!46 Fix firefox tab crash with clone3 in glibc 2.34

From: @ultra_planet Reviewed-by: @small_leek Signed-off-by: @small_leek
2021-08-23 12:24:01 +00:00 · 2021-08-23 12:24:01 +00:00 · e84ba84985
commit e84ba84985
parent ff38cbae75 efe80ec472
2 changed files with 60 additions and 1 deletions
--- a/Deny-clone3-to-force-glibc-fallback.patch
+++ b/Deny-clone3-to-force-glibc-fallback.patch
@ -0,0 +1,54 @@
+
+# HG changeset patch
+# User Alexandre Lissy <lissyx+mozillians@lissyx.dyndns.org>
+# Date 1623246328 0
+# Node ID ecb4011a0c76a1c7040054a44712e277f3dc24a1
+# Parent  9ec189804055442e5cc98d69dd01b71e90ed0cb5
+Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
+
+Differential Revision: https://phabricator.services.mozilla.com/D117297
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -853,16 +853,19 @@ class SandboxPolicyCommon : public Sandb
+         // Yield
+       case __NR_sched_yield:
+         return Allow();
+ 
+         // Thread creation.
+       case __NR_clone:
+         return ClonePolicy(InvalidSyscall());
+ 
+      case __NR_clone3:
+        return Error(ENOSYS);
+
+         // More thread creation.
+ #ifdef __NR_set_robust_list
+       case __NR_set_robust_list:
+         return Allow();
+ #endif
+ #ifdef ANDROID
+       case __NR_set_tid_address:
+         return Allow();
+@@ -1499,16 +1502,19 @@ class ContentSandboxPolicy : public Sand
+         // the child would inherit the seccomp-bpf policy and almost
+         // certainly die from an unexpected SIGSYS.  We also can't have
+         // fork() crash, currently, because there are too many system
+         // libraries/plugins that try to run commands.  But they can
+         // usually do something reasonable on error.
+       case __NR_clone:
+         return ClonePolicy(Error(EPERM));
+ 
+      case __NR_clone3:
+        return Error(ENOSYS);
+
+ #  ifdef __NR_fadvise64
+       case __NR_fadvise64:
+         return Allow();
+ #  endif
+ 
+ #  ifdef __NR_fadvise64_64
+       case __NR_fadvise64_64:
+         return Allow();
+
--- a/firefox.spec
+++ b/firefox.spec
@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             9
+Release:             10
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -185,6 +185,7 @@ Patch640:            Bug-1680166-Return-EFAULT-when-given-a-null-path-to-stat-ca
 Patch641:            Bug-1680166-GCC-is-smarter-than-clang-so-ignore-the-warning-properly.patch
 Patch642:            firefox-glibc-dynstack.patch
 Patch643:            firefox-crashreporter-build.patch
+Patch644:            Deny-clone3-to-force-glibc-fallback.patch

 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@ -363,6 +364,7 @@ tar -xf %{SOURCE3}
 %patch641 -p1
 %patch642 -p1
 %patch643 -p1
+%patch644 -p1

 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
@ -805,6 +807,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif

 %changelog
+* Mon Aug 23 2021 lingsheng <lingsheng@huawei.com> - 79.0-10
+- Fix firefox tab crash with clone3 in glibc 2.34
+
 * Wed Aug 11 2021 caodongxia <caodongxia@huawei.com> - 79.0-9
 - Fix glibc dynstack