromeActivitySessionTracker.getInstance().onStartWithNative(getProfileProviderSupplier()); ChromeActivitySessionTracker.getInstance().onStartWithNative(getProfileProviderSupplier()); Loading @@ -40,7 +40,7 @@ diff --git a/chrome/android/java/src/org/chromium/chrome/browser/app/ChromeActiv diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc --- a/chrome/browser/flags/android/chrome_feature_list.cc --- a/chrome/browser/flags/android/chrome_feature_list.cc +++ b/chrome/browser/flags/android/chrome_feature_list.cc +++ b/chrome/browser/flags/android/chrome_feature_list.cc @@ -179,6 +179,7 @@ const base::Feature* const kFeaturesExposedToJava[] = { @@ -184,6 +184,7 @@ const base::Feature* const kFeaturesExposedToJava[] = { &feed::kFeedPerformanceStudy, &feed::kFeedPerformanceStudy, &feed::kFeedShowSignInCommand, &feed::kFeedShowSignInCommand, &feed::kFeedSignedOutViewDemotion, &feed::kFeedSignedOutViewDemotion, Loading @@ -59,16 +59,16 @@ diff --git a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/f public static final String ADAPTIVE_BUTTON_IN_TOP_TOOLBAR_PAGE_SUMMARY = public static final String ADAPTIVE_BUTTON_IN_TOP_TOOLBAR_PAGE_SUMMARY = "AdaptiveButtonInTopToolbarPageSummary"; "AdaptiveButtonInTopToolbarPageSummary"; public static final String ALLOW_TAB_CLOSING_UPON_MINIMIZATION = public static final String ALLOW_TAB_CLOSING_UPON_MINIMIZATION = @@ -728,6 +729,8 @@ public abstract class ChromeFeatureList { @@ -768,6 +769,8 @@ public abstract class ChromeFeatureList { public static final CachedFlag sAndroidWindowPopupLargeScreen = public static final CachedFlag sAndroidWindowPopupResizeAfterSpawn = newCachedFlag(ANDROID_WINDOW_POPUP_LARGE_SCREEN, false); newCachedFlag(ANDROID_WINDOW_POPUP_RESIZE_AFTER_SPAWN, false); public static final CachedFlag sAppSpecificHistory = newCachedFlag(APP_SPECIFIC_HISTORY, true); public static final CachedFlag sAppSpecificHistory = newCachedFlag(APP_SPECIFIC_HISTORY, true); + public static final CachedFlag sAllowUserCertificates = + public static final CachedFlag sAllowUserCertificates = + newCachedFlag(ALLOW_USER_CERTIFICATES, false); + newCachedFlag(ALLOW_USER_CERTIFICATES, false); public static final CachedFlag sAppSpecificHistoryViewIntent = newCachedFlag(APP_SPECIFIC_HISTORY_VIEW_INTENT, true); public static final CachedFlag sAsyncNotificationManager = public static final CachedFlag sAsyncNotificationManager = newCachedFlag(ASYNC_NOTIFICATION_MANAGER, false, true); @@ -1080,6 +1083,7 @@ public abstract class ChromeFeatureList { public static final CachedFlag sAsyncNotificationManagerForDownload = @@ -1032,6 +1035,7 @@ public abstract class ChromeFeatureList { sAccountForSuppressedKeyboardInsets, sAccountForSuppressedKeyboardInsets, sAllowTabClosingUponMinimization, sAllowTabClosingUponMinimization, sAndroidAppIntegration, sAndroidAppIntegration, Loading
