[packages/thunderbird.git] / glibc2.34.patch


# HG changeset patch
# User Gian-Carlo Pascutto <gcp@mozilla.com>
# Date 1628058287 0
# Node ID 7f9b9624c400dc847dc0053ebe35fbe63353a3d2
# Parent  958aef401f3c27231c426fc6e00024b0741470a6
Bug 1721326 - Allow dynamic PTHREAD_STACK_MIN. r=glandium, a=RyanVM

https://phabricator.services.mozilla.com/D120708

Differential Revision: https://phabricator.services.mozilla.com/D120972

diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp
--- a/js/xpconnect/src/XPCJSContext.cpp
+++ b/js/xpconnect/src/XPCJSContext.cpp
@@ -81,23 +81,20 @@
 #  include <algorithm>
 #  include <windows.h>
 #endif
 
 using namespace mozilla;
 using namespace xpc;
 using namespace JS;
 
-// The watchdog thread loop is pretty trivial, and should not require much stack
-// space to do its job. So only give it 32KiB or the platform minimum.
+// We will clamp to reasonable values if this isn't set.
 #if !defined(PTHREAD_STACK_MIN)
 #  define PTHREAD_STACK_MIN 0
 #endif
-static constexpr size_t kWatchdogStackSize =
-    PTHREAD_STACK_MIN < 32 * 1024 ? 32 * 1024 : PTHREAD_STACK_MIN;
 
 static void WatchdogMain(void* arg);
 class Watchdog;
 class WatchdogManager;
 class MOZ_RAII AutoLockWatchdog final {
   Watchdog* const mWatchdog;
 
  public:
@@ -154,22 +151,29 @@ class Watchdog {
       // extra pages if we can avoid it.
       nsCOMPtr<nsIDebug2> dbg = do_GetService("@mozilla.org/xpcom/debug;1");
       Unused << dbg;
     }
 
     {
       AutoLockWatchdog lock(this);
 
+      // The watchdog thread loop is pretty trivial, and should not
+      // require much stack space to do its job. So only give it 32KiB
+      // or the platform minimum. On modern Linux libc this might resolve to
+      // a runtime call.
+      size_t watchdogStackSize = PTHREAD_STACK_MIN;
+      watchdogStackSize = std::max<size_t>(32 * 1024, watchdogStackSize);
+
       // Gecko uses thread private for accounting and has to clean up at thread
       // exit. Therefore, even though we don't have a return value from the
       // watchdog, we need to join it on shutdown.
       mThread = PR_CreateThread(PR_USER_THREAD, WatchdogMain, this,
                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-                                PR_JOINABLE_THREAD, kWatchdogStackSize);
+                                PR_JOINABLE_THREAD, watchdogStackSize);
       if (!mThread) {
         MOZ_CRASH("PR_CreateThread failed!");
       }
 
       // WatchdogMain acquires the lock and then asserts mInitialized. So
       // make sure to set mInitialized before releasing the lock here so
       // that it's atomic with the creation of the thread.
       mInitialized = true;


# HG changeset patch
# User stransky <stransky@redhat.com>
# Date 1628058287 0
# Node ID 600365d8b24068e8105773830270cf86478aa487
# Parent  7f9b9624c400dc847dc0053ebe35fbe63353a3d2
Bug 1721326 - Use small stack for DoClone(). r=jld, a=RyanVM

Patch author is Florian Weimer <fweimer 'at' redhat.com>

Differential Revision: https://phabricator.services.mozilla.com/D120709

diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -504,18 +504,17 @@ static int CloneCallee(void* aPtr) {
 // stack, not switch stacks.
 //
 // Valgrind would disapprove of using clone() without CLONE_VM;
 // Chromium uses the raw syscall as a workaround in that case, but
 // we don't currently support sandboxing under valgrind.
 MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST static pid_t DoClone(int aFlags,
                                                          jmp_buf* aCtx) {
   static constexpr size_t kStackAlignment = 16;
-  uint8_t miniStack[PTHREAD_STACK_MIN]
-      __attribute__((aligned(kStackAlignment)));
+  uint8_t miniStack[4096] __attribute__((aligned(kStackAlignment)));
 #ifdef __hppa__
   void* stackPtr = miniStack;
 #else
   void* stackPtr = ArrayEnd(miniStack);
 #endif
   return clone(CloneCallee, stackPtr, aFlags, aCtx);
 }
 
@@ -526,23 +525,29 @@ MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST stat
 static pid_t ForkWithFlags(int aFlags) {
   // Don't allow flags that would share the address space, or
   // require clone() arguments we're not passing:
   static const int kBadFlags = CLONE_VM | CLONE_VFORK | CLONE_SETTLS |
                                CLONE_PARENT_SETTID | CLONE_CHILD_SETTID |
                                CLONE_CHILD_CLEARTID;
   MOZ_RELEASE_ASSERT((aFlags & kBadFlags) == 0);
 
+  // Block signals due to small stack in DoClone.
+  sigset_t oldSigs;
+  BlockAllSignals(&oldSigs);
+
+  int ret = 0;
   jmp_buf ctx;
   if (setjmp(ctx) == 0) {
     // In the parent and just called setjmp:
-    return DoClone(aFlags | SIGCHLD, &ctx);
+    ret = DoClone(aFlags | SIGCHLD, &ctx);
   }
+  RestoreSignals(&oldSigs);
   // In the child and have longjmp'ed:
-  return 0;
+  return ret;
 }
 
 static bool WriteStringToFile(const char* aPath, const char* aStr,
                               const size_t aLen) {
   int fd = open(aPath, O_WRONLY);
   if (fd < 0) {
     return false;
   }
Commit	Line	Data
4fee10ec JP	1
	2	# HG changeset patch
	3	# User Gian-Carlo Pascutto <gcp@mozilla.com>
	4	# Date 1628058287 0
	5	# Node ID 7f9b9624c400dc847dc0053ebe35fbe63353a3d2
	6	# Parent 958aef401f3c27231c426fc6e00024b0741470a6
	7	Bug 1721326 - Allow dynamic PTHREAD_STACK_MIN. r=glandium, a=RyanVM
	8
	9	https://phabricator.services.mozilla.com/D120708
	10
	11	Differential Revision: https://phabricator.services.mozilla.com/D120972
	12
	13	diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp
	14	--- a/js/xpconnect/src/XPCJSContext.cpp
	15	+++ b/js/xpconnect/src/XPCJSContext.cpp
	16	@@ -81,23 +81,20 @@
	17	# include <algorithm>
	18	# include <windows.h>
	19	#endif
	20
	21	using namespace mozilla;
	22	using namespace xpc;
	23	using namespace JS;
	24
	25	-// The watchdog thread loop is pretty trivial, and should not require much stack
	26	-// space to do its job. So only give it 32KiB or the platform minimum.
	27	+// We will clamp to reasonable values if this isn't set.
	28	#if !defined(PTHREAD_STACK_MIN)
	29	# define PTHREAD_STACK_MIN 0
	30	#endif
	31	-static constexpr size_t kWatchdogStackSize =
	32	- PTHREAD_STACK_MIN < 32 * 1024 ? 32 * 1024 : PTHREAD_STACK_MIN;
	33
	34	static void WatchdogMain(void* arg);
	35	class Watchdog;
	36	class WatchdogManager;
	37	class MOZ_RAII AutoLockWatchdog final {
	38	Watchdog* const mWatchdog;
	39
	40	public:
	41	@@ -154,22 +151,29 @@ class Watchdog {
	42	// extra pages if we can avoid it.
	43	nsCOMPtr<nsIDebug2> dbg = do_GetService("@mozilla.org/xpcom/debug;1");
	44	Unused << dbg;
	45	}
	46
	47	{
	48	AutoLockWatchdog lock(this);
	49
	50	+ // The watchdog thread loop is pretty trivial, and should not
	51	+ // require much stack space to do its job. So only give it 32KiB
	52	+ // or the platform minimum. On modern Linux libc this might resolve to
	53	+ // a runtime call.
	54	+ size_t watchdogStackSize = PTHREAD_STACK_MIN;
	55	+ watchdogStackSize = std::max<size_t>(32 * 1024, watchdogStackSize);
	56	+
	57	// Gecko uses thread private for accounting and has to clean up at thread
	58	// exit. Therefore, even though we don't have a return value from the
	59	// watchdog, we need to join it on shutdown.
	60	mThread = PR_CreateThread(PR_USER_THREAD, WatchdogMain, this,
	61	PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
	62	- PR_JOINABLE_THREAD, kWatchdogStackSize);
	63	+ PR_JOINABLE_THREAD, watchdogStackSize);
	64	if (!mThread) {
65	MOZ_CRASH("PR_CreateThread failed!");
66	}
67
68	// WatchdogMain acquires the lock and then asserts mInitialized. So
69	// make sure to set mInitialized before releasing the lock here so
70	// that it's atomic with the creation of the thread.
71	mInitialized = true;
72
73
74	# HG changeset patch
75	# User stransky <stransky@redhat.com>
76	# Date 1628058287 0
77	# Node ID 600365d8b24068e8105773830270cf86478aa487
78	# Parent 7f9b9624c400dc847dc0053ebe35fbe63353a3d2
79	Bug 1721326 - Use small stack for DoClone(). r=jld, a=RyanVM
80
81	Patch author is Florian Weimer <fweimer 'at' redhat.com>
82
83	Differential Revision: https://phabricator.services.mozilla.com/D120709
84
85	diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp
86	--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
87	+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
88	@@ -504,18 +504,17 @@ static int CloneCallee(void* aPtr) {
89	// stack, not switch stacks.
90	//
91	// Valgrind would disapprove of using clone() without CLONE_VM;
92	// Chromium uses the raw syscall as a workaround in that case, but
93	// we don't currently support sandboxing under valgrind.
94	MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST static pid_t DoClone(int aFlags,
95	jmp_buf* aCtx) {
96	static constexpr size_t kStackAlignment = 16;
97	- uint8_t miniStack[PTHREAD_STACK_MIN]
98	- __attribute__((aligned(kStackAlignment)));
99	+ uint8_t miniStack[4096] __attribute__((aligned(kStackAlignment)));
100	#ifdef __hppa__
101	void* stackPtr = miniStack;
102	#else
103	void* stackPtr = ArrayEnd(miniStack);
104	#endif
105	return clone(CloneCallee, stackPtr, aFlags, aCtx);
106	}
107
108	@@ -526,23 +525,29 @@ MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST stat
109	static pid_t ForkWithFlags(int aFlags) {
110	// Don't allow flags that would share the address space, or
111	// require clone() arguments we're not passing:
112	static const int kBadFlags = CLONE_VM \| CLONE_VFORK \| CLONE_SETTLS \|
113	CLONE_PARENT_SETTID \| CLONE_CHILD_SETTID \|
114	CLONE_CHILD_CLEARTID;
115	MOZ_RELEASE_ASSERT((aFlags & kBadFlags) == 0);
116
117	+ // Block signals due to small stack in DoClone.
118	+ sigset_t oldSigs;
119	+ BlockAllSignals(&oldSigs);
120	+
121	+ int ret = 0;
122	jmp_buf ctx;
123	if (setjmp(ctx) == 0) {
124	// In the parent and just called setjmp:
125	- return DoClone(aFlags \| SIGCHLD, &ctx);
126	+ ret = DoClone(aFlags \| SIGCHLD, &ctx);
127	}
128	+ RestoreSignals(&oldSigs);
129	// In the child and have longjmp'ed:
130	- return 0;
131	+ return ret;
132	}
133
134	static bool WriteStringToFile(const char* aPath, const char* aStr,
135	const size_t aLen) {
136	int fd = open(aPath, O_WRONLY);
137	if (fd < 0) {
138	return false;
139	}
140