# HG changeset patch
# User Gian-Carlo Pascutto <gcp@mozilla.com>
# Date 1628058287 0
# Node ID 7f9b9624c400dc847dc0053ebe35fbe63353a3d2
# Parent  958aef401f3c27231c426fc6e00024b0741470a6
Bug 1721326 - Allow dynamic PTHREAD_STACK_MIN. r=glandium, a=RyanVM

https://phabricator.services.mozilla.com/D120708

Differential Revision: https://phabricator.services.mozilla.com/D120972

diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp
--- a/js/xpconnect/src/XPCJSContext.cpp
+++ b/js/xpconnect/src/XPCJSContext.cpp
@@ -81,23 +81,20 @@
 #  include <algorithm>
 #  include <windows.h>
 #endif
 
 using namespace mozilla;
 using namespace xpc;
 using namespace JS;
 
-// The watchdog thread loop is pretty trivial, and should not require much stack
-// space to do its job. So only give it 32KiB or the platform minimum.
+// We will clamp to reasonable values if this isn't set.
 #if !defined(PTHREAD_STACK_MIN)
 #  define PTHREAD_STACK_MIN 0
 #endif
-static constexpr size_t kWatchdogStackSize =
-    PTHREAD_STACK_MIN < 32 * 1024 ? 32 * 1024 : PTHREAD_STACK_MIN;
 
 static void WatchdogMain(void* arg);
 class Watchdog;
 class WatchdogManager;
 class MOZ_RAII AutoLockWatchdog final {
   Watchdog* const mWatchdog;
 
  public:
@@ -154,22 +151,29 @@ class Watchdog {
       // extra pages if we can avoid it.
       nsCOMPtr<nsIDebug2> dbg = do_GetService("@mozilla.org/xpcom/debug;1");
       Unused << dbg;
     }
 
     {
       AutoLockWatchdog lock(this);
 
+      // The watchdog thread loop is pretty trivial, and should not
+      // require much stack space to do its job. So only give it 32KiB
+      // or the platform minimum. On modern Linux libc this might resolve to
+      // a runtime call.
+      size_t watchdogStackSize = PTHREAD_STACK_MIN;
+      watchdogStackSize = std::max<size_t>(32 * 1024, watchdogStackSize);
+
       // Gecko uses thread private for accounting and has to clean up at thread
       // exit. Therefore, even though we don't have a return value from the
       // watchdog, we need to join it on shutdown.
       mThread = PR_CreateThread(PR_USER_THREAD, WatchdogMain, this,
                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
-                                PR_JOINABLE_THREAD, kWatchdogStackSize);
+                                PR_JOINABLE_THREAD, watchdogStackSize);
       if (!mThread) {
         MOZ_CRASH("PR_CreateThread failed!");
       }
 
       // WatchdogMain acquires the lock and then asserts mInitialized. So
       // make sure to set mInitialized before releasing the lock here so
       // that it's atomic with the creation of the thread.
       mInitialized = true;


# HG changeset patch
# User stransky <stransky@redhat.com>
# Date 1628058287 0
# Node ID 600365d8b24068e8105773830270cf86478aa487
# Parent  7f9b9624c400dc847dc0053ebe35fbe63353a3d2
Bug 1721326 - Use small stack for DoClone(). r=jld, a=RyanVM

Patch author is Florian Weimer <fweimer 'at' redhat.com>

Differential Revision: https://phabricator.services.mozilla.com/D120709

diff --git a/security/sandbox/linux/launch/SandboxLaunch.cpp b/security/sandbox/linux/launch/SandboxLaunch.cpp
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -504,18 +504,17 @@ static int CloneCallee(void* aPtr) {
 // stack, not switch stacks.
 //
 // Valgrind would disapprove of using clone() without CLONE_VM;
 // Chromium uses the raw syscall as a workaround in that case, but
 // we don't currently support sandboxing under valgrind.
 MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST static pid_t DoClone(int aFlags,
                                                          jmp_buf* aCtx) {
   static constexpr size_t kStackAlignment = 16;
-  uint8_t miniStack[PTHREAD_STACK_MIN]
-      __attribute__((aligned(kStackAlignment)));
+  uint8_t miniStack[4096] __attribute__((aligned(kStackAlignment)));
 #ifdef __hppa__
   void* stackPtr = miniStack;
 #else
   void* stackPtr = ArrayEnd(miniStack);
 #endif
   return clone(CloneCallee, stackPtr, aFlags, aCtx);
 }
 
@@ -526,23 +525,29 @@ MOZ_NEVER_INLINE MOZ_ASAN_BLACKLIST stat
 static pid_t ForkWithFlags(int aFlags) {
   // Don't allow flags that would share the address space, or
   // require clone() arguments we're not passing:
   static const int kBadFlags = CLONE_VM | CLONE_VFORK | CLONE_SETTLS |
                                CLONE_PARENT_SETTID | CLONE_CHILD_SETTID |
                                CLONE_CHILD_CLEARTID;
   MOZ_RELEASE_ASSERT((aFlags & kBadFlags) == 0);
 
+  // Block signals due to small stack in DoClone.
+  sigset_t oldSigs;
+  BlockAllSignals(&oldSigs);
+
+  int ret = 0;
   jmp_buf ctx;
   if (setjmp(ctx) == 0) {
     // In the parent and just called setjmp:
-    return DoClone(aFlags | SIGCHLD, &ctx);
+    ret = DoClone(aFlags | SIGCHLD, &ctx);
   }
+  RestoreSignals(&oldSigs);
   // In the child and have longjmp'ed:
-  return 0;
+  return ret;
 }
 
 static bool WriteStringToFile(const char* aPath, const char* aStr,
                               const size_t aLen) {
   int fd = open(aPath, O_WRONLY);
   if (fd < 0) {
     return false;
   }