Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(84)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 549653002: NonSFI sandbox: restrict futex(2) operations. (Closed)

Created:
6 years, 3 months ago by jln (very slow on Chromium)
Modified:
6 years, 3 months ago
Reviewers:
Mark Seaborn
CC:
chromium-reviews, hamaji
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

NonSFI sandbox: restrict futex(2) operations. We restrict futex operations to everything but "priority inheritance". BUG=408847 CQ_EXTRA_TRYBOTS=tryserver.chromium.linux:linux_rel_precise32 Committed: https://crrev.com/f5afc495794d31855f805a359bde5dfa6561ea0a Cr-Commit-Position: refs/heads/master@{#293776}

Patch Set 1 #

Total comments: 10

Patch Set 2 : Address Mark's remarks. #

Patch Set 3 : Rebase #

Unified diffs Side-by-side diffs Delta from patch set Stats (+61 lines, -5 lines) Patch
M components/nacl/loader/nonsfi/nonsfi_sandbox.cc View 1 2 5 chunks +27 lines, -3 lines 0 comments Download
M components/nacl/loader/nonsfi/nonsfi_sandbox_unittest.cc View 1 3 chunks +34 lines, -0 lines 0 comments Download
M sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc View 1 2 1 chunk +0 lines, -2 lines 0 comments Download

Messages

Total messages: 8 (2 generated)
jln (very slow on Chromium)
Mark: PTAL! This is basically a copy of what I did for the "baseline" policy. ...
6 years, 3 months ago (2014-09-05 23:40:52 UTC) #2
Mark Seaborn
LGTM. When you CQ this, please add "CQ_EXTRA_TRYBOTS=tryserver.chromium.linux:linux_rel_precise32", otherwise this won't really be tested. https://codereview.chromium.org/549653002/diff/1/components/nacl/loader/nonsfi/nonsfi_sandbox.cc ...
6 years, 3 months ago (2014-09-06 00:36:47 UTC) #3
jln (very slow on Chromium)
Thanks Mark! https://chromiumcodereview.appspot.com/549653002/diff/1/components/nacl/loader/nonsfi/nonsfi_sandbox.cc File components/nacl/loader/nonsfi/nonsfi_sandbox.cc (right): https://chromiumcodereview.appspot.com/549653002/diff/1/components/nacl/loader/nonsfi/nonsfi_sandbox.cc#newcode106 components/nacl/loader/nonsfi/nonsfi_sandbox.cc:106: FUTEX_WAIT, FUTEX_WAKE, FUTEX_FD, FUTEX_REQUEUE, On 2014/09/06 00:36:47, ...
6 years, 3 months ago (2014-09-06 00:45:37 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/jln@chromium.org/549653002/40001
6 years, 3 months ago (2014-09-08 19:09:00 UTC) #6
commit-bot: I haz the power
Committed patchset #3 (id:40001) as 1fd2fcfe1a196091dfebb76a62c1514af0e2adbe
6 years, 3 months ago (2014-09-08 20:16:01 UTC) #7
commit-bot: I haz the power
6 years, 3 months ago (2014-09-10 03:47:52 UTC) #8
Message was sent while issue was closed. 
Patchset 3 (id:??) landed as
https://crrev.com/f5afc495794d31855f805a359bde5dfa6561ea0a
Cr-Commit-Position: refs/heads/master@{#293776}

Powered by Google App Engine
This is Rietveld 408576698