You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chromium/SOURCES/0008-sandbox-fix-ppc64le-gl...

91 lines
4.4 KiB

Index: chromium-130.0.6723.44/sandbox/policy/linux/bpf_utility_policy_linux.cc
===================================================================
--- chromium-130.0.6723.44.orig/sandbox/policy/linux/bpf_utility_policy_linux.cc
+++ chromium-130.0.6723.44/sandbox/policy/linux/bpf_utility_policy_linux.cc
@@ -34,7 +34,7 @@ ResultExpr UtilityProcessPolicy::Evaluat
case __NR_fdatasync:
case __NR_fsync:
#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__powerpc64__)
case __NR_getrlimit:
#endif
#if defined(__i386__) || defined(__arm__)
Index: chromium-130.0.6723.44/sandbox/policy/linux/bpf_renderer_policy_linux.cc
===================================================================
--- chromium-130.0.6723.44.orig/sandbox/policy/linux/bpf_renderer_policy_linux.cc
+++ chromium-130.0.6723.44/sandbox/policy/linux/bpf_renderer_policy_linux.cc
@@ -87,7 +87,7 @@ ResultExpr RendererProcessPolicy::Evalua
case __NR_ftruncate64:
#endif
#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__powerpc64__)
case __NR_getrlimit:
case __NR_setrlimit:
// We allow setrlimit to dynamically adjust the address space limit as
Index: chromium-130.0.6723.44/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
===================================================================
--- chromium-130.0.6723.44.orig/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
+++ chromium-130.0.6723.44/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
@@ -58,9 +58,9 @@
#elif defined(__powerpc64__)
-#include <asm/unistd.h>
+#include <asm-generic/unistd.h>
#define MIN_SYSCALL 0u
-#define MAX_PUBLIC_SYSCALL 386u
+#define MAX_PUBLIC_SYSCALL __NR_syscalls
#define MAX_SYSCALL MAX_PUBLIC_SYSCALL
#else
Index: chromium-130.0.6723.44/sandbox/linux/services/credentials.cc
===================================================================
--- chromium-130.0.6723.44.orig/sandbox/linux/services/credentials.cc
+++ chromium-130.0.6723.44/sandbox/linux/services/credentials.cc
@@ -96,7 +96,8 @@ bool ChrootToSafeEmptyDir() {
int clone_flags = CLONE_FS | LINUX_SIGCHLD;
void* tls = nullptr;
-#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY)) && \
+#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY) || \
+ defined(ARCH_CPU_PPC64_FAMILY)) && \
!defined(MEMORY_SANITIZER)
// Use CLONE_VM | CLONE_VFORK as an optimization to avoid copying page tables.
// Since clone writes to the new child's TLS before returning, we must set a
@@ -104,6 +105,11 @@ bool ChrootToSafeEmptyDir() {
// glibc performs syscalls by calling a function pointer in TLS, so we do not
// attempt this optimization.
// TODO(crbug.com/40196869) Broken in MSan builds after LLVM f1bb30a4956f.
+ //
+ // NOTE: Without CLONE_VM, fontconfig will attempt to reload configuration
+ // in every thread. Since the rendered threads are sandboxed without
+ // filesystem access (e.g. to /etc/fonts/fonts.conf) this will cause font
+ // configuration loading failures and no fonts will be displayed!
clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS;
char tls_buf[PTHREAD_STACK_MIN_CONST] = {0};
Index: chromium-130.0.6723.44/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
===================================================================
--- chromium-130.0.6723.44.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ chromium-130.0.6723.44/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -362,7 +362,16 @@ intptr_t SIGSYSFstatatHandler(const stru
if (args.nr == __NR_fstatat_default) {
if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
- return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
+ int fd = static_cast<int>(args.args[0]);
+#if defined(__powerpc64__)
+ // On ppc64+glibc, some syscalls seem to accidentally negate the first
+ // parameter which causes checks against it to fail. For now, manually
+ // negate them back.
+ // TODO: Investigate the root cause and fix in glibc
+ if (fd < 0)
+ fd = -fd;
+#endif
+ return syscall(__NR_fstat_default, fd,
reinterpret_cast<default_stat_struct*>(args.args[2]));
}
return -reinterpret_cast<intptr_t>(fs_denied_errno);