chromium/SOURCES/0008-sandbox-fix-ppc64le-gl...

Index: chromium-120.0.6099.71/sandbox/policy/linux/bpf_utility_policy_linux.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/policy/linux/bpf_utility_policy_linux.cc
+++ chromium-120.0.6099.71/sandbox/policy/linux/bpf_utility_policy_linux.cc
@@ -34,7 +34,7 @@ ResultExpr UtilityProcessPolicy::Evaluat
     case __NR_fdatasync:
     case __NR_fsync:
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
-    defined(__aarch64__)
+    defined(__aarch64__) || defined(__powerpc64__)
     case __NR_getrlimit:
 #endif
 #if defined(__i386__) || defined(__arm__)
Index: chromium-120.0.6099.71/sandbox/policy/linux/bpf_renderer_policy_linux.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/policy/linux/bpf_renderer_policy_linux.cc
+++ chromium-120.0.6099.71/sandbox/policy/linux/bpf_renderer_policy_linux.cc
@@ -87,7 +87,7 @@ ResultExpr RendererProcessPolicy::Evalua
     case __NR_ftruncate64:
 #endif
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
-    defined(__aarch64__)
+    defined(__aarch64__) || defined(__powerpc64__)
     case __NR_getrlimit:
     case __NR_setrlimit:
 // We allow setrlimit to dynamically adjust the address space limit as
Index: chromium-120.0.6099.71/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
+++ chromium-120.0.6099.71/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
@@ -58,9 +58,9 @@
 
 #elif defined(__powerpc64__)
 
-#include <asm/unistd.h>
+#include <asm-generic/unistd.h>
 #define MIN_SYSCALL 0u
-#define MAX_PUBLIC_SYSCALL 386u
+#define MAX_PUBLIC_SYSCALL __NR_syscalls
 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL
 
 #else
Index: chromium-120.0.6099.71/sandbox/linux/services/credentials.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/linux/services/credentials.cc
+++ chromium-120.0.6099.71/sandbox/linux/services/credentials.cc
@@ -89,7 +89,9 @@ bool ChrootToSafeEmptyDir() {
 
   int clone_flags = CLONE_FS | LINUX_SIGCHLD;
   void* tls = nullptr;
-#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY)) && \
+// RAJA this might be it...
+#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY) || \
+    defined(ARCH_CPU_PPC64_FAMILY)) && \
     !defined(MEMORY_SANITIZER)
   // Use CLONE_VM | CLONE_VFORK as an optimization to avoid copying page tables.
   // Since clone writes to the new child's TLS before returning, we must set a
@@ -97,6 +99,11 @@ bool ChrootToSafeEmptyDir() {
   // glibc performs syscalls by calling a function pointer in TLS, so we do not
   // attempt this optimization.
   // TODO(crbug.com/1247458) Broken in MSan builds after LLVM f1bb30a4956f.
+  //
+  // NOTE: Without CLONE_VM, fontconfig will attempt to reload configuration
+  // in every thread.  Since the rendered threads are sandboxed without
+  // filesystem access (e.g. to /etc/fonts/fonts.conf) this will cause font
+  // configuraiton loading failures and no fonts will be displayed!
   clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS;
 
   // PTHREAD_STACK_MIN can be dynamic in glibc2.34+, so it is not possible to
Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -357,7 +357,16 @@ intptr_t SIGSYSFstatatHandler(const stru
   if (args.nr == __NR_fstatat_default) {
     if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
         args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-      return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
+          int fd = static_cast<int>(args.args[0]);
+#if defined(__powerpc64__)
+      // On ppc64+glibc, some syscalls seem to accidentally negate the first
+      // parameter which causes checks against it to fail. For now, manually
+      // negate them back.
+      // TODO: Investigate the root cause and fix in glibc
+      if (fd < 0)
+        fd = -fd;
+#endif
+      return syscall(__NR_fstat_default, fd,
                      reinterpret_cast<default_stat_struct*>(args.args[2]));
     }
     return -reinterpret_cast<intptr_t>(fs_denied_errno);
Enable ppc64le build 8 months ago			`Index: chromium-120.0.6099.71/sandbox/policy/linux/bpf_utility_policy_linux.cc`
			`===================================================================`
			`--- chromium-120.0.6099.71.orig/sandbox/policy/linux/bpf_utility_policy_linux.cc`
			`+++ chromium-120.0.6099.71/sandbox/policy/linux/bpf_utility_policy_linux.cc`
			`@@ -34,7 +34,7 @@ ResultExpr UtilityProcessPolicy::Evaluat`
			`case __NR_fdatasync:`
			`case __NR_fsync:`
			`#if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__mips__) \|\| \`
			`- defined(__aarch64__)`
			`+ defined(__aarch64__) \|\| defined(__powerpc64__)`
			`case __NR_getrlimit:`
			`#endif`
			`#if defined(__i386__) \|\| defined(__arm__)`
			`Index: chromium-120.0.6099.71/sandbox/policy/linux/bpf_renderer_policy_linux.cc`
			`===================================================================`
			`--- chromium-120.0.6099.71.orig/sandbox/policy/linux/bpf_renderer_policy_linux.cc`
			`+++ chromium-120.0.6099.71/sandbox/policy/linux/bpf_renderer_policy_linux.cc`
			`@@ -87,7 +87,7 @@ ResultExpr RendererProcessPolicy::Evalua`
			`case __NR_ftruncate64:`
			`#endif`
			`#if defined(__i386__) \|\| defined(__x86_64__) \|\| defined(__mips__) \|\| \`
			`- defined(__aarch64__)`
			`+ defined(__aarch64__) \|\| defined(__powerpc64__)`
			`case __NR_getrlimit:`
			`case __NR_setrlimit:`
			`// We allow setrlimit to dynamically adjust the address space limit as`
			`Index: chromium-120.0.6099.71/sandbox/linux/bpf_dsl/linux_syscall_ranges.h`
			`===================================================================`
			`--- chromium-120.0.6099.71.orig/sandbox/linux/bpf_dsl/linux_syscall_ranges.h`
			`+++ chromium-120.0.6099.71/sandbox/linux/bpf_dsl/linux_syscall_ranges.h`
			`@@ -58,9 +58,9 @@`

			`#elif defined(__powerpc64__)`

			`-#include <asm/unistd.h>`
			`+#include <asm-generic/unistd.h>`
			`#define MIN_SYSCALL 0u`
			`-#define MAX_PUBLIC_SYSCALL 386u`
			`+#define MAX_PUBLIC_SYSCALL __NR_syscalls`
			`#define MAX_SYSCALL MAX_PUBLIC_SYSCALL`

			`#else`
			`Index: chromium-120.0.6099.71/sandbox/linux/services/credentials.cc`
			`===================================================================`
			`--- chromium-120.0.6099.71.orig/sandbox/linux/services/credentials.cc`
			`+++ chromium-120.0.6099.71/sandbox/linux/services/credentials.cc`
			`@@ -89,7 +89,9 @@ bool ChrootToSafeEmptyDir() {`

			`int clone_flags = CLONE_FS \| LINUX_SIGCHLD;`
			`void* tls = nullptr;`
			`-#if (defined(ARCH_CPU_X86_64) \|\| defined(ARCH_CPU_ARM_FAMILY)) && \`
			`+// RAJA this might be it...`
			`+#if (defined(ARCH_CPU_X86_64) \|\| defined(ARCH_CPU_ARM_FAMILY) \|\| \`
			`+ defined(ARCH_CPU_PPC64_FAMILY)) && \`
			`!defined(MEMORY_SANITIZER)`
			`// Use CLONE_VM \| CLONE_VFORK as an optimization to avoid copying page tables.`
			`// Since clone writes to the new child's TLS before returning, we must set a`
			`@@ -97,6 +99,11 @@ bool ChrootToSafeEmptyDir() {`
			`// glibc performs syscalls by calling a function pointer in TLS, so we do not`
			`// attempt this optimization.`
			`// TODO(crbug.com/1247458) Broken in MSan builds after LLVM f1bb30a4956f.`
			`+ //`
			`+ // NOTE: Without CLONE_VM, fontconfig will attempt to reload configuration`
			`+ // in every thread. Since the rendered threads are sandboxed without`
			`+ // filesystem access (e.g. to /etc/fonts/fonts.conf) this will cause font`
			`+ // configuraiton loading failures and no fonts will be displayed!`
			`clone_flags \|= CLONE_VM \| CLONE_VFORK \| CLONE_SETTLS;`

			`// PTHREAD_STACK_MIN can be dynamic in glibc2.34+, so it is not possible to`
			`Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc`
			`===================================================================`
			`--- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc`
			`+++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc`
			`@@ -357,7 +357,16 @@ intptr_t SIGSYSFstatatHandler(const stru`
			`if (args.nr == __NR_fstatat_default) {`
			`if (reinterpret_cast<const char>(args.args[1]) == '\0' &&`
			`args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {`
			`- return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),`
			`+ int fd = static_cast<int>(args.args[0]);`
			`+#if defined(__powerpc64__)`
			`+ // On ppc64+glibc, some syscalls seem to accidentally negate the first`
			`+ // parameter which causes checks against it to fail. For now, manually`
			`+ // negate them back.`
			`+ // TODO: Investigate the root cause and fix in glibc`
			`+ if (fd < 0)`
			`+ fd = -fd;`
			`+#endif`
			`+ return syscall(__NR_fstat_default, fd,`
			`reinterpret_cast<default_stat_struct*>(args.args[2]));`
			`}`
			`return -reinterpret_cast<intptr_t>(fs_denied_errno);`