mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 20:05:49 +00:00
Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE
This commit is contained in:
parent
c9ff031c33
commit
0393c9235f
@ -78,7 +78,7 @@ __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
|
||||
#endif // MOZ_ASAN
|
||||
|
||||
// Signal number used to enable seccomp on each thread.
|
||||
mozilla::Atomic<int> gSeccompTsyncBroadcastSignum(0);
|
||||
int gSeccompTsyncBroadcastSignum = 0;
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
@ -336,7 +336,6 @@ BroadcastSetThreadSandbox(const sock_fprog* aFilter)
|
||||
// itself, repeat iterating over all threads until we find none
|
||||
// that are still privileged.
|
||||
bool sandboxProgress;
|
||||
const int tsyncSignum = gSeccompTsyncBroadcastSignum;
|
||||
do {
|
||||
sandboxProgress = false;
|
||||
// For each thread...
|
||||
@ -353,11 +352,11 @@ BroadcastSetThreadSandbox(const sock_fprog* aFilter)
|
||||
continue;
|
||||
}
|
||||
|
||||
MOZ_RELEASE_ASSERT(tsyncSignum != 0);
|
||||
MOZ_RELEASE_ASSERT(gSeccompTsyncBroadcastSignum != 0);
|
||||
|
||||
// Reset the futex cell and signal.
|
||||
gSetSandboxDone = 0;
|
||||
if (syscall(__NR_tgkill, pid, tid, tsyncSignum) != 0) {
|
||||
if (syscall(__NR_tgkill, pid, tid, gSeccompTsyncBroadcastSignum) != 0) {
|
||||
if (errno == ESRCH) {
|
||||
SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
|
||||
// Rescan threads, in case it forked before exiting.
|
||||
@ -429,14 +428,14 @@ BroadcastSetThreadSandbox(const sock_fprog* aFilter)
|
||||
} while (sandboxProgress);
|
||||
|
||||
void (*oldHandler)(int);
|
||||
oldHandler = signal(tsyncSignum, SIG_DFL);
|
||||
oldHandler = signal(gSeccompTsyncBroadcastSignum, SIG_DFL);
|
||||
gSeccompTsyncBroadcastSignum = 0;
|
||||
if (oldHandler != SetThreadSandboxHandler) {
|
||||
// See the comment on FindFreeSignalNumber about race conditions.
|
||||
SANDBOX_LOG_ERROR("handler for signal %d was changed to %p!",
|
||||
tsyncSignum, oldHandler);
|
||||
gSeccompTsyncBroadcastSignum, oldHandler);
|
||||
MOZ_CRASH();
|
||||
}
|
||||
gSeccompTsyncBroadcastSignum = 0;
|
||||
Unused << closedir(taskdp);
|
||||
// And now, deprivilege the main thread:
|
||||
SetThreadSandbox();
|
||||
@ -586,19 +585,18 @@ SandboxEarlyInit(GeckoProcessType aType)
|
||||
// If TSYNC is not supported, set up signal handler
|
||||
// used to enable seccomp on each thread.
|
||||
if (!info.Test(SandboxInfo::kHasSeccompTSync)) {
|
||||
const int tsyncSignum = FindFreeSignalNumber();
|
||||
if (tsyncSignum == 0) {
|
||||
gSeccompTsyncBroadcastSignum = FindFreeSignalNumber();
|
||||
if (gSeccompTsyncBroadcastSignum == 0) {
|
||||
SANDBOX_LOG_ERROR("No available signal numbers!");
|
||||
MOZ_CRASH();
|
||||
}
|
||||
gSeccompTsyncBroadcastSignum = tsyncSignum;
|
||||
|
||||
void (*oldHandler)(int);
|
||||
oldHandler = signal(tsyncSignum, SetThreadSandboxHandler);
|
||||
oldHandler = signal(gSeccompTsyncBroadcastSignum, SetThreadSandboxHandler);
|
||||
if (oldHandler != SIG_DFL) {
|
||||
// See the comment on FindFreeSignalNumber about race conditions.
|
||||
SANDBOX_LOG_ERROR("signal %d in use by handler %p!\n",
|
||||
tsyncSignum, oldHandler);
|
||||
gSeccompTsyncBroadcastSignum, oldHandler);
|
||||
MOZ_CRASH();
|
||||
}
|
||||
}
|
||||
|
@ -4,52 +4,26 @@
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "mozilla/Atomics.h"
|
||||
#include "mozilla/Types.h"
|
||||
|
||||
#include <dlfcn.h>
|
||||
#include <signal.h>
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <sys/inotify.h>
|
||||
|
||||
// Signal number used to enable seccomp on each thread.
|
||||
extern mozilla::Atomic<int> gSeccompTsyncBroadcastSignum;
|
||||
|
||||
static bool
|
||||
SigSetNeedsFixup(const sigset_t* aSet)
|
||||
{
|
||||
int tsyncSignum = gSeccompTsyncBroadcastSignum;
|
||||
|
||||
return aSet != nullptr &&
|
||||
(sigismember(aSet, SIGSYS) ||
|
||||
(tsyncSignum != 0 &&
|
||||
sigismember(aSet, tsyncSignum)));
|
||||
}
|
||||
|
||||
static void
|
||||
SigSetFixup(sigset_t* aSet)
|
||||
{
|
||||
int tsyncSignum = gSeccompTsyncBroadcastSignum;
|
||||
int rv = sigdelset(aSet, SIGSYS);
|
||||
MOZ_RELEASE_ASSERT(rv == 0);
|
||||
if (tsyncSignum != 0) {
|
||||
rv = sigdelset(aSet, tsyncSignum);
|
||||
MOZ_RELEASE_ASSERT(rv == 0);
|
||||
}
|
||||
}
|
||||
extern int gSeccompTsyncBroadcastSignum;
|
||||
|
||||
// This file defines a hook for sigprocmask() and pthread_sigmask().
|
||||
// Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf
|
||||
// sandbox. To avoid this, we intercept the call and remove SIGSYS.
|
||||
//
|
||||
// ENOSYS indicates an error within the hook function itself.
|
||||
static int
|
||||
HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*),
|
||||
int aHow, const sigset_t* aSet,
|
||||
sigset_t* aOldSet, bool aUseErrno)
|
||||
static int HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*),
|
||||
int aHow, const sigset_t* aSet,
|
||||
sigset_t* aOldSet, bool aUseErrno)
|
||||
{
|
||||
if (!aRealFunc) {
|
||||
if (aUseErrno) {
|
||||
@ -61,12 +35,22 @@ HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*),
|
||||
}
|
||||
|
||||
// Avoid unnecessary work
|
||||
if (aHow == SIG_UNBLOCK || !SigSetNeedsFixup(aSet)) {
|
||||
if (aSet == nullptr || aHow == SIG_UNBLOCK) {
|
||||
return aRealFunc(aHow, aSet, aOldSet);
|
||||
}
|
||||
|
||||
sigset_t newSet = *aSet;
|
||||
SigSetFixup(&newSet);
|
||||
if (sigdelset(&newSet, SIGSYS) != 0 ||
|
||||
(gSeccompTsyncBroadcastSignum &&
|
||||
sigdelset(&newSet, gSeccompTsyncBroadcastSignum) != 0)) {
|
||||
if (aUseErrno) {
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
}
|
||||
|
||||
return ENOSYS;
|
||||
}
|
||||
|
||||
return aRealFunc(aHow, &newSet, aOldSet);
|
||||
}
|
||||
|
||||
@ -88,27 +72,6 @@ pthread_sigmask(int how, const sigset_t* set, sigset_t* oldset)
|
||||
return HandleSigset(sRealFunc, how, set, oldset, false);
|
||||
}
|
||||
|
||||
extern "C" MOZ_EXPORT int
|
||||
sigaction(int signum, const struct sigaction* act, struct sigaction* oldact)
|
||||
{
|
||||
static auto sRealFunc =
|
||||
(int (*)(int, const struct sigaction*, struct sigaction*))
|
||||
dlsym(RTLD_NEXT, "sigaction");
|
||||
|
||||
if (!sRealFunc) {
|
||||
errno = ENOSYS;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (act == nullptr || !SigSetNeedsFixup(&act->sa_mask)) {
|
||||
return sRealFunc(signum, act, oldact);
|
||||
}
|
||||
|
||||
struct sigaction newact = *act;
|
||||
SigSetFixup(&newact.sa_mask);
|
||||
return sRealFunc(signum, &newact, oldact);
|
||||
}
|
||||
|
||||
extern "C" MOZ_EXPORT int
|
||||
inotify_init(void)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user