Mercurial > mozreview > gecko / changeset / 412f6b84519a3985fb3a42a78b2b64383e7f9077
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1302891 - Part 3 - Whitelist mremap in Sandbox; r?glandium draft
authorEnes Goktas <egoktas@mozilla.com>
Sun, 18 Sep 2016 18:02:17 -0700
changeset 418763 412f6b84519a3985fb3a42a78b2b64383e7f9077
parent 418762 41aa83dc93040eb3ee1ba237901dc1b851f28674
child 418764 766e6fbdad9d4a0c75820bf848befcf77f4025a7
push id30776
push userbmo:enes.goktas@gmail.com
push dateThu, 29 Sep 2016 05:44:28 +0000
reviewersglandium
bugs1302891
milestone52.0a1
Bug 1302891 - Part 3 - Whitelist mremap in Sandbox; r?glandium MozReview-Commit-ID: KkjlEtr0SVv
security/sandbox/linux/SandboxFilter.cpp file | annotate | diff | comparison | revisions 
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -174,16 +174,21 @@ public:
     case __NR_nanosleep:
       return Allow();
 
       // Thread synchronization
     case __NR_futex:
       // FIXME: This could be more restrictive....
       return Allow();
 
+    // CFI in LLVM/Clang uses mremap to reinitialize its memory region
+    // when a library is dlopen'ed.
+    case __NR_mremap:
+      return Allow();
+
       // Asynchronous I/O
     case __NR_epoll_wait:
     case __NR_epoll_pwait:
     case __NR_epoll_ctl:
     case __NR_ppoll:
     case __NR_poll:
       return Allow();
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.