Bug 1705045 - Quietly deny MADV_MERGEABLE in Linux sandbox policies that filter madvise. r=gcp

This `madvise` type is used by one Linux distro's libc, and in principle could be used by other userspace libraries trying to optimize performance, and I'd rather not allow it (see bug for more details). Therefore, this patch returns an error instead of treating it as an unknown syscall (which crashes on Nightly). However, the content policy doesn't yet filter `madvise` (bug 1510861); this patch doesn't change that. Differential Revision: https://phabricator.services.mozilla.com/D112884
2025-02-17 22:32:51 +00:00 · 2021-04-30 00:24:15 +00:00 · 2021-04-30 00:24:15 +00:00 · 6f45e8a477
commit 6f45e8a477
parent 74cfb39ab2
1 changed files with 2 additions and 0 deletions
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -784,6 +784,7 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
 #ifdef MOZ_ASAN
            .ElseIf(advice == MADV_DONTDUMP, Allow())
 #endif
+            .ElseIf(advice == MADV_MERGEABLE, Error(EPERM))  // bug 1705045
            .Else(InvalidSyscall());
      }

@ -1673,6 +1674,7 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
 #ifdef MOZ_ASAN
            .ElseIf(advice == MADV_DONTDUMP, Allow())
 #endif
+            .ElseIf(advice == MADV_MERGEABLE, Error(EPERM))  // bug 1705045
            .Else(Error(ENOSYS));
      }