DLL Interceptor fails to clear trampoline when running under MITIGATION_DYNAMIC_CODE_POLICY
Categories
(Core :: mozglue, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox68 | --- | fixed |
People
(Reporter: handyman, Assigned: handyman)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
Bug 1533808 attempted to fix an issue with the new IOInterposer code where the Chromium sandbox was interfering with our trampoline writing. That fix exposed a failure in media mochitests that turned out to be due to the RDD process sandbox using the MITIGATION_DYNAMIC_CODE_POLICY, which blocks the process from writing to executable memory. That is obviously a problem for the DLL interceptor.
We only wish to be able to write to executable memory because we need to clean up the trampoline on shutdown. Actual trampoline writing should be (and is) done before sandbox lockdown. Since cleaning up at shutdown isn't a critical activity, we can skip it in this case as cleanup is impossible.
These patches also include a small fix for bug 1533808, which was not storing the pointer to the trampoline function with the trampoline's data.
Assignee | ||
Comment 1•6 years ago
|
||
Bug 1533808 introduced code to intercept DLL methods that the Chromium sandbox had already intercepted. That patch did not store the the pointer to the intercepted function in the trampoline data, as is done when intercepting other methods.
Assignee | ||
Comment 2•6 years ago
|
||
TrampolineCollection iterates over an array of Trampolines that it has set 'write' permissions for. If this happens in a process whose sandbox forbids dynamic code then these permissions cannot be set. This patch detects that condition and returns an empty TrampolineCollection in that case. We ASSERT if we fail to set permissions for any other reason.
Depends on D28612
Assignee | ||
Comment 3•6 years ago
|
||
Debug media tests now pass with IOInterposer changes:
https://treeherder.mozilla.org/#/jobs?repo=try&selectedJob=241258387&revision=dd840770a4c23379601b6c673304a5cbb8285387
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/8c9f054168c3
https://hg.mozilla.org/mozilla-central/rev/17c0c0c8627c
Description
•