Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(388)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 518071: linux: make the seccomp sandbox work again (Closed)

Created:
10 years, 11 months ago by Evan Martin
Modified:
9 years, 7 months ago
Reviewers:
Markus (顧孟勤)
CC:
chromium-reviews_googlegroups.com, agl
Visibility:
Public.

Description

linux: make the seccomp sandbox work again We were hitting a stack overflow on renderer startup, because of the following: When we patch out syscalls, we need a scratch space near (within a 32-bit jump) of the original code. We pick the scratch space as the end of the nearest empty region available before the code we're patching. For the vdso region, the stack lies directly before it and so the region we'd grab was directly before the stack. This meant that as soon as the stack attempted to grow it'd fail because it ran into our patch region, and we'd hit a stack overflow. The fix is to specially note when we're near the stack region, and instead put our scratch space as far away from the stack as possible. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=35759

Patch Set 1 #

Unified diffs Side-by-side diffs Delta from patch set Stats (+54 lines, -12 lines) Patch
M sandbox/linux/seccomp/maps.cc View 4 chunks +54 lines, -12 lines 0 comments Download

Messages

Total messages: 2 (0 generated)
Evan Martin
In particular, please check that I'm not misunderstanding anything!
10 years, 11 months ago (2010-01-08 00:33:39 UTC) #1
Markus (顧孟勤)
10 years, 11 months ago (2010-01-08 00:55:18 UTC) #2 
LGTM

Powered by Google App Engine
This is Rietveld 408576698