diff options
author | riku.voipio <riku.voipio@linaro.org> | 2016-01-27 09:13:57 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-01-27 17:14:58 +0000 |
commit | f352d974e43a73fed311c60c8fcb4dd043b16093 (patch) | |
tree | 99a529094b181ec7c7d36bf42c20c1d6123c03ff /sandbox | |
parent | 17e31b8972050ad7791d2243a19f07ba8fc9c54f (diff) | |
download | chromium_src-f352d974e43a73fed311c60c8fcb4dd043b16093.zip chromium_src-f352d974e43a73fed311c60c8fcb4dd043b16093.tar.gz chromium_src-f352d974e43a73fed311c60c8fcb4dd043b16093.tar.bz2 |
sandbox arm64: align stack 16 bytes
chrome fails to start with user namespace sandboxing:
[866:866:0120/134742:FATAL:zygote_host_impl_linux.cc(182)] Check failed: process.IsValid().
Failed to launch zygote process
With strace..
clone(child_stack=0x7ffd28fd98, flags=CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
Which compared to kernel sources[1], shows that stack needs to be 16
bytes aligned. because stack grows downward, this patch assumes
PTHREAD_STACK_MIN is dividable by 16 too.
[1] http://lxr.free-electrons.com/source/arch/arm64/kernel/process.c#L267
BUG=581018
R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org,thakis@chromium.org
TEST=base_unittests ProcessUtilTest.* and sandbox_linux_unittests NamespaceSandboxTest.*
Review URL: https://codereview.chromium.org/1617763002
Cr-Commit-Position: refs/heads/master@{#371809}
Diffstat (limited to 'sandbox')
-rw-r--r-- | sandbox/linux/services/credentials.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc index fb6b6b4..76038af 100644 --- a/sandbox/linux/services/credentials.cc +++ b/sandbox/linux/services/credentials.cc @@ -16,6 +16,7 @@ #include <unistd.h> #include "base/bind.h" +#include "base/compiler_specific.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/logging.h" @@ -94,7 +95,7 @@ bool ChrootToSafeEmptyDir() { // /proc/tid directory for the thread (since /proc may not be aware of the // PID namespace). With a process, we can just use /proc/self. pid_t pid = -1; - char stack_buf[PTHREAD_STACK_MIN]; + char stack_buf[PTHREAD_STACK_MIN] ALIGNAS(16); #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \ defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY) // The stack grows downward. |