seccomp-bpf: Allow MADV_FREE in madvise(2)

seccomp-bpf: Allow MADV_FREE in madvise(2)

The seccomp filter was assuming MADV_DONTNEED and MADV_FREE were the
same thing, but they are not. In particular, a separate MADV_FREE macro
was introduced in Linux 4.5, and glibc started defining it in its
headers since 2.24 with this commit:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=981569c74cbb6bafa2ddcefa6dd9dbdc938ff1c8

Blink's PageAllocator.cpp sets MADV_FREE to MADV_DONTNEED if the former
is not defined as a macro. On systems with glibc >= 2.24, this no longer
happens and MADV_FREE will be rejected by the madvise seccomp filter,
leading to a crash in Blink's decommitSystemPages().

R=jln@chromium.org,jorgelo@chromium.org,mdempsky@chromium.org,rickyz@chromium.org

Committed: https://crrev.com/65180d3bfbec6fb3d0ed2ca7961094fb38452832
Cr-Commit-Position: refs/heads/master@{#430965}

[Raphael Kubo da Costa (rakuco), 2016-11-09 08:55:00]

PTAL. The coding style in the patch looks pretty ugly, but I thought it'd be
preferred over duplicating the entire call chain in an #if/#else block.

[mdempsky, 2016-11-09 17:03:15]

The CQ bit was checked by mdempsky@chromium.org

[mdempsky, 2016-11-09 17:03:15]

lgtm

[commit-bot: I haz the power, 2016-11-09 17:03:28]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-09 17:46:44]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2016-11-09 18:02:51]

Description was changed from

==========
seccomp-bpf: Allow MADV_FREE in madvise(2)

The seccomp filter was assuming MADV_DONTNEED and MADV_FREE were the
same thing, but they are not. In particular, a separate MADV_FREE macro
was introduced in Linux 4.5, and glibc started defining it in its
headers since 2.24 with this commit:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=981569c74cbb6bafa2ddce...

Blink's PageAllocator.cpp sets MADV_FREE to MADV_DONTNEED if the former
is not defined as a macro. On systems with glibc >= 2.24, this no longer
happens and MADV_FREE will be rejected by the madvise seccomp filter,
leading to a crash in Blink's decommitSystemPages().

R=jln@chromium.org,jorgelo@chromium.org,mdempsky@chromium.org,rickyz@chromium...
==========

to

==========
seccomp-bpf: Allow MADV_FREE in madvise(2)

The seccomp filter was assuming MADV_DONTNEED and MADV_FREE were the
same thing, but they are not. In particular, a separate MADV_FREE macro
was introduced in Linux 4.5, and glibc started defining it in its
headers since 2.24 with this commit:

https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=981569c74cbb6bafa2ddce...

Blink's PageAllocator.cpp sets MADV_FREE to MADV_DONTNEED if the former
is not defined as a macro. On systems with glibc >= 2.24, this no longer
happens and MADV_FREE will be rejected by the madvise seccomp filter,
leading to a crash in Blink's decommitSystemPages().

R=jln@chromium.org,jorgelo@chromium.org,mdempsky@chromium.org,rickyz@chromium...

Committed: https://crrev.com/65180d3bfbec6fb3d0ed2ca7961094fb38452832
Cr-Commit-Position: refs/heads/master@{#430965}
==========

[commit-bot: I haz the power, 2016-11-09 18:02:51]

Patchset 3 (id:??) landed as
https://crrev.com/65180d3bfbec6fb3d0ed2ca7961094fb38452832
Cr-Commit-Position: refs/heads/master@{#430965}