]>
Commit | Line | Data |
---|---|---|
4fee10ec JP |
1 | |
2 | # HG changeset patch | |
3 | # User Gian-Carlo Pascutto <gcp@mozilla.com> | |
4 | # Date 1628058287 0 | |
5 | # Node ID 7f9b9624c400dc847dc0053ebe35fbe63353a3d2 | |
6 | # Parent 958aef401f3c27231c426fc6e00024b0741470a6 | |
7 | Bug 1721326 - Allow dynamic PTHREAD_STACK_MIN. r=glandium, a=RyanVM | |
8 | ||
9 | https://phabricator.services.mozilla.com/D120708 | |
10 | ||
11 | Differential Revision: https://phabricator.services.mozilla.com/D120972 | |
12 | ||
13 | diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp | |
14 | --- a/js/xpconnect/src/XPCJSContext.cpp | |
15 | +++ b/js/xpconnect/src/XPCJSContext.cpp | |
16 | @@ -81,23 +81,20 @@ | |
17 | # include <algorithm> | |
18 | # include <windows.h> | |
19 | #endif | |
20 | ||
21 | using namespace mozilla; | |
22 | using namespace xpc; | |
23 | using namespace JS; | |
24 | ||
25 | -// The watchdog thread loop is pretty trivial, and should not require much stack | |
26 | -// space to do its job. So only give it 32KiB or the platform minimum. | |
27 | +// We will clamp to reasonable values if this isn't set. | |
28 | #if !defined(PTHREAD_STACK_MIN) | |
29 | # define PTHREAD_STACK_MIN 0 | |
30 | #endif | |
31 | -static constexpr size_t kWatchdogStackSize = | |
32 | - PTHREAD_STACK_MIN < 32 * 1024 ? 32 * 1024 : PTHREAD_STACK_MIN; | |
33 | ||
34 | static void WatchdogMain(void* arg); | |
35 | class Watchdog; | |
36 | class WatchdogManager; | |
37 | class MOZ_RAII AutoLockWatchdog final { | |
38 | Watchdog* const mWatchdog; | |
39 | ||
40 | public: | |
41 | @@ -154,22 +151,29 @@ class Watchdog { | |
42 | // extra pages if we can avoid it. | |
43 | nsCOMPtr<nsIDebug2> dbg = do_GetService("@mozilla.org/xpcom/debug;1"); | |
44 | Unused << dbg; | |
45 | } | |
46 | ||
47 | { | |
48 | AutoLockWatchdog lock(this); | |
49 | ||
50 | + // The watchdog thread loop is pretty trivial, and should not | |
51 | + // require much stack space to do its job. So only give it 32KiB | |
52 | + // or the platform minimum. On modern Linux libc this might resolve to | |
53 | + // a runtime call. | |
54 | + size_t watchdogStackSize = PTHREAD_STACK_MIN; | |
55 | + watchdogStackSize = std::max<size_t>(32 * 1024, watchdogStackSize); | |
56 | + | |
57 | // Gecko uses thread private for accounting and has to clean up at thread | |
58 | // exit. Therefore, even though we don't have a return value from the | |
59 | // watchdog, we need to join it on shutdown. | |
60 | mThread = PR_CreateThread(PR_USER_THREAD, WatchdogMain, this, | |
61 | PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, | |
62 | - PR_JOINABLE_THREAD, kWatchdogStackSize); | |
63 | + PR_JOINABLE_THREAD, watchdogStackSize); | |
64 | if (!mThread) { | |
65 | MOZ_CRASH("PR_CreateThread failed!"); | |
66 | } | |
67 | ||
68 | // WatchdogMain acquires the lock and then asserts mInitialized. So | |
69 | // make sure to set mInitialized before releasing the lock here so | |
70 | // that it's atomic with the creation of the thread. | |
71 | mInitialized = true; | |
72 | ||
73 | ||
74 | # HG changeset patch | |
75 | # User stransky <stransky@redhat.com> | |
76 | # Date 1628058287 0 | |
77 | # Node ID 600365d8b24068e8105773830270cf86478aa487 | |
78 | # Parent 7f9b9624c400dc847dc0053ebe35fbe63353a3d2 | |
79 | Bug 1721326 - Use small stack for DoClone(). r=jld, a=RyanVM | |
80 | ||
81 | Patch author is Florian Weimer <fweimer 'at' redhat.com> | |
82 | ||
83 | Differential Revision: https://phabricator.services.mozilla.com/D120709 | |
84 | ||
85 | diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp | |
86 | --- a/security/sandbox/linux/launch/SandboxLaunch.cpp | |
87 | +++ b/security/sandbox/linux/launch/SandboxLaunch.cpp | |
88 | @@ -504,18 +504,17 @@ static int CloneCallee(void* aPtr) { | |
89 | // stack, not switch stacks. | |
90 | // | |
91 | // Valgrind would disapprove of using clone() without CLONE_VM; | |
92 | // Chromium uses the raw syscall as a workaround in that case, but | |
93 | // we don't currently support sandboxing under valgrind. | |
94 | MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST static pid_t DoClone(int aFlags, | |
95 | jmp_buf* aCtx) { | |
96 | static constexpr size_t kStackAlignment = 16; | |
97 | - uint8_t miniStack[PTHREAD_STACK_MIN] | |
98 | - __attribute__((aligned(kStackAlignment))); | |
99 | + uint8_t miniStack[4096] __attribute__((aligned(kStackAlignment))); | |
100 | #ifdef __hppa__ | |
101 | void* stackPtr = miniStack; | |
102 | #else | |
103 | void* stackPtr = ArrayEnd(miniStack); | |
104 | #endif | |
105 | return clone(CloneCallee, stackPtr, aFlags, aCtx); | |
106 | } | |
107 | ||
108 | @@ -526,23 +525,29 @@ MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST stat | |
109 | static pid_t ForkWithFlags(int aFlags) { | |
110 | // Don't allow flags that would share the address space, or | |
111 | // require clone() arguments we're not passing: | |
112 | static const int kBadFlags = CLONE_VM | CLONE_VFORK | CLONE_SETTLS | | |
113 | CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | | |
114 | CLONE_CHILD_CLEARTID; | |
115 | MOZ_RELEASE_ASSERT((aFlags & kBadFlags) == 0); | |
116 | ||
117 | + // Block signals due to small stack in DoClone. | |
118 | + sigset_t oldSigs; | |
119 | + BlockAllSignals(&oldSigs); | |
120 | + | |
121 | + int ret = 0; | |
122 | jmp_buf ctx; | |
123 | if (setjmp(ctx) == 0) { | |
124 | // In the parent and just called setjmp: | |
125 | - return DoClone(aFlags | SIGCHLD, &ctx); | |
126 | + ret = DoClone(aFlags | SIGCHLD, &ctx); | |
127 | } | |
128 | + RestoreSignals(&oldSigs); | |
129 | // In the child and have longjmp'ed: | |
130 | - return 0; | |
131 | + return ret; | |
132 | } | |
133 | ||
134 | static bool WriteStringToFile(const char* aPath, const char* aStr, | |
135 | const size_t aLen) { | |
136 | int fd = open(aPath, O_WRONLY); | |
137 | if (fd < 0) { | |
138 | return false; | |
139 | } | |
140 |