Bug 1866606 - Support TaggedAnonymousMemory on all Linux r=jld

Change ANDROID ifdefs to XP_LINUX and allow PR_SET_VMA in the sandbox. Differential Revision: https://phabricator.services.mozilla.com/D195064
dothq · Dec 23, 2023 · 54b88de · 54b88de
1 parent 7e131cc
commit 54b88de
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 17 deletions.
diff --git a/mfbt/TaggedAnonymousMemory.cpp b/mfbt/TaggedAnonymousMemory.cpp
@@ -4,7 +4,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#ifdef ANDROID
+#ifdef XP_LINUX
 
 #  include "mozilla/TaggedAnonymousMemory.h"
 
@@ -90,4 +90,4 @@ void* MozTaggedAnonymousMmap(void* aAddr, size_t aLength, int aProt, int aFlags,
   return mapped;
 }
 
-#endif  // ANDROID
+#endif  // XP_LINUX
diff --git a/mfbt/TaggedAnonymousMemory.h b/mfbt/TaggedAnonymousMemory.h
@@ -4,15 +4,14 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-// Some Linux kernels -- specifically, newer versions of Android and
-// some B2G devices -- have a feature for assigning names to ranges of
-// anonymous memory (i.e., memory that doesn't have a "name" in the
-// form of an underlying mapped file).  These names are reported in
-// /proc/<pid>/smaps alongside system-level memory usage information
-// such as Proportional Set Size (memory usage adjusted for sharing
-// between processes), which allows reporting this information at a
-// finer granularity than would otherwise be possible (e.g.,
-// separating malloc() heap from JS heap).
+// Linux kernels since 5.17 have a feature for assigning names to
+// ranges of anonymous memory (i.e., memory that doesn't have a "name"
+// in the form of an underlying mapped file).  These names are
+// reported in /proc/<pid>/smaps alongside system-level memory usage
+// information such as Proportional Set Size (memory usage adjusted
+// for sharing between processes), which allows reporting this
+// information at a finer granularity than would otherwise be possible
+// (e.g., separating malloc() heap from JS heap).
 //
 // Existing memory can be tagged with MozTagAnonymousMemory(); it will
 // tag the range of complete pages containing the given interval, so
@@ -43,7 +42,7 @@
 
 #  include "mozilla/Types.h"
 
-#  ifdef ANDROID
+#  ifdef XP_LINUX
 
 #    ifdef __cplusplus
 extern "C" {
@@ -62,7 +61,7 @@ MFBT_API int MozTaggedMemoryIsSupported(void);
 }  // extern "C"
 #    endif
 
-#  else  // ANDROID
+#  else  // XP_LINUX
 
 static inline void MozTagAnonymousMemory(const void* aPtr, size_t aLength,
                                          const char* aTag) {}
@@ -80,7 +79,7 @@ static inline void* MozTaggedAnonymousMmap(void* aAddr, size_t aLength,
 
 static inline int MozTaggedMemoryIsSupported(void) { return 0; }
 
-#  endif  // ANDROID
+#  endif  // XP_LINUX
 
 #endif  // !XP_WIN
 

diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
@@ -67,6 +67,14 @@ using namespace sandbox::bpf_dsl;
 #  define PR_SET_PTRACER 0x59616d61
 #endif
 
+// Linux 5.17+
+#ifndef PR_SET_VMA
+#  define PR_SET_VMA 0x53564d41
+#endif
+#ifndef PR_SET_VMA_ANON_NAME
+#  define PR_SET_VMA_ANON_NAME 0
+#endif
+
 // The headers define O_LARGEFILE as 0 on x86_64, but we need the
 // actual value because it shows up in file flags.
 #define O_LARGEFILE_REAL 00100000
@@ -712,11 +720,11 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
   }
 
   virtual ResultExpr PrctlPolicy() const {
-    // Note: this will probably need PR_SET_VMA if/when it's used on
-    // Android without being overridden by an allow-all policy, and
-    // the constant will need to be defined locally.
     Arg<int> op(0);
+    Arg<int> arg2(1);
     return Switch(op)
+        .CASES((PR_SET_VMA),  // Tagging of anonymous memory mappings
+               If(arg2 == PR_SET_VMA_ANON_NAME, Allow()).Else(InvalidSyscall()))
         .CASES((PR_GET_SECCOMP,   // BroadcastSetThreadSandbox, etc.
                 PR_SET_NAME,      // Thread creation
                 PR_SET_DUMPABLE,  // Crash reporting
@@ -2002,7 +2010,10 @@ class SocketProcessSandboxPolicy final : public SandboxPolicyCommon {
 
   ResultExpr PrctlPolicy() const override {
     Arg<int> op(0);
+    Arg<int> arg2(1);
     return Switch(op)
+        .CASES((PR_SET_VMA),  // Tagging of anonymous memory mappings
+               If(arg2 == PR_SET_VMA_ANON_NAME, Allow()).Else(InvalidSyscall()))
         .CASES((PR_SET_NAME,      // Thread creation
                 PR_SET_DUMPABLE,  // Crash reporting
                 PR_SET_PTRACER),  // Debug-mode crash handling
@@ -2093,7 +2104,10 @@ class UtilitySandboxPolicy : public SandboxPolicyCommon {
 
   ResultExpr PrctlPolicy() const override {
     Arg<int> op(0);
+    Arg<int> arg2(1);
     return Switch(op)
+        .CASES((PR_SET_VMA),  // Tagging of anonymous memory mappings
+               If(arg2 == PR_SET_VMA_ANON_NAME, Allow()).Else(InvalidSyscall()))
         .CASES((PR_SET_NAME,        // Thread creation
                 PR_SET_DUMPABLE,    // Crash reporting
                 PR_SET_PTRACER,     // Debug-mode crash handling