Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector.
authorJulian Seward <jseward@acm.org>
Fri, 29 Jul 2016 17:42:55 +0200
changeset 307306 3fcedf633473cbfd56e0a192a700b02b89955aac
parent 307305 5b6fd86e965ec386e93ac060375dd8639bd99944
child 307307 1506fafba57d04da968331cf7dc2dc10dab9bdcd
push id80065
push userjseward@mozilla.com
push dateFri, 29 Jul 2016 16:05:40 +0000
treeherdermozilla-inbound@3fcedf633473 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjulian
bugs1288726
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector.
security/sandbox/linux/common/SandboxInfo.cpp
--- a/security/sandbox/linux/common/SandboxInfo.cpp
+++ b/security/sandbox/linux/common/SandboxInfo.cpp
@@ -26,16 +26,20 @@
 #ifdef MOZ_CRASHREPORTER
 #include "nsExceptionHandler.h"
 #include "nsICrashReporter.h"
 #define NS_CRASHREPORTER_CONTRACTID "@mozilla.org/toolkit/crash-reporter;1"
 #include "nsIPrefService.h"
 #include "nsIMemoryInfoDumper.h"
 #endif
 
+#ifdef MOZ_VALGRIND
+#include <valgrind/valgrind.h>
+#endif
+
 
 // A note about assertions: in general, the worst thing this module
 // should be able to do is disable sandboxing features, so release
 // asserts or MOZ_CRASH should be avoided, even for seeming
 // impossibilities like an unimplemented syscall returning success
 // (which has happened: https://crbug.com/439795 ).
 //
 // MOZ_DIAGNOSTIC_ASSERT (debug builds, plus Nightly/Aurora non-debug)
@@ -74,16 +78,26 @@ IsSingleThreaded()
 
 static bool
 HasSeccompBPF()
 {
   // Allow simulating the absence of seccomp-bpf support, for testing.
   if (getenv("MOZ_FAKE_NO_SANDBOX")) {
     return false;
   }
+
+  // Valgrind and the sandbox don't interact well, probably because Valgrind
+  // does various system calls which aren't allowed, even if Firefox itself
+  // is playing by the rules.
+# if defined(MOZ_VALGRIND)
+  if (RUNNING_ON_VALGRIND) {
+    return false;
+  }
+# endif
+
   // Determine whether seccomp-bpf is supported by trying to
   // enable it with an invalid pointer for the filter.  This will
   // fail with EFAULT if supported and EINVAL if not, without
   // changing the process's state.
 
   int rv = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr);
   MOZ_DIAGNOSTIC_ASSERT(rv == -1, "prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER,"
                         " nullptr) didn't fail");