--- a/sandbox/policy/linux/bpf_utility_policy_linux.cc +++ b/sandbox/policy/linux/bpf_utility_policy_linux.cc @@ -34,7 +34,7 @@ case __NR_fdatasync: case __NR_fsync: #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_getrlimit: #endif #if defined(__i386__) || defined(__arm__) --- a/sandbox/policy/linux/bpf_renderer_policy_linux.cc +++ b/sandbox/policy/linux/bpf_renderer_policy_linux.cc @@ -77,7 +77,7 @@ case __NR_ftruncate64: #endif #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_getrlimit: case __NR_setrlimit: // We allow setrlimit to dynamically adjust the address space limit as --- a/sandbox/linux/bpf_dsl/linux_syscall_ranges.h +++ b/sandbox/linux/bpf_dsl/linux_syscall_ranges.h @@ -58,9 +58,9 @@ #elif defined(__powerpc64__) -#include +#include #define MIN_SYSCALL 0u -#define MAX_PUBLIC_SYSCALL 386u +#define MAX_PUBLIC_SYSCALL __NR_syscalls #define MAX_SYSCALL MAX_PUBLIC_SYSCALL #else --- a/sandbox/linux/services/credentials.cc +++ b/sandbox/linux/services/credentials.cc @@ -90,7 +90,9 @@ int clone_flags = CLONE_FS | LINUX_SIGCHLD; void* tls = nullptr; -#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY)) && \ +// RAJA this might be it... +#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY) || \ + defined(ARCH_CPU_PPC64_FAMILY)) && \ !defined(MEMORY_SANITIZER) // Use CLONE_VM | CLONE_VFORK as an optimization to avoid copying page tables. // Since clone writes to the new child's TLS before returning, we must set a @@ -98,6 +100,11 @@ // glibc performs syscalls by calling a function pointer in TLS, so we do not // attempt this optimization. // TODO(crbug.com/1247458) Broken in MSan builds after LLVM f1bb30a4956f. + // + // NOTE: Without CLONE_VM, fontconfig will attempt to reload configuration + // in every thread. Since the rendered threads are sandboxed without + // filesystem access (e.g. to /etc/fonts/fonts.conf) this will cause font + // configuraiton loading failures and no fonts will be displayed! clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS; char tls_buf[PTHREAD_STACK_MIN] = {0}; --- a/linux/seccomp-bpf-helpers/sigsys_handlers.cc +++ b/linux/seccomp-bpf-helpers/sigsys_handlers.cc @@ -358,7 +358,16 @@ if (args.nr == __NR_fstatat_default) { if (*reinterpret_cast(args.args[1]) == '\0' && args.args[3] == static_cast(AT_EMPTY_PATH)) { - return syscall(__NR_fstat_default, static_cast(args.args[0]), + int fd = static_cast(args.args[0]); +#if defined(__powerpc64__) + // On ppc64+glibc, some syscalls seem to accidentally negate the first + // parameter which causes checks against it to fail. For now, manually + // negate them back. + // TODO: Investigate the root cause and fix in glibc + if (fd < 0) + fd = -fd; +#endif + return syscall(__NR_fstat_default, fd, reinterpret_cast(args.args[2])); } return -reinterpret_cast(fs_denied_errno);