Skip to content

GitLab

T
tangled
Commit 4fc85b27 authored by Matthew Cary's avatar Matthew Cary Committed by Commit Bot
Browse files
Options

Android: whitelist MADV_RANDOM and MADV_NORMAL. 

Extend seccomp_bpf to allow MADV_RANDOM and MADV_NORMAL for the madvise()
syscall. These are used to control code page memory footprint, particularly on
android.

Bug: 758566
Cq-Include-Trybots: master.tryserver.chromium.android:android_compile_x64_dbg;master.tryserver.chromium.android:android_compile_x86_dbg
Change-Id: I9d87af4453d19a1391053ffc56f1eab85a2ad231
Reviewed-on: https://chromium-review.googlesource.com/1150176
Commit-Queue: Matthew Cary <mattcary@chromium.org>
Reviewed-by: default avatarBenoit L <lizeb@chromium.org>
Reviewed-by: default avatarChris Palmer <palmer@chromium.org>
Reviewed-by: default avatarRobert Sesek <rsesek@chromium.org>
Cr-Commit-Position: refs/heads/master@{#584845}
parent eb32e8b4
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 2 deletions
sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
View file @ 4fc85b27
......@@ -174,9 +174,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
}
if (sysno == __NR_madvise) {
// Only allow MADV_DONTNEED and MADV_FREE.
// Only allow MADV_DONTNEED, MADV_RANDOM, MADV_NORMAL and MADV_FREE.
const Arg<int> advice(2);
return If(AnyOf(advice == MADV_DONTNEED
return If(AnyOf(advice == MADV_DONTNEED,
advice == MADV_RANDOM,
advice == MADV_NORMAL
#if defined(MADV_FREE)
// MADV_FREE was introduced in Linux 4.5 and started being
// defined in glibc 2.24.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment