Allow *_PI futex syscalls when mutex priority inheritance is enabled

Without this CL, mutexes with priority inheritance enabled appear to be locked, but aren't actually, allowing multiple threads to enter critical sections. Change-Id: Ifa84526efdb17fa573a66cb2aa5a10f05783dbda Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1548249 Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#647810}
Denger-Network · Apr 4, 2019 · 03fefaf · 03fefaf
1 parent e4f0b10
commit 03fefaf
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/base/BUILD.gn b/base/BUILD.gn
@@ -58,6 +58,14 @@ declare_args() {
   enable_mutex_priority_inheritance = false
 }
 
+# Mutex priority inheritance is disabled by default due to security
+# vulnerabilities in older versions of Linux kernel and glibc. However,
+# Chromecast builds have full control over the platform and ensure that
+# the kernel and glibc versions used have patched the vulnerabilities,
+# so it is safe to use mutex priority inheritance on Chromecast platform.
+assert(!enable_mutex_priority_inheritance || is_chromecast,
+       "Do not enable PI mutexes without consulting the security team")
+
 # Determines whether libevent should be dep.
 dep_libevent = !is_fuchsia && !is_win && !(is_nacl && !is_nacl_nonsfi)
 

diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
@@ -21,6 +21,7 @@
 
 #include "base/logging.h"
 #include "base/macros.h"
+#include "base/synchronization/synchronization_buildflags.h"
 #include "build/build_config.h"
 #include "sandbox/linux/bpf_dsl/bpf_dsl.h"
 #include "sandbox/linux/bpf_dsl/seccomp_macros.h"
@@ -300,6 +301,11 @@ ResultExpr RestrictFutex() {
   const Arg<int> op(1);
   return Switch(op & ~kAllowedFutexFlags)
       .CASES((FUTEX_WAIT, FUTEX_WAKE, FUTEX_REQUEUE, FUTEX_CMP_REQUEUE,
+#if BUILDFLAG(ENABLE_MUTEX_PRIORITY_INHERITANCE)
+              // Enable priority-inheritance operations.
+              FUTEX_LOCK_PI, FUTEX_UNLOCK_PI, FUTEX_TRYLOCK_PI,
+              FUTEX_WAIT_REQUEUE_PI, FUTEX_CMP_REQUEUE_PI,
+#endif  // BUILDFLAG(ENABLE_MUTEX_PRIORITY_INHERITANCE)
               FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET),
              Allow())
       .Default(IsBuggyGlibcSemPost() ? Error(EINVAL) : CrashSIGSYSFutex());