Tree - rpms/chromium - src.fedoraproject.org

rpms / chromium

Overview Files Commits Branches Forks Releases
Monitoring status:

Bugzilla Assignee:

Fedora:: spot
EPEL:: spot
Files

Blob Blame History Raw
Index: chromium-120.0.6099.71/sandbox/policy/linux/bpf_utility_policy_linux.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/policy/linux/bpf_utility_policy_linux.cc
+++ chromium-120.0.6099.71/sandbox/policy/linux/bpf_utility_policy_linux.cc
@@ -34,7 +34,7 @@ ResultExpr UtilityProcessPolicy::Evaluat
     case __NR_fdatasync:
     case __NR_fsync:
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
-    defined(__aarch64__)
+    defined(__aarch64__) || defined(__powerpc64__)
     case __NR_getrlimit:
 #endif
 #if defined(__i386__) || defined(__arm__)
Index: chromium-120.0.6099.71/sandbox/policy/linux/bpf_renderer_policy_linux.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/policy/linux/bpf_renderer_policy_linux.cc
+++ chromium-120.0.6099.71/sandbox/policy/linux/bpf_renderer_policy_linux.cc
@@ -87,7 +87,7 @@ ResultExpr RendererProcessPolicy::Evalua
     case __NR_ftruncate64:
 #endif
 #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
-    defined(__aarch64__)
+    defined(__aarch64__) || defined(__powerpc64__)
     case __NR_getrlimit:
     case __NR_setrlimit:
 // We allow setrlimit to dynamically adjust the address space limit as
Index: chromium-120.0.6099.71/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
+++ chromium-120.0.6099.71/sandbox/linux/bpf_dsl/linux_syscall_ranges.h
@@ -58,9 +58,9 @@
 
 #elif defined(__powerpc64__)
 
-#include <asm/unistd.h>
+#include <asm-generic/unistd.h>
 #define MIN_SYSCALL 0u
-#define MAX_PUBLIC_SYSCALL 386u
+#define MAX_PUBLIC_SYSCALL __NR_syscalls
 #define MAX_SYSCALL MAX_PUBLIC_SYSCALL
 
 #else
Index: chromium-120.0.6099.71/sandbox/linux/services/credentials.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/linux/services/credentials.cc
+++ chromium-120.0.6099.71/sandbox/linux/services/credentials.cc
@@ -89,7 +89,9 @@ bool ChrootToSafeEmptyDir() {
 
   int clone_flags = CLONE_FS | LINUX_SIGCHLD;
   void* tls = nullptr;
-#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY)) && \
+// RAJA this might be it...
+#if (defined(ARCH_CPU_X86_64) || defined(ARCH_CPU_ARM_FAMILY) || \
+    defined(ARCH_CPU_PPC64_FAMILY)) && \
     !defined(MEMORY_SANITIZER)
   // Use CLONE_VM | CLONE_VFORK as an optimization to avoid copying page tables.
   // Since clone writes to the new child's TLS before returning, we must set a
@@ -97,6 +99,11 @@ bool ChrootToSafeEmptyDir() {
   // glibc performs syscalls by calling a function pointer in TLS, so we do not
   // attempt this optimization.
   // TODO(crbug.com/1247458) Broken in MSan builds after LLVM f1bb30a4956f.
+  //
+  // NOTE: Without CLONE_VM, fontconfig will attempt to reload configuration
+  // in every thread.  Since the rendered threads are sandboxed without
+  // filesystem access (e.g. to /etc/fonts/fonts.conf) this will cause font
+  // configuraiton loading failures and no fonts will be displayed!
   clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS;
 
   // PTHREAD_STACK_MIN can be dynamic in glibc2.34+, so it is not possible to
Index: chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
===================================================================
--- chromium-120.0.6099.71.orig/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ chromium-120.0.6099.71/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -357,7 +357,16 @@ intptr_t SIGSYSFstatatHandler(const stru
   if (args.nr == __NR_fstatat_default) {
     if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
         args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-      return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
+          int fd = static_cast<int>(args.args[0]);
+#if defined(__powerpc64__)
+      // On ppc64+glibc, some syscalls seem to accidentally negate the first
+      // parameter which causes checks against it to fail. For now, manually
+      // negate them back.
+      // TODO: Investigate the root cause and fix in glibc
+      if (fd < 0)
+        fd = -fd;
+#endif
+      return syscall(__NR_fstat_default, fd,
                      reinterpret_cast<default_stat_struct*>(args.args[2]));
     }
     return -reinterpret_cast<intptr_t>(fs_denied_errno);
rpms / chromium

Source Code

Files
