diff options
author | paulhsia <paulhsia@chromium.org> | 2019-12-10 06:14:30 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-12-14 03:24:30 +0000 |
commit | ab257584d17cef8f707e18b386893669b099399d (patch) | |
tree | 3f019742cddd63d0029949d239170a0a116230be /seccomp | |
parent | 2cb59d52fe1d1836bb311b185546c24d5f6e6f8f (diff) | |
download | adhd-ab257584d17cef8f707e18b386893669b099399d.tar.gz |
CRAS: shm: Use posix_fallocate to avoid SIGBUS
Using ftruncate dose not gracefully fail if /dev/shm space is not
sufficient. Accessing memory from mmap right after the check will
trigger runtime SIGBUS error.
Add fallocate to seccomp policy files.
BUG=chromium:1025680
BUG=chromium:1031140
BUG=chromium:1031904
TEST=Build
Change-Id: Id35e7069300d08dc696e5379daeca8681b14d915
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/adhd/+/1958346
Tested-by: Chih-Yang Hsia <paulhsia@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Commit-Queue: Chih-Yang Hsia <paulhsia@chromium.org>
Diffstat (limited to 'seccomp')
-rw-r--r-- | seccomp/cras-seccomp-amd64.policy | 1 | ||||
-rw-r--r-- | seccomp/cras-seccomp-arm.policy | 1 | ||||
-rw-r--r-- | seccomp/cras-seccomp-arm64.policy | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/seccomp/cras-seccomp-amd64.policy b/seccomp/cras-seccomp-amd64.policy index 44ffc647..c80df2ec 100644 --- a/seccomp/cras-seccomp-amd64.policy +++ b/seccomp/cras-seccomp-amd64.policy @@ -39,6 +39,7 @@ unlink: 1 nanosleep: 1 pipe: 1 ftruncate: 1 +fallocate: 1 mprotect: 1 connect: 1 getsockname: 1 diff --git a/seccomp/cras-seccomp-arm.policy b/seccomp/cras-seccomp-arm.policy index 6078b815..14312007 100644 --- a/seccomp/cras-seccomp-arm.policy +++ b/seccomp/cras-seccomp-arm.policy @@ -39,6 +39,7 @@ unlink: 1 lsetxattr: 1 rt_sigprocmask: 1 ftruncate: 1 +fallocate: 1 futex: 1 execve: 1 set_robust_list: 1 diff --git a/seccomp/cras-seccomp-arm64.policy b/seccomp/cras-seccomp-arm64.policy index 28405147..e3dae97b 100644 --- a/seccomp/cras-seccomp-arm64.policy +++ b/seccomp/cras-seccomp-arm64.policy @@ -38,6 +38,7 @@ pipe2: 1 prctl: arg0 == PR_SET_NAME futex: 1 ftruncate: 1 +fallocate: 1 connect: 1 bind: 1 clock_getres: 1 |