Linux/ARM64 syscall list re-generation
Categories
(Core :: Security: Process Sandboxing, enhancement)
Tracking
()
Tracking | Status | |
---|---|---|
firefox91 | --- | fixed |
People
(Reporter: gerard-majax, Assigned: gerard-majax)
References
Details
Attachments
(1 file)
In bug 1714459 we re-generated the list, but its processing might have been too naive.
Assignee | ||
Comment 1•3 years ago
|
||
(In reply to Alexandre LISSY :gerard-majax from comment #0)
In bug 1714459 we re-generated the list, but its processing might have been too naive.
Specifically, looking at diff git diff 6d3944f0e0d8716183f173b6aecf1ba1fc2e298a..bookmarks/central security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
:
@@ -323,8 +329,8 @@
#define __NR_readlinkat 78
#endif
-#if !defined(__NR_newfstatat)
-#define __NR_newfstatat 79
+#if !defined(__NR_fstatat)
+#define __NR_fstatat 79
#endif
#if !defined(__NR_fstat)
@@ -343,6 +349,10 @@
This might trigger https://searchfox.org/mozilla-central/rev/79d73b4aff88dd4a0f06dd3789e1148c49b0de60/security/sandbox/linux/broker/SandboxBrokerUtils.h#29
Now, the diff generated by git diff 6d3944f0e0d8716183f173b6aecf1ba1fc2e298a.. security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
looks like:
@@ -11,6 +18,10 @@
#define __NR_io_setup 0
#endif
+#if !defined(__NR_newfstatat)
+#define __NR_newfstatat __NR_fstatat
+#endif
+
#if !defined(__NR_io_destroy)
#define __NR_io_destroy 1
#endif
@@ -323,8 +334,8 @@
#define __NR_readlinkat 78
#endif
-#if !defined(__NR_newfstatat)
-#define __NR_newfstatat 79
+#if !defined(__NR_fstatat)
+#define __NR_fstatat 79
#endif
#if !defined(__NR_fstat)
@@ -983,6 +994,10 @@
Assignee | ||
Comment 2•3 years ago
•
|
||
It also makes sure we don't include wrong syscalls like we did, e.g., with __NR_clock_gettime64
and others because of __BITS_PER_LONG
which is supposed to be defined at 64
by https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/arch/arm64/include/uapi/asm/bitsperlong.h?h=v5.8#n20
Assignee | ||
Comment 3•3 years ago
|
||
Assignee | ||
Comment 4•3 years ago
|
||
try to make sure we don't break on aarch64 (already verified locally): https://treeherder.mozilla.org/jobs?repo=try&revision=d1d6cddf2daa5feaad102d62f366727b7f196bf0
Pushed by alissy@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6db320536cbc Improve ARM64 syscall generation r=gcp
Comment 6•3 years ago
|
||
bugherder |
Description
•