Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE
authorCsoregi Natalia <ncsoregi@mozilla.com>
Tue, 19 Dec 2017 02:49:50 +0200
changeset 448545 095928b49caa8918ac6354044100ed3be6c0b9f6
parent 448544 440c32f8f0a9b5d663e8cc634262634e3f249f81
child 448546 ce813e8a46832f31a3c696880a8554e63b923fb8
push id8527
push userCallek@gmail.com
push dateThu, 11 Jan 2018 21:05:50 +0000
treeherdermozilla-beta@95342d212a7a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1393287
milestone59.0a1
backs out8a71f6e05783c13f38d5bcc9733e955b9fd7543b
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 8a71f6e05783 (bug 1393287) for Hazard Build Bustage. r=backout on a CLOSED TREE
security/sandbox/linux/Sandbox.cpp
security/sandbox/linux/SandboxHooks.cpp
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -73,17 +73,17 @@ typedef struct {
 } __sanitizer_sandbox_arguments;
 
 MOZ_IMPORT_API void
 __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
 } // extern "C"
 #endif // MOZ_ASAN
 
 // Signal number used to enable seccomp on each thread.
-mozilla::Atomic<int> gSeccompTsyncBroadcastSignum(0);
+int gSeccompTsyncBroadcastSignum = 0;
 
 namespace mozilla {
 
 static bool gSandboxCrashOnError = false;
 
 // This is initialized by SandboxSetCrashFunc().
 SandboxCrashFunc gSandboxCrashFunc;
 
@@ -331,38 +331,37 @@ BroadcastSetThreadSandbox(const sock_fpr
   }
 
   EnterChroot();
 
   // In case this races with a not-yet-deprivileged thread cloning
   // itself, repeat iterating over all threads until we find none
   // that are still privileged.
   bool sandboxProgress;
-  const int tsyncSignum = gSeccompTsyncBroadcastSignum;
   do {
     sandboxProgress = false;
     // For each thread...
     while ((de = readdir(taskdp))) {
       char *endptr;
       tid = strtol(de->d_name, &endptr, 10);
       if (*endptr != '\0' || tid <= 0) {
         // Not a task ID.
         continue;
       }
       if (tid == myTid) {
         // Drop this thread's privileges last, below, so we can
         // continue to signal other threads.
         continue;
       }
 
-      MOZ_RELEASE_ASSERT(tsyncSignum != 0);
+      MOZ_RELEASE_ASSERT(gSeccompTsyncBroadcastSignum != 0);
 
       // Reset the futex cell and signal.
       gSetSandboxDone = 0;
-      if (syscall(__NR_tgkill, pid, tid, tsyncSignum) != 0) {
+      if (syscall(__NR_tgkill, pid, tid, gSeccompTsyncBroadcastSignum) != 0) {
         if (errno == ESRCH) {
           SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
           // Rescan threads, in case it forked before exiting.
           sandboxProgress = true;
           continue;
         }
         SANDBOX_LOG_ERROR("tgkill(%d,%d): %s\n", pid, tid, strerror(errno));
         MOZ_CRASH();
@@ -424,24 +423,24 @@ BroadcastSetThreadSandbox(const sock_fpr
           MOZ_CRASH();
         }
       }
     }
     rewinddir(taskdp);
   } while (sandboxProgress);
 
   void (*oldHandler)(int);
-  oldHandler = signal(tsyncSignum, SIG_DFL);
+  oldHandler = signal(gSeccompTsyncBroadcastSignum, SIG_DFL);
+  gSeccompTsyncBroadcastSignum = 0;
   if (oldHandler != SetThreadSandboxHandler) {
     // See the comment on FindFreeSignalNumber about race conditions.
     SANDBOX_LOG_ERROR("handler for signal %d was changed to %p!",
-                      tsyncSignum, oldHandler);
+                      gSeccompTsyncBroadcastSignum, oldHandler);
     MOZ_CRASH();
   }
-  gSeccompTsyncBroadcastSignum = 0;
   Unused << closedir(taskdp);
   // And now, deprivilege the main thread:
   SetThreadSandbox();
   gSetSandboxFilter = nullptr;
 }
 
 static void
 ApplySandboxWithTSync(sock_fprog* aFilter)
@@ -581,29 +580,28 @@ SandboxEarlyInit(GeckoProcessType aType)
   default:
     // Other cases intentionally left blank.
     break;
   }
 
   // If TSYNC is not supported, set up signal handler
   // used to enable seccomp on each thread.
   if (!info.Test(SandboxInfo::kHasSeccompTSync)) {
-    const int tsyncSignum = FindFreeSignalNumber();
-    if (tsyncSignum == 0) {
+    gSeccompTsyncBroadcastSignum = FindFreeSignalNumber();
+    if (gSeccompTsyncBroadcastSignum == 0) {
       SANDBOX_LOG_ERROR("No available signal numbers!");
       MOZ_CRASH();
     }
-    gSeccompTsyncBroadcastSignum = tsyncSignum;
 
     void (*oldHandler)(int);
-    oldHandler = signal(tsyncSignum, SetThreadSandboxHandler);
+    oldHandler = signal(gSeccompTsyncBroadcastSignum, SetThreadSandboxHandler);
     if (oldHandler != SIG_DFL) {
       // See the comment on FindFreeSignalNumber about race conditions.
       SANDBOX_LOG_ERROR("signal %d in use by handler %p!\n",
-                        tsyncSignum, oldHandler);
+        gSeccompTsyncBroadcastSignum, oldHandler);
       MOZ_CRASH();
     }
   }
 
   // If there's nothing to do, then we're done.
   if (!canChroot && !canUnshareNet && !canUnshareIPC) {
     return;
   }
--- a/security/sandbox/linux/SandboxHooks.cpp
+++ b/security/sandbox/linux/SandboxHooks.cpp
@@ -1,77 +1,61 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "mozilla/Atomics.h"
 #include "mozilla/Types.h"
 
 #include <dlfcn.h>
 #include <signal.h>
 #include <errno.h>
-#include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/inotify.h>
 
 // Signal number used to enable seccomp on each thread.
-extern mozilla::Atomic<int> gSeccompTsyncBroadcastSignum;
-
-static bool
-SigSetNeedsFixup(const sigset_t* aSet)
-{
-  int tsyncSignum = gSeccompTsyncBroadcastSignum;
-
-  return aSet != nullptr &&
-         (sigismember(aSet, SIGSYS) ||
-          (tsyncSignum != 0 &&
-           sigismember(aSet, tsyncSignum)));
-}
-
-static void
-SigSetFixup(sigset_t* aSet)
-{
-  int tsyncSignum = gSeccompTsyncBroadcastSignum;
-  int rv = sigdelset(aSet, SIGSYS);
-  MOZ_RELEASE_ASSERT(rv == 0);
-  if (tsyncSignum != 0) {
-    rv = sigdelset(aSet, tsyncSignum);
-    MOZ_RELEASE_ASSERT(rv == 0);
-  }
-}
+extern int gSeccompTsyncBroadcastSignum;
 
 // This file defines a hook for sigprocmask() and pthread_sigmask().
 // Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf
 // sandbox. To avoid this, we intercept the call and remove SIGSYS.
 //
 // ENOSYS indicates an error within the hook function itself.
-static int
-HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*),
-             int aHow, const sigset_t* aSet,
-             sigset_t* aOldSet, bool aUseErrno)
+static int HandleSigset(int (*aRealFunc)(int, const sigset_t*, sigset_t*),
+                        int aHow, const sigset_t* aSet,
+                        sigset_t* aOldSet, bool aUseErrno)
 {
   if (!aRealFunc) {
     if (aUseErrno) {
       errno = ENOSYS;
       return -1;
     }
 
     return ENOSYS;
   }
 
   // Avoid unnecessary work
-  if (aHow == SIG_UNBLOCK || !SigSetNeedsFixup(aSet)) {
+  if (aSet == nullptr || aHow == SIG_UNBLOCK) {
     return aRealFunc(aHow, aSet, aOldSet);
   }
 
   sigset_t newSet = *aSet;
-  SigSetFixup(&newSet);
+  if (sigdelset(&newSet, SIGSYS) != 0 ||
+     (gSeccompTsyncBroadcastSignum &&
+      sigdelset(&newSet, gSeccompTsyncBroadcastSignum) != 0)) {
+    if (aUseErrno) {
+      errno = ENOSYS;
+      return -1;
+    }
+
+    return ENOSYS;
+  }
+
   return aRealFunc(aHow, &newSet, aOldSet);
 }
 
 extern "C" MOZ_EXPORT int
 sigprocmask(int how, const sigset_t* set, sigset_t* oldset)
 {
   static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*))
     dlsym(RTLD_NEXT, "sigprocmask");
@@ -84,37 +68,16 @@ pthread_sigmask(int how, const sigset_t*
 {
   static auto sRealFunc = (int (*)(int, const sigset_t*, sigset_t*))
     dlsym(RTLD_NEXT, "pthread_sigmask");
 
   return HandleSigset(sRealFunc, how, set, oldset, false);
 }
 
 extern "C" MOZ_EXPORT int
-sigaction(int signum, const struct sigaction* act, struct sigaction* oldact)
-{
-  static auto sRealFunc =
-    (int (*)(int, const struct sigaction*, struct sigaction*))
-    dlsym(RTLD_NEXT, "sigaction");
-
-  if (!sRealFunc) {
-    errno = ENOSYS;
-    return -1;
-  }
-
-  if (act == nullptr || !SigSetNeedsFixup(&act->sa_mask)) {
-    return sRealFunc(signum, act, oldact);
-  }
-
-  struct sigaction newact = *act;
-  SigSetFixup(&newact.sa_mask);
-  return sRealFunc(signum, &newact, oldact);
-}
-
-extern "C" MOZ_EXPORT int
 inotify_init(void)
 {
   return inotify_init1(0);
 }
 
 extern "C" MOZ_EXPORT int
 inotify_init1(int flags)
 {