mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-12-08 23:03:46 +00:00
70 lines
2.7 KiB
Diff
70 lines
2.7 KiB
Diff
|
From a6a7d9a4ad84da293071fbbbc7eedd2ce51abdf4 Mon Sep 17 00:00:00 2001
|
||
|
From: "riku.voipio" <riku.voipio@linaro.org>
|
||
|
Date: Wed, 27 Jan 2016 09:13:57 -0800
|
||
|
Subject: [PATCH 2/3] sandbox arm64: align stack 16 bytes
|
||
|
|
||
|
chrome fails to start with user namespace sandboxing:
|
||
|
|
||
|
[866:866:0120/134742:FATAL:zygote_host_impl_linux.cc(182)] Check failed: process.IsValid().
|
||
|
Failed to launch zygote process
|
||
|
|
||
|
With strace..
|
||
|
|
||
|
clone(child_stack=0x7ffd28fd98, flags=CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
|
||
|
|
||
|
Which compared to kernel sources[1], shows that stack needs to be 16
|
||
|
bytes aligned. because stack grows downward, this patch assumes
|
||
|
PTHREAD_STACK_MIN is dividable by 16 too.
|
||
|
|
||
|
[1] http://lxr.free-electrons.com/source/arch/arm64/kernel/process.c#L267
|
||
|
|
||
|
BUG=581018
|
||
|
R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org,thakis@chromium.org
|
||
|
TEST=base_unittests ProcessUtilTest.* and sandbox_linux_unittests NamespaceSandboxTest.*
|
||
|
|
||
|
Review URL: https://codereview.chromium.org/1617763002
|
||
|
|
||
|
Cr-Commit-Position: refs/heads/master@{#371809}
|
||
|
---
|
||
|
base/process/launch_posix.cc | 2 +-
|
||
|
sandbox/linux/services/credentials.cc | 3 ++-
|
||
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc
|
||
|
index 4bd3da3..4019de5 100644
|
||
|
--- a/base/process/launch_posix.cc
|
||
|
+++ b/base/process/launch_posix.cc
|
||
|
@@ -736,7 +736,7 @@ NOINLINE pid_t CloneAndLongjmpInChild(unsigned long flags,
|
||
|
// internal pid cache. The libc interface unfortunately requires
|
||
|
// specifying a new stack, so we use setjmp/longjmp to emulate
|
||
|
// fork-like behavior.
|
||
|
- char stack_buf[PTHREAD_STACK_MIN];
|
||
|
+ char stack_buf[PTHREAD_STACK_MIN] ALIGNAS(16);
|
||
|
#if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
|
||
|
defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY)
|
||
|
// The stack grows downward.
|
||
|
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
|
||
|
index fb6b6b4..76038af 100644
|
||
|
--- a/sandbox/linux/services/credentials.cc
|
||
|
+++ b/sandbox/linux/services/credentials.cc
|
||
|
@@ -16,6 +16,7 @@
|
||
|
#include <unistd.h>
|
||
|
|
||
|
#include "base/bind.h"
|
||
|
+#include "base/compiler_specific.h"
|
||
|
#include "base/files/file_path.h"
|
||
|
#include "base/files/file_util.h"
|
||
|
#include "base/logging.h"
|
||
|
@@ -94,7 +95,7 @@ bool ChrootToSafeEmptyDir() {
|
||
|
// /proc/tid directory for the thread (since /proc may not be aware of the
|
||
|
// PID namespace). With a process, we can just use /proc/self.
|
||
|
pid_t pid = -1;
|
||
|
- char stack_buf[PTHREAD_STACK_MIN];
|
||
|
+ char stack_buf[PTHREAD_STACK_MIN] ALIGNAS(16);
|
||
|
#if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
|
||
|
defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY)
|
||
|
// The stack grows downward.
|
||
|
--
|
||
|
2.7.2
|
||
|
|