Use the libc clone wrapper in sys_clone.

sandbox/linux/services/syscall_wrappers.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/services/syscall_wrappers.h"
 
+#include <pthread.h>
+#include <sched.h>
+#include <setjmp.h>
 #include <sys/resource.h>
 #include <sys/syscall.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include "base/logging.h"
 #include "build/build_config.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 namespace sandbox {
 
 pid_t sys_getpid(void) {
   return syscall(__NR_getpid);
 }
 
 pid_t sys_gettid(void) {
   return syscall(__NR_gettid);
 }
 
-long sys_clone(unsigned long flags) {
-  return sys_clone(flags, nullptr, nullptr, nullptr, nullptr);
+namespace {
+
+int clone_helper(void* arg) {

[jln (very slow on Chromium), 2014/12/15 23:31:35]

Style: CloneHelper

Also add a comment to explain what it does.

[rickyz (no longer on Chrome), 2014/12/16 00:35:09]

Done.

+  jmp_buf* env_ptr = reinterpret_cast<jmp_buf*>(arg);
+  longjmp(*env_ptr, 1);
+
+  NOTREACHED();

[jln (very slow on Chromium), 2014/12/15 23:31:35]

RAW_CHECK(): probably a good idea to be very conservative with the execution
environment.

[rickyz (no longer on Chrome), 2014/12/16 00:35:09]

Done.

+  return 1;
 }
 
+}  // namespace
+
 long sys_clone(unsigned long flags,
-               void* child_stack,
+               decltype(nullptr) child_stack,
                pid_t* ptid,
                pid_t* ctid,
                decltype(nullptr) tls) {
   const bool clone_tls_used = flags & CLONE_SETTLS;
   const bool invalid_ctid =
       (flags & (CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)) && !ctid;
   const bool invalid_ptid = (flags & CLONE_PARENT_SETTID) && !ptid;
-  const bool invalid_stack = (flags & CLONE_VM) && !child_stack;
 
-  if (clone_tls_used || invalid_ctid || invalid_ptid || invalid_stack) {
+  // Since child_stack must be nullptr, we do not support CLONE_VM.
+  const bool invalid_clone_vm = flags & CLONE_VM;

[jln (very slow on Chromium), 2014/12/15 23:31:35]

maybe rename to clone_vm_used (to be consistent with CLONE_SETTLS above)?

[rickyz (no longer on Chrome), 2014/12/16 00:35:09]

Done.

+
+  if (clone_tls_used || invalid_ctid || invalid_ptid || invalid_clone_vm) {
     RAW_LOG(FATAL, "Invalid usage of sys_clone");
   }
 
-// See kernel/fork.c in Linux. There is different ordering of sys_clone
-// parameters depending on CONFIG_CLONE_BACKWARDS* configuration options.
-#if defined(ARCH_CPU_X86_64)
-  return syscall(__NR_clone, flags, child_stack, ptid, ctid, tls);
-#elif defined(ARCH_CPU_X86) || defined(ARCH_CPU_ARM_FAMILY) || \
-    defined(ARCH_CPU_MIPS_FAMILY) || defined(ARCH_CPU_MIPS64_FAMILY)
-  // CONFIG_CLONE_BACKWARDS defined.
-  return syscall(__NR_clone, flags, child_stack, ptid, tls, ctid);
-#endif
+  char stack[PTHREAD_STACK_MIN];
+  jmp_buf env;
+  if (setjmp(env) == 0) {
+    // We use the libc clone wrapper instead of making the syscall
+    // directly because making the syscall may fail to update the libc's
+    // internal pid cache. The libc interface unfortunately requires
+    // specifying a new stack, so we use setjmp/longjmp to emulate
+    // fork-like behavior.
+    return clone(&clone_helper, stack + sizeof(stack), flags, &env, ptid, tls,

[mdempsky, 2014/12/15 20:30:08]

"stack + sizeof(stack)" is technically wrong on stack-grows-down architectures
(i.e., HPPA), but not sure we care.

[jln (very slow on Chromium), 2014/12/15 23:31:35]

You mean stack grows-up architecture.

How could we create a reasonable COMPILE_ASSERT at least? How horrible would you
think (&env < &stack) is?

[mdempsky, 2014/12/15 23:55:01]

Yep, oops.
Pretty horrible, TBH. :-/  (The compiler might rearrange the stack layout of
objects to make that fail even on grows-down architectures.)

I'd be fine with a comment pointing out "stack + sizeof(stack)" is wrong for
grows-up architectures.  Better would be something like:

    #if X86 || ARM || MIPS
    // Grows down architectures.
    char *stack_pointer = stack + sizeof(stack);
    #else
    #error Port me.
    #endif

but that feels silly with how unlikely an HPPA port seems.

[rickyz (no longer on Chrome), 2014/12/16 00:35:09]

Here's a version that detects the direction of stack growth at runtime, though I
guess it's a little hacky, so I'm also fine with just hardcoding the
architectures as well, what do you think?

[jln (very slow on Chromium), 2014/12/16 01:11:22]

Yes, I think Matthew's suggestion is best. It's faster, more reliable and less
hackish.

[rickyz (no longer on Chrome), 2014/12/16 01:30:08]

Done.

+                 ctid);
+  }
+
+  return 0;
+}
+
+long sys_clone(unsigned long flags) {
+  return sys_clone(flags, nullptr, nullptr, nullptr, nullptr);
 }
 
 void sys_exit_group(int status) {
   syscall(__NR_exit_group, status);
 }
 
 int sys_seccomp(unsigned int operation,
                 unsigned int flags,
                 const struct sock_fprog* args) {
   return syscall(__NR_seccomp, operation, flags, args);
 }
 
 int sys_prlimit64(pid_t pid,
                   int resource,
                   const struct rlimit64* new_limit,
                   struct rlimit64* old_limit) {
   return syscall(__NR_prlimit64, pid, resource, new_limit, old_limit);
 }
 
 }  // namespace sandbox