Bug 1474759 - added strings to the empty MOZ_Crash() in Linux sandboxing module. r=handyman
authorbrendaadel <brendaadel96@gmail.com>
Fri, 22 Mar 2019 07:43:29 +0000
changeset 465699 2ab551124db77beaa7e227d1f3bb13d52fa97703
parent 465698 0c6d76db034a4564874935245a575426bf6fe54e
child 465700 b95fc834fb68d2ddb3441005d3f762b1d902054e
push id35746
push usershindli@mozilla.com
push dateSat, 23 Mar 2019 09:46:24 +0000
treeherdermozilla-central@02b7484f316b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershandyman
bugs1474759
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1474759 - added strings to the empty MOZ_Crash() in Linux sandboxing module. r=handyman Added reason strings to all MOZ_CRASH in linux/sandbox Differential Revision: https://phabricator.services.mozilla.com/D24143
security/sandbox/linux/Sandbox.cpp
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -307,17 +307,17 @@ static void BroadcastSetThreadSandbox(co
 
   static_assert(sizeof(mozilla::Atomic<int>) == sizeof(int),
                 "mozilla::Atomic<int> isn't represented by an int");
   pid = getpid();
   myTid = syscall(__NR_gettid);
   taskdp = opendir("/proc/self/task");
   if (taskdp == nullptr) {
     SANDBOX_LOG_ERROR("opendir /proc/self/task: %s\n", strerror(errno));
-    MOZ_CRASH();
+    MOZ_CRASH("failed while trying to open directory /proc/self/task");
   }
 
   // In case this races with a not-yet-deprivileged thread cloning
   // itself, repeat iterating over all threads until we find none
   // that are still privileged.
   bool sandboxProgress;
   const int tsyncSignum = gSeccompTsyncBroadcastSignum;
   do {
@@ -343,17 +343,17 @@ static void BroadcastSetThreadSandbox(co
       if (syscall(__NR_tgkill, pid, tid, tsyncSignum) != 0) {
         if (errno == ESRCH) {
           SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
           // Rescan threads, in case it forked before exiting.
           sandboxProgress = true;
           continue;
         }
         SANDBOX_LOG_ERROR("tgkill(%d,%d): %s\n", pid, tid, strerror(errno));
-        MOZ_CRASH();
+        MOZ_CRASH("failed while trying to send a signal to a thread");
       }
       // It's unlikely, but if the thread somehow manages to exit
       // after receiving the signal but before entering the signal
       // handler, we need to avoid blocking forever.
       //
       // Using futex directly lets the signal handler send the wakeup
       // from an async signal handler (pthread mutex/condvar calls
       // aren't allowed), and to use a relative timeout that isn't
@@ -371,17 +371,17 @@ static void BroadcastSetThreadSandbox(co
       while (true) {
         static const struct timespec futexTimeout = {0,
                                                      10 * 1000 * 1000};  // 10ms
         // Atomically: if gSetSandboxDone == 0, then sleep.
         if (syscall(__NR_futex, reinterpret_cast<int*>(&gSetSandboxDone),
                     FUTEX_WAIT, 0, &futexTimeout) != 0) {
           if (errno != EWOULDBLOCK && errno != ETIMEDOUT && errno != EINTR) {
             SANDBOX_LOG_ERROR("FUTEX_WAIT: %s\n", strerror(errno));
-            MOZ_CRASH();
+            MOZ_CRASH("failed during FUTEX_WAIT");
           }
         }
         // Did the handler finish?
         if (gSetSandboxDone > 0) {
           if (gSetSandboxDone == 2) {
             sandboxProgress = true;
           }
           break;
@@ -401,45 +401,46 @@ static void BroadcastSetThreadSandbox(co
         clock_gettime(CLOCK_MONOTONIC, &now);
         if (now.tv_sec > timeLimit.tv_sec ||
             (now.tv_sec == timeLimit.tv_sec &&
              now.tv_nsec > timeLimit.tv_nsec)) {
           SANDBOX_LOG_ERROR(
               "Thread %d unresponsive for %d seconds."
               "  Killing process.",
               tid, crashDelay);
-          MOZ_CRASH();
+
+          MOZ_CRASH("failed while waiting for unresponsive thread");
         }
       }
     }
     rewinddir(taskdp);
   } while (sandboxProgress);
 
   void (*oldHandler)(int);
   oldHandler = signal(tsyncSignum, SIG_DFL);
   if (oldHandler != SetThreadSandboxHandler) {
     // See the comment on FindFreeSignalNumber about race conditions.
     SANDBOX_LOG_ERROR("handler for signal %d was changed to %p!", tsyncSignum,
                       oldHandler);
-    MOZ_CRASH();
+    MOZ_CRASH("handler for the signal was changed to another");
   }
   gSeccompTsyncBroadcastSignum = 0;
   Unused << closedir(taskdp);
   // And now, deprivilege the main thread:
   SetThreadSandbox();
   gSetSandboxFilter = nullptr;
 }
 
 static void ApplySandboxWithTSync(sock_fprog* aFilter) {
   // At this point we're committed to using tsync, because we'd have
   // needed to allocate a signal and prevent it from being blocked on
   // other threads (see SandboxHooks.cpp), so there's no attempt to
   // fall back to the non-tsync path.
   if (!InstallSyscallFilter(aFilter, true)) {
-    MOZ_CRASH();
+    MOZ_CRASH("failed while trying to install syscall filter");
   }
 }
 
 #ifdef NIGHTLY_BUILD
 static bool IsLibPresent(const char* aName) {
   if (const auto handle = dlopen(aName, RTLD_LAZY | RTLD_NOLOAD)) {
     dlclose(handle);
     return true;
@@ -471,30 +472,34 @@ void SandboxEarlyInit() {
   // used to enable seccomp on each thread.
   if (!SandboxInfo::Get().Test(SandboxInfo::kHasSeccompTSync)) {
     // The signal number has to be chosen early, so that the
     // interceptions in SandboxHooks.cpp can prevent it from being
     // masked.
     const int tsyncSignum = FindFreeSignalNumber();
     if (tsyncSignum == 0) {
       SANDBOX_LOG_ERROR("No available signal numbers!");
-      MOZ_CRASH();
+      MOZ_CRASH("failed while trying to find a free signal number");
     }
     gSeccompTsyncBroadcastSignum = tsyncSignum;
 
     // ...and the signal handler also needs to be installed now, to
     // indicate to anything else looking for free signals that it's
     // claimed.
     void (*oldHandler)(int);
     oldHandler = signal(tsyncSignum, SetThreadSandboxHandler);
     if (oldHandler != SIG_DFL) {
       // See the comment on FindFreeSignalNumber about race conditions.
+      if (oldHandler == SIG_ERR) {
+        MOZ_CRASH("failed while registering the signal handler");
+      } else {
+        MOZ_CRASH("failed because the signal is in use by another handler");
+      }
       SANDBOX_LOG_ERROR("signal %d in use by handler %p!\n", tsyncSignum,
                         oldHandler);
-      MOZ_CRASH();
     }
   }
 }
 
 static void SandboxLateInit() {
 #ifdef NIGHTLY_BUILD
   gSandboxCrashOnError = true;
   for (const char* name : kLibsThatWillCrash) {
@@ -624,17 +629,17 @@ void SetMediaPluginSandbox(const char* a
 
   gSandboxReporterClient =
       new SandboxReporterClient(SandboxReport::ProcType::MEDIA_PLUGIN);
 
   SandboxOpenedFile plugin(aFilePath);
   if (!plugin.IsOpen()) {
     SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
                       strerror(errno));
-    MOZ_CRASH();
+    MOZ_CRASH("failed while trying to open the plugin file ");
   }
 
   auto files = new SandboxOpenedFiles();
   files->Add(std::move(plugin));
   files->Add("/dev/urandom", true);
   files->Add("/sys/devices/system/cpu/cpu0/tsc_freq_khz");
   files->Add("/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
   files->Add("/proc/cpuinfo");  // Info also available via CPUID instruction.