sandbox arm64: align stack 16 bytes

chrome fails to start with user namespace sandboxing:

[866:866:0120/134742:FATAL:zygote_host_impl_linux.cc(182)] Check failed: process.IsValid().
Failed to launch zygote process

With strace..

clone(child_stack=0x7ffd28fd98, flags=CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)

Which compared to kernel sources[1], shows that stack needs to be 16
bytes aligned. because stack grows downward, this patch assumes
PTHREAD_STACK_MIN is dividable by 16 too.

[1] http://lxr.free-electrons.com/source/arch/arm64/kernel/process.c#L267

BUG=581018
R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org,thakis@chromium.org
TEST=base_unittests ProcessUtilTest.* and sandbox_linux_unittests NamespaceSandboxTest.*

Review URL: https://codereview.chromium.org/1617763002

Cr-Commit-Position: refs/heads/master@{#371809}

1 files changed, 2 insertions, 1 deletions

diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
index fb6b6b4..76038af 100644
--- a/sandbox/linux/services/credentials.cc
+++ b/sandbox/linux/services/credentials.cc
@@ -16,6 +16,7 @@
 #include <unistd.h>
 
 #include "base/bind.h"
+#include "base/compiler_specific.h"
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/logging.h"
@@ -94,7 +95,7 @@ bool ChrootToSafeEmptyDir() {
   // /proc/tid directory for the thread (since /proc may not be aware of the
   // PID namespace). With a process, we can just use /proc/self.
   pid_t pid = -1;
-  char stack_buf[PTHREAD_STACK_MIN];
+  char stack_buf[PTHREAD_STACK_MIN] ALIGNAS(16);
 #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
     defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY)
   // The stack grows downward.