Bug 1546544 - Enable TCSM r=asuth,spohl,mccr8

Differential Revision: https://phabricator.services.mozilla.com/D29046 --HG-- extra : moz-landing-system : lando
2024-10-08 19:04:45 +00:00 · 2019-05-06 06:09:10 +00:00 · 2019-05-06 06:09:10 +00:00 · cd1c25bb79
commit cd1c25bb79
parent 7506da4681
7 changed files with 108 additions and 0 deletions
--- a/netwerk/base/ProxyAutoConfig.cpp
+++ b/netwerk/base/ProxyAutoConfig.cpp
@ -27,6 +27,10 @@
 #include "nsServiceManagerUtils.h"
 #include "nsNetCID.h"

+#if defined(XP_MACOSX)
+#  include "nsMacUtilsImpl.h"
+#endif
+
 namespace mozilla {
 namespace net {

@ -682,6 +686,10 @@ nsresult ProxyAutoConfig::SetupJS() {
  mJSNeedsSetup = false;
  MOZ_ASSERT(!GetRunning(), "JIT is running");

+#if defined(XP_MACOSX)
+  nsMacUtilsImpl::EnableTCSMIfAvailable();
+#endif
+
  delete mJSContext;
  mJSContext = nullptr;

--- a/netwerk/base/moz.build
+++ b/netwerk/base/moz.build
@ -314,5 +314,10 @@ LOCAL_INCLUDES += [
    '/netwerk/url-classifier',
 ]

+if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
+    LOCAL_INCLUDES += [
+        '/xpcom/base',
+    ]
+
 if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
    CXXFLAGS += ['-Wno-error=shadow']
--- a/security/sandbox/mac/SandboxPolicyContent.h
+++ b/security/sandbox/mac/SandboxPolicyContent.h
@ -105,6 +105,8 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL(
      (sysctl-name "kern.osversion")
      (sysctl-name "kern.osrelease")
      (sysctl-name "kern.version")
+      (sysctl-name "kern.tcsm_available")
+      (sysctl-name "kern.tcsm_enable")
      ; TODO: remove "kern.hostname". Without it the tests hang, but the hostname
      ; is arguably sensitive information, so we should see what can be done about
      ; removing it.
@ -140,6 +142,9 @@ static const char SandboxPolicyContent[] = R"SANDBOX_LITERAL(
      (sysctl-name "machdep.cpu.stepping")
      (sysctl-name "debug.intel.gstLevelGST")
      (sysctl-name "debug.intel.gstLoaderControl")))
+  (if (> macosMinorVersion 9)
+    (allow sysctl-write
+      (sysctl-name "kern.tcsm_enable")))

  (define (home-regex home-relative-regex)
    (regex (string-append "^" (regex-quote home-path) home-relative-regex)))
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
@ -238,6 +238,7 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
    LOCAL_INCLUDES += [
        '/widget',
        '/widget/cocoa',
+        '/xpcom/base',
    ]

 CXXFLAGS += CONFIG['TK_CFLAGS']
--- a/xpcom/base/CycleCollectedJSRuntime.cpp
+++ b/xpcom/base/CycleCollectedJSRuntime.cpp
@ -92,6 +92,10 @@
 #  include "ProfilerMarkerPayload.h"
 #endif

+#if defined(XP_MACOSX)
+# include "nsMacUtilsImpl.h"
+#endif
+
 #include "nsIException.h"
 #include "nsThread.h"
 #include "nsThreadUtils.h"
@ -485,6 +489,12 @@ CycleCollectedJSRuntime::CycleCollectedJSRuntime(JSContext* aCx)
  MOZ_ASSERT(aCx);
  MOZ_ASSERT(mJSRuntime);

+#if defined(XP_MACOSX)
+  if (!XRE_IsE10sParentProcess()) {
+    nsMacUtilsImpl::EnableTCSMIfAvailable();
+  }
+#endif
+
  if (!JS_AddExtraGCRootsTracer(aCx, TraceBlackJS, this)) {
    MOZ_CRASH("JS_AddExtraGCRootsTracer failed");
  }
--- a/xpcom/base/nsMacUtilsImpl.cpp
+++ b/xpcom/base/nsMacUtilsImpl.cpp
@ -17,16 +17,21 @@
 #include "prenv.h"

 #include <CoreFoundation/CoreFoundation.h>
+#include <sys/sysctl.h>

 NS_IMPL_ISUPPORTS(nsMacUtilsImpl, nsIMacUtils)

 using mozilla::StaticMutexAutoLock;
+using mozilla::Unused;

 #if defined(MOZ_SANDBOX)
 StaticAutoPtr<nsCString> nsMacUtilsImpl::sCachedAppPath;
 StaticMutex nsMacUtilsImpl::sCachedAppPathMutex;
 #endif

+// Initialize with Unknown until we've checked if TCSM is available to set
+Atomic<nsMacUtilsImpl::TCSMStatus> nsMacUtilsImpl::sTCSMStatus(TCSM_Unknown);
+
 nsresult nsMacUtilsImpl::GetArchString(nsAString& aArchString) {
  if (!mBinaryArchs.IsEmpty()) {
    aArchString.Assign(mBinaryArchs);
@ -241,3 +246,60 @@ nsresult nsMacUtilsImpl::GetDirectoryPath(const char* aPath,
 }
 #  endif /* DEBUG */
 #endif   /* MOZ_SANDBOX */
+
+/* static */
+bool nsMacUtilsImpl::IsTCSMAvailable() {
+  if (sTCSMStatus == TCSM_Unknown) {
+    uint32_t oldVal = 0;
+    size_t oldValSize = sizeof(oldVal);
+    int rv = sysctlbyname("kern.tcsm_available", &oldVal, &oldValSize, NULL, 0);
+    TCSMStatus newStatus;
+    if (rv < 0 || oldVal == 0) {
+      newStatus = TCSM_Unavailable;
+    } else {
+      newStatus = TCSM_Available;
+    }
+    // The value of sysctl kern.tcsm_available is the same for all
+    // threads within the same process. If another thread raced with us
+    // and initialized sTCSMStatus first (changing it from
+    // TCSM_Unknown), we can continue without needing to update it
+    // again. Hence, we ignore compareExchange's return value.
+    Unused << sTCSMStatus.compareExchange(TCSM_Unknown, newStatus);
+  }
+  return (sTCSMStatus == TCSM_Available);
+}
+
+/* static */
+nsresult nsMacUtilsImpl::EnableTCSM() {
+  uint32_t newVal = 1;
+  int rv = sysctlbyname("kern.tcsm_enable", NULL, 0, &newVal, sizeof(newVal));
+  if (rv < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  return NS_OK;
+}
+
+/*
+ * Intentionally return void so that failures will be ignored in non-debug
+ * builds. This method uses new sysctls which may not be as thoroughly tested
+ * and we don't want to cause crashes handling the failure due to an OS bug.
+ */
+/* static */
+void nsMacUtilsImpl::EnableTCSMIfAvailable() {
+  if (IsTCSMAvailable()) {
+    if (NS_FAILED(EnableTCSM())) {
+      NS_WARNING("Failed to enable TCSM");
+    }
+    MOZ_ASSERT(IsTCSMEnabled());
+  }
+}
+
+#if defined(DEBUG)
+/* static */
+bool nsMacUtilsImpl::IsTCSMEnabled() {
+  uint32_t oldVal = 0;
+  size_t oldValSize = sizeof(oldVal);
+  int rv = sysctlbyname("kern.tcsm_enable", &oldVal, &oldValSize, NULL, 0);
+  return (rv == 0) && (oldVal != 0);
+}
+#endif
--- a/xpcom/base/nsMacUtilsImpl.h
+++ b/xpcom/base/nsMacUtilsImpl.h
@ -9,10 +9,12 @@

 #include "nsIMacUtils.h"
 #include "nsString.h"
+#include "mozilla/Atomics.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/StaticMutex.h"
 #include "mozilla/StaticPtr.h"

+using mozilla::Atomic;
 using mozilla::StaticAutoPtr;
 using mozilla::StaticMutex;

@ -33,6 +35,8 @@ class nsMacUtilsImpl final : public nsIMacUtils {
 #  endif /* DEBUG */
 #endif   /* MOZ_SANDBOX */

+  static void EnableTCSMIfAvailable();
+
 private:
  ~nsMacUtilsImpl() {}

@ -48,6 +52,19 @@ class nsMacUtilsImpl final : public nsIMacUtils {
  // For thread safe setting/checking of sCachedAppPath
  static StaticMutex sCachedAppPathMutex;
 #endif
+
+  enum TCSMStatus {
+    TCSM_Unknown = 0,
+    TCSM_Available,
+    TCSM_Unavailable
+  };
+  static mozilla::Atomic<nsMacUtilsImpl::TCSMStatus> sTCSMStatus;
+
+  static bool IsTCSMAvailable();
+  static nsresult EnableTCSM();
+#if defined(DEBUG)
+  static bool IsTCSMEnabled();
+#endif
 };

 // Global singleton service