Index: chromium-127.0.6533.72/sandbox/policy/linux/bpf_utility_policy_linux.cc =================================================================== --- chromium-127.0.6533.72.orig/sandbox/policy/linux/bpf_utility_policy_linux.cc +++ chromium-127.0.6533.72/sandbox/policy/linux/bpf_utility_policy_linux.cc @@ -34,7 +34,7 @@ ResultExpr UtilityProcessPolicy::Evaluat case __NR_fdatasync: case __NR_fsync: #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_getrlimit: #endif #if defined(__i386__) || defined(__arm__) Index: chromium-127.0.6533.72/sandbox/policy/linux/bpf_renderer_policy_linux.cc =================================================================== --- chromium-127.0.6533.72.orig/sandbox/policy/linux/bpf_renderer_policy_linux.cc +++ chromium-127.0.6533.72/sandbox/policy/linux/bpf_renderer_policy_linux.cc @@ -87,7 +87,7 @@ ResultExpr RendererProcessPolicy::Evalua case __NR_ftruncate64: #endif #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) case __NR_getrlimit: case __NR_setrlimit: // We allow setrlimit to dynamically adjust the address space limit as Index: chromium-127.0.6533.72/sandbox/linux/bpf_dsl/linux_syscall_ranges.h =================================================================== --- chromium-127.0.6533.72.orig/sandbox/linux/bpf_dsl/linux_syscall_ranges.h +++ chromium-127.0.6533.72/sandbox/linux/bpf_dsl/linux_syscall_ranges.h @@ -58,9 +58,9 @@ #elif defined(__powerpc64__) -#include +#include #define MIN_SYSCALL 0u -#define MAX_PUBLIC_SYSCALL 386u +#define MAX_PUBLIC_SYSCALL __NR_syscalls #define MAX_SYSCALL MAX_PUBLIC_SYSCALL #else Index: chromium-127.0.6533.72/sandbox/linux/services/credentials.cc =================================================================== --- chromium-127.0.6533.72.orig/sandbox/linux/services/credentials.cc +++ chromium-127.0.6533.72/sandbox/linux/services/credentials.cc @@ -89,7 +89,8 @@ bool ChrootToSafeEmptyDir() { int clone_flags = CLONE_FS | LINUX_SIGCHLD; void* tls = nullptr; -#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY)) && \ +#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY) || \ + defined(ARCH_CPU_PPC64_FAMILY)) && \ !defined(MEMORY_SANITIZER) // Use CLONE_VM | CLONE_VFORK as an optimization to avoid copying page tables. // Since clone writes to the new child's TLS before returning, we must set a @@ -97,6 +98,11 @@ bool ChrootToSafeEmptyDir() { // glibc performs syscalls by calling a function pointer in TLS, so we do not // attempt this optimization. // TODO(crbug.com/40196869) Broken in MSan builds after LLVM f1bb30a4956f. + // + // NOTE: Without CLONE_VM, fontconfig will attempt to reload configuration + // in every thread. Since the rendered threads are sandboxed without + // filesystem access (e.g. to /etc/fonts/fonts.conf) this will cause font + // configuration loading failures and no fonts will be displayed! clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS; // PTHREAD_STACK_MIN can be dynamic in glibc2.34+, so it is not possible to Index: chromium-127.0.6533.72/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc =================================================================== --- chromium-127.0.6533.72.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc +++ chromium-127.0.6533.72/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc @@ -357,7 +357,16 @@ intptr_t SIGSYSFstatatHandler(const stru if (args.nr == __NR_fstatat_default) { if (*reinterpret_cast(args.args[1]) == '\0' && args.args[3] == static_cast(AT_EMPTY_PATH)) { - return syscall(__NR_fstat_default, static_cast(args.args[0]), + int fd = static_cast(args.args[0]); +#if defined(__powerpc64__) + // On ppc64+glibc, some syscalls seem to accidentally negate the first + // parameter which causes checks against it to fail. For now, manually + // negate them back. + // TODO: Investigate the root cause and fix in glibc + if (fd < 0) + fd = -fd; +#endif + return syscall(__NR_fstat_default, fd, reinterpret_cast(args.args[2])); } return -reinterpret_cast(fs_denied_errno);