1364533 - Allow madvise MADV_NOHUGEPAGE (and MADV_HUGEPAGE), used by jemalloc

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, defect)

Description

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Similarly to bug 1303813, our jemalloc will use MADV_{NO,}HUGEPAGE if they're defined at compile time.  We've recently gotten some reports from Gentoo users (bug 1303813 comment #16, bug 1356038 comment #5) where we're trying to use it and the seccomp-bpf policy doesn't allow it.

Huge page advice has been around since 2011 (kernel 2.6.38), but builds are still using CentOS 6 (kernel 2.6.32 with a lot of patches), which would explain why this isn't happening on official builds.

This feature does expose some attack surface (e.g., possible bugs in multiprocessor TLB shootdown when changing page sizes) but judging by https://github.com/jemalloc/jemalloc/issues/243 it seems to be important for performance.

Note that as of Firefox 54 (bug 1286865) this will no longer cause crashes on non-Nightly builds; instead, the syscalls will return failure, which jemalloc ignores.

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: Bug 1364533 - Allow madvise huge page hints.

Review commit: https://reviewboard.mozilla.org/r/141634/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/141634/

Comment 2

[Gian-Carlo Pascutto [:gcp]]

Comment on attachment 8870187 [details]
Bug 1364533 - Allow madvise huge page hints.

https://reviewboard.mozilla.org/r/141634/#review146098

Comment 3

[Pulsebot]

Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c8a8173ef138
Allow madvise huge page hints. r=gcp

Comment 4

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/c8a8173ef138