Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector.
authorJulian Seward <jseward@acm.org>
Fri, 29 Jul 2016 17:42:55 +0200
changeset 332409 3fcedf633473cbfd56e0a192a700b02b89955aac
parent 332408 5b6fd86e965ec386e93ac060375dd8639bd99944
child 332410 1506fafba57d04da968331cf7dc2dc10dab9bdcd
push id9858
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 14:37:10 +0000
treeherdermozilla-aurora@203106ef6cb6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjulian
bugs1288726
milestone50.0a1
Bug 1288726 - Seccomp sandbox doesn't play well with Valgrind. r=julian.r.hector.
security/sandbox/linux/common/SandboxInfo.cpp
--- a/security/sandbox/linux/common/SandboxInfo.cpp
+++ b/security/sandbox/linux/common/SandboxInfo.cpp
@@ -26,16 +26,20 @@
 #ifdef MOZ_CRASHREPORTER
 #include "nsExceptionHandler.h"
 #include "nsICrashReporter.h"
 #define NS_CRASHREPORTER_CONTRACTID "@mozilla.org/toolkit/crash-reporter;1"
 #include "nsIPrefService.h"
 #include "nsIMemoryInfoDumper.h"
 #endif
 
+#ifdef MOZ_VALGRIND
+#include <valgrind/valgrind.h>
+#endif
+
 
 // A note about assertions: in general, the worst thing this module
 // should be able to do is disable sandboxing features, so release
 // asserts or MOZ_CRASH should be avoided, even for seeming
 // impossibilities like an unimplemented syscall returning success
 // (which has happened: https://crbug.com/439795 ).
 //
 // MOZ_DIAGNOSTIC_ASSERT (debug builds, plus Nightly/Aurora non-debug)
@@ -74,16 +78,26 @@ IsSingleThreaded()
 
 static bool
 HasSeccompBPF()
 {
   // Allow simulating the absence of seccomp-bpf support, for testing.
   if (getenv("MOZ_FAKE_NO_SANDBOX")) {
     return false;
   }
+
+  // Valgrind and the sandbox don't interact well, probably because Valgrind
+  // does various system calls which aren't allowed, even if Firefox itself
+  // is playing by the rules.
+# if defined(MOZ_VALGRIND)
+  if (RUNNING_ON_VALGRIND) {
+    return false;
+  }
+# endif
+
   // Determine whether seccomp-bpf is supported by trying to
   // enable it with an invalid pointer for the filter.  This will
   // fail with EFAULT if supported and EINVAL if not, without
   // changing the process's state.
 
   int rv = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, nullptr);
   MOZ_DIAGNOSTIC_ASSERT(rv == -1, "prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER,"
                         " nullptr) didn't fail");