Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 764719 Details for
Bug 669748
www-client/chromium Patch and enable building on ppc64le systems
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Candidate sandbox patch for font rendering
sandbox-linux-fix-glibc-font-rendering-candidate.patch (text/plain), 6.14 KB, created by
Timothy Pearson
on 2022-02-09 20:55:24 UTC
(
hide
)
Description:
Candidate sandbox patch for font rendering
Filename:
MIME Type:
Creator:
Timothy Pearson
Created:
2022-02-09 20:55:24 UTC
Size:
6.14 KB
patch
obsolete
>Index: chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc >=================================================================== >--- chromium-98.0.4758.80.orig/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc >+++ chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc >@@ -287,6 +287,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de > return RestrictKillTarget(current_pid, sysno); > } > >+#if defined(__NR_newfstatat) >+ if (sysno == __NR_newfstatat) { >+ return RewriteFstatatSIGSYS(); >+ } >+#endif >+ >+#if defined(__NR_fstatat64) >+ if (sysno == __NR_fstatat64) { >+ return RewriteFstatatSIGSYS(); >+ } >+#endif >+ > // memfd_create is considered a file system syscall which below will be denied > // with fs_denied_errno, we need memfd_create for Mojo shared memory channels. > if (sysno == __NR_memfd_create) { >@@ -310,7 +310,7 @@ > // with fs_denied_errno. However some allowed fstat syscalls are rewritten by > // libc implementations to fstatat syscalls, and we need to rewrite them back. > if (sysno == __NR_fstatat_default) { >- return RewriteFstatatSIGSYS(fs_denied_errno); >+ return RewriteFstatatSIGSYS(); > } > > // The statx syscall is a filesystem syscall, which will be denied below with >Index: chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc >=================================================================== >--- chromium-98.0.4758.80.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc >+++ chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc >@@ -6,6 +6,7 @@ > > #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" > >+#include <errno.h> > #include <fcntl.h> > #include <stddef.h> > #include <stdint.h> >@@ -354,17 +355,28 @@ intptr_t SIGSYSSchedHandler(const struct > } > > intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, >- void* fs_denied_errno) { >- if (args.nr == __NR_fstatat_default) { >- if (*reinterpret_cast<const char*>(args.args[1]) == '\0' && >- args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) { >- return syscall(__NR_fstat_default, static_cast<int>(args.args[0]), >- reinterpret_cast<default_stat_struct*>(args.args[2])); >- } >- return -reinterpret_cast<intptr_t>(fs_denied_errno); >+ void* aux) { >+ switch (args.nr) { >+#if defined(__NR_newfstatat) >+ case __NR_newfstatat: >+#endif >+#if defined(__NR_fstatat64) >+ case __NR_fstatat64: >+#endif >+#if defined(__NR_newfstatat) || defined(__NR_fstatat64) >+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0' >+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) { >+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]), >+ reinterpret_cast<struct stat64 *>(args.args[2])); >+ } else { >+ errno = EACCES; >+ return -1; >+ } >+ break; >+#endif > } > >- CrashSIGSYS_Handler(args, fs_denied_errno); >+ CrashSIGSYS_Handler(args, aux); > > // Should never be reached. > RAW_CHECK(false); >@@ -403,9 +415,8 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() > return bpf_dsl::Trap(SIGSYSSchedHandler, NULL); > } > >-bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) { >- return bpf_dsl::Trap(SIGSYSFstatatHandler, >- reinterpret_cast<void*>(fs_denied_errno)); >+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() { >+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL); > } > > void AllocateCrashKeys() { >Index: chromium-98.0.4758.80/sandbox/linux/services/syscall_wrappers.cc >=================================================================== >--- chromium-98.0.4758.80.orig/sandbox/linux/services/syscall_wrappers.cc >+++ chromium-98.0.4758.80/sandbox/linux/services/syscall_wrappers.cc >@@ -204,4 +204,13 @@ int sys_fstatat64(int dirfd, > #endif > } > >+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf) >+{ >+#if defined(__NR_fstat64) >+ return syscall(__NR_fstat64, fd, buf); >+#else >+ return syscall(__NR_fstat, fd, buf); >+#endif >+} >+ > } // namespace sandbox >Index: chromium-98.0.4758.80/sandbox/linux/services/syscall_wrappers.h >=================================================================== >--- chromium-98.0.4758.80.orig/sandbox/linux/services/syscall_wrappers.h >+++ chromium-98.0.4758.80/sandbox/linux/services/syscall_wrappers.h >@@ -19,6 +19,7 @@ struct cap_hdr; > struct cap_data; > struct kernel_stat; > struct kernel_stat64; >+struct stat64; > > namespace sandbox { > >@@ -99,6 +100,9 @@ SANDBOX_EXPORT int sys_fstatat64(int dir > struct kernel_stat64* stat_buf, > int flags); > >+// Recent glibc rewrites fstat to fstatat. >+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf); >+ > } // namespace sandbox > > #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ >Index: chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h >=================================================================== >--- chromium-98.0.4758.80.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h >+++ chromium-98.0.4758.80/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h >@@ -77,7 +77,7 @@ > SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex(); > SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace(); > SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS(); >-SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno); >+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(); > > // Allocates a crash key so that Seccomp information can be recorded. > void AllocateCrashKeys(); >Index: chromium-98.0.4758.80/sandbox/policy/linux/sandbox_linux.cc >=================================================================== >--- chromium-98.0.4758.80.orig/sandbox/policy/linux/sandbox_linux.cc >+++ chromium-98.0.4758.80/sandbox/policy/linux/sandbox_linux.cc >@@ -529,7 +529,7 @@ > // fstatat() to fail, see https://crbug.com/1243290#c8 for details. > const bpf_dsl::Arg<int> flags(3); > return bpf_dsl::If((flags & AT_EMPTY_PATH) == AT_EMPTY_PATH, >- RewriteFstatatSIGSYS(BPFBasePolicy::GetFSDeniedErrno())) >+ RewriteFstatatSIGSYS()) > .Else(handle_via_broker); > } else { > return handle_via_broker;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=764719">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 669748
:
764685
|
764686
| 764719 |
764955
|
801454
