Bug 1624743 -- Allow intra-process kcmp with KCMP_FILE in Linux content sandbox for amdgpu. r=gcp
authorJed Davis <jld@mozilla.com>
Mon, 30 Mar 2020 16:13:59 +0000
changeset 521123 d8f40a8e912d15b355d3da9075f5917baa5c2d6b
parent 521122 28b465d8b9c542b0b221b859868609459944942f
child 521124 4627b29188165a96ef1a0b245b27d956dc6d1163
push id37267
push userccoroiu@mozilla.com
push dateTue, 31 Mar 2020 04:31:43 +0000
treeherdermozilla-central@cb87343d4976 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1624743
milestone76.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1624743 -- Allow intra-process kcmp with KCMP_FILE in Linux content sandbox for amdgpu. r=gcp Differential Revision: https://phabricator.services.mozilla.com/D68669
security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -1287,16 +1287,33 @@ class ContentSandboxPolicy : public Sand
 #  endif
 
       case __NR_fallocate:
         return Allow();
 
       case __NR_get_mempolicy:
         return Allow();
 
+        // Mesa's amdgpu driver uses kcmp with KCMP_FILE; see also bug
+        // 1624743.  The pid restriction should be sufficient on its
+        // own if we need to remove the type restriction in the future.
+      case __NR_kcmp: {
+        // The real KCMP_FILE is part of an anonymous enum in
+        // <linux/kcmp.h>, but we can't depend on having that header,
+        // and it's not a #define so the usual #ifndef approach
+        // doesn't work.
+        static const int kKcmpFile = 0;
+        const pid_t myPid = getpid();
+        Arg<pid_t> pid1(0), pid2(1);
+        Arg<int> type(2);
+        return If(AllOf(pid1 == myPid, pid2 == myPid, type == kKcmpFile),
+                  Allow())
+            .Else(InvalidSyscall());
+      }
+
 #endif  // DESKTOP
 
         // nsSystemInfo uses uname (and we cache an instance, so
         // the info remains present even if we block the syscall)
       case __NR_uname:
 #ifdef DESKTOP
       case __NR_sysinfo:
 #endif