Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-02 18:08:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c5a05df5d3
gecko-dev/security/sandbox/linux
History
Andrew Osmond d933968108 Bug 1582954 - Use posix_fallocate if available to avoid lazy allocation for shared memory. r=jld 
WebRender makes extensive use of shared memory buffers, particularly for
images decoded in the content process. These images can be arbitrarily
large, and there being insufficient memory for an allocation must be
handled gracefully.

On Linux, we will currently crash with a SIGBUS signal during image
decoding instead of just displaying the broken image tag. This is
because the pages backing the shared memory are only allocated when we
write to them. This blocks shipping WebRender on Linux.

This patch uses posix_fallocate to force the reservation of the pages,
and allows failing gracefully if they are unavailable.

Differential Revision: https://phabricator.services.mozilla.com/D80650
2020-07-20 17:47:52 +00:00
..
broker Bug 1644917 - Part 2: Cache as much of the content sandbox file policy as possible. r=gcp,Gijs 2020-07-02 11:26:11 +00:00
glue Bug 1650163 - Part 1: Switch native remoteType values to nsCString, r=farre,geckoview-reviewers,agi 2020-07-08 20:15:59 +00:00
gtest
interfaces
launch Bug 1640345 - Add a hidden pref to prevent sandboxed content processes from connecting to the X server. r=gcp 2020-07-01 21:10:36 +00:00
reporter Bug 1608558 - pt1 - add linux sandboxing to socket process. r=gcp 2020-03-09 14:56:03 +00:00
LinuxSched.h
moz.build Bug 1639030 - Part 2: Roll-up of chromium sandbox update and patches to get a running browser. r=bobowen 2020-07-08 12:54:33 +00:00
Sandbox.cpp Bug 1614933 - Ensure that glibc's lazy initializers run before we enable the content process sandbox on Linux; r=jld 2020-04-08 06:55:40 +00:00
Sandbox.h Bug 1608558 - pt1 - add linux sandboxing to socket process. r=gcp 2020-03-09 14:56:03 +00:00
SandboxBrokerClient.cpp
SandboxBrokerClient.h
SandboxChrootProto.h
SandboxFilter.cpp Bug 1582954 - Use posix_fallocate if available to avoid lazy allocation for shared memory. r=jld 2020-07-20 17:47:52 +00:00
SandboxFilter.h Bug 1608558 - pt1 - add linux sandboxing to socket process. r=gcp 2020-03-09 14:56:03 +00:00
SandboxFilterUtil.cpp
SandboxFilterUtil.h
SandboxHooks.cpp
SandboxInfo.cpp
SandboxInfo.h Bug 1613985 - Use default for equivalent-to-default constructors/destructors in security. r=rrelyea 2020-03-16 10:56:56 +00:00
SandboxInternal.h
SandboxLogging.cpp
SandboxLogging.h
SandboxOpenedFiles.cpp
SandboxOpenedFiles.h
SandboxReporterClient.cpp
SandboxReporterClient.h