1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
index 348ab6e8c..2eac6ef82 100644
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -139,21 +139,11 @@ namespace sandbox {
// present (as in newer versions of posix_spawn).
ResultExpr RestrictCloneToThreadsAndEPERMFork() {
const Arg<unsigned long> flags(0);
-
- // TODO(mdempsky): Extend DSL to support (flags & ~mask1) == mask2.
- const uint64_t kAndroidCloneMask = CLONE_VM | CLONE_FS | CLONE_FILES |
- CLONE_SIGHAND | CLONE_THREAD |
- CLONE_SYSVSEM;
- const uint64_t kObsoleteAndroidCloneMask = kAndroidCloneMask | CLONE_DETACHED;
-
- const uint64_t kGlibcPthreadFlags =
- CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD |
- CLONE_SYSVSEM | CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID;
- const BoolExpr glibc_test = flags == kGlibcPthreadFlags;
-
- const BoolExpr android_test =
- AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
- flags == kGlibcPthreadFlags);
+ const int required = CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
+ CLONE_THREAD | CLONE_SYSVSEM;
+ const int safe = CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_CHILD_CLEARTID |
+ CLONE_DETACHED;
+ const BoolExpr thread_clone_ok = (flags&~safe)==required;
// The following two flags are the two important flags in any vfork-emulating
// clone call. EPERM any clone call that contains both of them.
@@ -163,7 +153,7 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
(flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
- return If(IsAndroid() ? android_test : glibc_test, Allow())
+ return If(thread_clone_ok, Allow())
.ElseIf(is_fork_or_clone_vfork, Error(EPERM))
.Else(CrashSIGSYSClone());
}
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
index 6e2bd4fee..9f9e4ad8a 100644
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -392,6 +392,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
#if defined(__i386__)
case __NR_waitpid:
#endif
+ case __NR_set_tid_address:
return true;
case __NR_clone: // Should be parameter-restricted.
case __NR_setns: // Privileged.
@@ -404,7 +405,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
case __NR_set_thread_area:
#endif
- case __NR_set_tid_address:
case __NR_unshare:
#if !defined(__mips__) && !defined(__aarch64__)
case __NR_vfork:
@@ -514,6 +514,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
case __NR_mlock:
case __NR_munlock:
case __NR_munmap:
+ case __NR_mremap:
+ case __NR_membarrier:
return true;
case __NR_madvise:
case __NR_mincore:
@@ -531,7 +533,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
case __NR_modify_ldt:
#endif
case __NR_mprotect:
- case __NR_mremap:
case __NR_msync:
case __NR_munlockall:
case __NR_readahead:
diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
index 59d0eab8e..7ae700213 100644
--- a/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
+++ b/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
@@ -1063,4 +1063,8 @@
#define __NR_memfd_create 279
#endif
+#if !defined(__NR_membarrier)
+#define __NR_membarrier 283
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_
diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
index 1addd5384..d8811ce87 100644
--- a/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+++ b/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
@@ -1385,6 +1385,11 @@
#define __NR_memfd_create (__NR_SYSCALL_BASE+385)
#endif
+#if !defined(__NR_membarrier)
+#define __NR_membarrier (__NR_SYSCALL_BASE+389)
+#endif
+
+
// ARM private syscalls.
#if !defined(__ARM_NR_BASE)
#define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
index ec75815a8..612fcfaa9 100644
--- a/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
+++ b/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
@@ -1271,4 +1271,8 @@
#define __NR_memfd_create (__NR_Linux + 314)
#endif
+#if !defined(__NR_membarrier)
+#define __NR_membarrier (__NR_Linux + 318)
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_
diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
index ddbf97f3d..1742acd4c 100644
--- a/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+++ b/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
@@ -1433,4 +1433,8 @@
#define __NR_memfd_create (__NR_Linux + 354)
#endif
+#if !defined(__NR_membarrier)
+#define __NR_membarrier (__NR_Linux + 358)
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
index a6afc62d9..6ab7740de 100644
--- a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
+++ b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
@@ -1422,5 +1422,10 @@
#define __NR_memfd_create 356
#endif
+#if !defined(__NR_membarrier)
+#define __NR_membarrier 375
+#endif
+
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_
diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
index 349504aee..6a6d4756f 100644
--- a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
+++ b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
@@ -1290,5 +1290,10 @@
#define __NR_memfd_create 319
#endif
+#if !defined(__NR_membarrier)
+#define __NR_membarrier 324
+#endif
+
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_
|
