[arch-commits] Commit in electron/trunk (9 files)
Nicola Squartini
tensor5 at gemini.archlinux.org
Thu Sep 2 11:29:41 UTC 2021
Date: Thursday, September 2, 2021 @ 11:29:41
Author: tensor5
Revision: 1010568
upgpkg: electron 14.0.0-1
Added:
electron/trunk/chromium-93-ffmpeg-4.4.patch
electron/trunk/linux-sandbox-fix-fstatat-crash.patch
electron/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
electron/trunk/replace-blacklist-with-ignorelist.patch
Modified:
electron/trunk/PKGBUILD
electron/trunk/default_app-icon.patch
Deleted:
electron/trunk/add-clang-nomerge-attribute-to-CheckError.patch
electron/trunk/chromium-glibc-2.33.patch
electron/trunk/unbundle-use-char16_t-as-UCHAR_TYPE.patch
-----------------------------------------------------------+
PKGBUILD | 62
add-clang-nomerge-attribute-to-CheckError.patch | 44
chromium-93-ffmpeg-4.4.patch | 36
chromium-glibc-2.33.patch | 144 -
default_app-icon.patch | 2
linux-sandbox-fix-fstatat-crash.patch | 348 +++
linux-sandbox-syscall-broker-use-struct-kernel_stat.patch | 1384 ++++++++++++
replace-blacklist-with-ignorelist.patch | 196 +
unbundle-use-char16_t-as-UCHAR_TYPE.patch | 30
9 files changed, 1998 insertions(+), 248 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2021-09-02 10:52:47 UTC (rev 1010567)
+++ PKGBUILD 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -1,10 +1,10 @@
# Maintainer: Nicola Squartini <tensor5 at gmail.com>
pkgname=electron
-pkgver=13.2.3
-_commit=69df216a9ce5711f38dd4c9ab1ab55f554c85727
-_chromiumver=91.0.4472.164
-_gcc_patchset=5
+pkgver=14.0.0
+_commit=9aa2608ca7724e8d254e6af80aa502b7b4673b9b
+_chromiumver=93.0.4577.58
+_gcc_patchset=6
pkgrel=1
pkgdesc='Build cross platform desktop apps with web technologies'
arch=('x86_64')
@@ -27,22 +27,24 @@
"${pkgname}.desktop"
'default_app-icon.patch'
'use-system-libraries-in-node.patch'
- 'add-clang-nomerge-attribute-to-CheckError.patch'
- 'chromium-glibc-2.33.patch'
+ 'linux-sandbox-syscall-broker-use-struct-kernel_stat.patch'
+ 'linux-sandbox-fix-fstatat-crash.patch'
+ 'replace-blacklist-with-ignorelist.patch'
'sql-make-VirtualCursor-standard-layout-type.patch'
- 'unbundle-use-char16_t-as-UCHAR_TYPE.patch'
+ 'chromium-93-ffmpeg-4.4.patch'
)
sha256sums=('SKIP'
'SKIP'
- '171525009003a9ed1182cfcb6f407d7169d9a731a474304e263029376719f55a'
+ 'a44ffd9e25fcbd8b3cc778871890e4da6fe12600ad549c807e1d03f61f0cdf73'
'20c50e217fcb20f72fd2b465ad19659abe51feff4814515767a3065a009d58a5'
'5270db01f3f8aaa5137dec275a02caa832b7f2e37942e068cba8d28b3a29df39'
- 'dd2d248831dd4944d385ebf008426e66efe61d6fdf66f8932c963a12167947b4'
+ '75bac9c4ad32ff9329399b8587f9772e208c009fd822cdfce61b2bd1ee9ac828'
'f16103daf05713dea632b5f01e45db20ff12d1770a6539b4e8d3957a0242dd54'
- '50133dd196d288ad538bb536aa51dccd6cb4aacfd9a60160f77e8fb16034b460'
- '2fccecdcd4509d4c36af873988ca9dbcba7fdb95122894a9fdf502c33a1d7a4b'
+ '268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3'
+ '253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5'
+ 'd3344ba39b8c6ed202334ba7f441c70d81ddf8cdb15af1aa8c16e9a3a75fbb35'
'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150'
- '59a59a60a08b335fe8647fdf0f9d2288d236ebf2cc9626396d0c4d032fd2b25d'
+ '1a9e074f417f8ffd78bcd6874d8e2e74a239905bf662f76a7755fa40dc476b57'
)
_system_libs=('ffmpeg'
@@ -93,15 +95,13 @@
--with_tags \
--nohooks
- sed -e "s/'am'/'apply'/" -i src/electron/script/lib/git.py
-
echo "Running hooks..."
# python2 "${srcdir}/depot_tools/gclient.py" runhooks
- python2 src/build/landmines.py
- python2 src/build/util/lastchange.py -o src/build/util/LASTCHANGE
- python2 src/build/util/lastchange.py -m GPU_LISTS_VERSION \
+ src/build/landmines.py
+ src/build/util/lastchange.py -o src/build/util/LASTCHANGE
+ src/build/util/lastchange.py -m GPU_LISTS_VERSION \
--revision-id-only --header src/gpu/config/gpu_lists_version.h
- python2 src/build/util/lastchange.py -m SKIA_COMMIT_HASH \
+ src/build/util/lastchange.py -m SKIA_COMMIT_HASH \
-s src/third_party/skia --header src/skia/ext/skia_commit_hash.h
# Create sysmlink to system clang-format
ln -s /usr/bin/clang-format src/buildtools/linux64
@@ -108,12 +108,9 @@
# Create sysmlink to system Node.js
mkdir -p src/third_party/node/linux/node-linux-x64/bin
ln -sf /usr/bin/node src/third_party/node/linux/node-linux-x64/bin
- #python2 src/third_party/depot_tools/download_from_google_storage.py \
- # --no_resume --extract --no_auth --bucket chromium-nodejs \
- # -s src/third_party/node/node_modules.tar.gz.sha1
- cd src/third_party/node
- npm ci
- cd ../../..
+ src/third_party/depot_tools/download_from_google_storage.py \
+ --no_resume --extract --no_auth --bucket chromium-nodejs \
+ -s src/third_party/node/node_modules.tar.gz.sha1
vpython src/tools/download_optimization_profile.py \
--newest_state=src/chrome/android/profiles/newest.txt \
--local_state=src/chrome/android/profiles/local.txt \
@@ -123,7 +120,7 @@
# --target=linux \
# update \
# --gs-url-base=chromium-optimization-profiles/pgo_profiles
- python2 src/electron/script/apply_all_patches.py \
+ src/electron/script/apply_all_patches.py \
src/electron/patches/config.json
cd src/electron
yarn install --frozen-lockfile
@@ -131,12 +128,19 @@
echo "Applying local patches..."
# Fixes for building with libstdc++ instead of libc++
+ patch -Np1 -i ../patches/chromium-93-pdfium-include.patch
patch -Np1 -i ../patches/chromium-90-ruy-include.patch
+ patch -Np1 -i ../patches/chromium-93-HashPasswordManager-include.patch
+ patch -Np1 -i ../patches/chromium-93-BluetoothLowEnergyScanFilter-include.patch
+ patch -Np1 -i ../patches/chromium-93-ClassProperty-include.patch
+ patch -Np1 -i ../patches/chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
+ patch -Np1 -i ../patches/chromium-93-ScopedTestDialogAutoConfirm-include.patch
- patch -Rp1 -i ../add-clang-nomerge-attribute-to-CheckError.patch
- patch -Np1 -i ../chromium-glibc-2.33.patch
+ patch -Np1 -i ../chromium-93-ffmpeg-4.4.patch
+ patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
+ patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch
+ patch -Rp1 -i ../replace-blacklist-with-ignorelist.patch
patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch
- patch -Np1 -i ../unbundle-use-char16_t-as-UCHAR_TYPE.patch
patch -Np1 -i ../use-system-libraries-in-node.patch
patch -Np1 -i ../default_app-icon.patch # Icon from .desktop file
@@ -155,7 +159,7 @@
\! -regex '.*\.\(gn\|gni\|isolate\)' \
-delete
done
- python2 build/linux/unbundle/replace_gn_files.py \
+ build/linux/unbundle/replace_gn_files.py \
--system-libraries \
"${_system_libs[@]}"
}
Deleted: add-clang-nomerge-attribute-to-CheckError.patch
===================================================================
--- add-clang-nomerge-attribute-to-CheckError.patch 2021-09-02 10:52:47 UTC (rev 1010567)
+++ add-clang-nomerge-attribute-to-CheckError.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -1,44 +0,0 @@
-From 9909f146b28d56c9c0411329a056ed959b33f76a Mon Sep 17 00:00:00 2001
-From: Zequan Wu <zequanwu at google.com>
-Date: Wed, 10 Feb 2021 03:26:00 +0000
-Subject: [PATCH] Reland "Add [[clang::nomerge]] attribute to ~CheckError()."
-
-This is a reland of 8860253376c38c090d585bda4b20b801e3aa3ce3
-
-Original change's description:
-> Add [[clang::nomerge]] attribute to ~CheckError().
->
-> To disable merging multiple ~CheckError() destructor for accurate crash logs.
->
-> Bug: 1153188
-> Change-Id: If6d153661667a63f13b645f6d284eb3d5ea3a300
-> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2611331
-> Commit-Queue: Nico Weber <thakis at chromium.org>
-> Auto-Submit: Zequan Wu <zequanwu at google.com>
-> Reviewed-by: Nico Weber <thakis at chromium.org>
-> Cr-Commit-Position: refs/heads/master@{#844989}
-
-Bug: 1153188
-Change-Id: I303c5ff9fb88f7a30663400622b327a910d0b108
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2686331
-Reviewed-by: Nico Weber <thakis at chromium.org>
-Commit-Queue: Nico Weber <thakis at chromium.org>
-Commit-Queue: Zequan Wu <zequanwu at google.com>
-Cr-Commit-Position: refs/heads/master@{#852453}
----
- base/check.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/base/check.h b/base/check.h
-index c94ab68db90..17048e45539 100644
---- a/base/check.h
-+++ b/base/check.h
-@@ -85,7 +85,7 @@ class BASE_EXPORT CheckError {
- // Stream for adding optional details to the error message.
- std::ostream& stream();
-
-- ~CheckError();
-+ NOMERGE ~CheckError();
-
- CheckError(const CheckError& other) = delete;
- CheckError& operator=(const CheckError& other) = delete;
Added: chromium-93-ffmpeg-4.4.patch
===================================================================
--- chromium-93-ffmpeg-4.4.patch (rev 0)
+++ chromium-93-ffmpeg-4.4.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
Deleted: chromium-glibc-2.33.patch
===================================================================
--- chromium-glibc-2.33.patch 2021-09-02 10:52:47 UTC (rev 1010567)
+++ chromium-glibc-2.33.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin at tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
Modified: default_app-icon.patch
===================================================================
--- default_app-icon.patch 2021-09-02 10:52:47 UTC (rev 1010567)
+++ default_app-icon.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -1,6 +1,6 @@
--- a/electron/default_app/default_app.ts
+++ b/electron/default_app/default_app.ts
-@@ -60,7 +60,7 @@
+@@ -59,7 +59,7 @@
};
if (process.platform === 'linux') {
Added: linux-sandbox-fix-fstatat-crash.patch
===================================================================
--- linux-sandbox-fix-fstatat-crash.patch (rev 0)
+++ linux-sandbox-fix-fstatat-crash.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -0,0 +1,348 @@
+From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Wed, 21 Jul 2021 12:55:11 +0000
+Subject: [PATCH] Linux sandbox: fix fstatat() crash
+
+This is a reland of https://crrev.com/c/2801873.
+
+Glibc has started rewriting fstat(fd, stat_buf) to
+fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
+AT_EMPTY_PATH is specified, and the second argument is an empty string,
+then fstatat just performs an fstat on fd like normal.
+
+Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
+with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
+The baseline policy needs to prevent this usage of fstatat() since it
+doesn't allow access to arbitrary pathnames.
+
+Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
+simply ignored by current kernels.
+
+This means fstatat() is completely unsandboxable with seccomp, since
+we *need* to verify that the second argument is the empty string, but
+we can't dereference pointers in seccomp (due to limitations of BPF,
+and the difficulty of addressing these limitations due to TOCTOU
+issues).
+
+So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
+The signal handler, which runs in the sandboxed process, checks for
+AT_EMPTY_PATH and the empty string, and then rewrites any applicable
+fstatat() back into the old-style fstat().
+
+Bug: 1164975
+Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#903873}
+---
+ .../seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++
+ .../baseline_policy_unittest.cc | 17 ++++++++++++-
+ .../seccomp-bpf-helpers/sigsys_handlers.cc | 25 +++++++++++++++++++
+ .../seccomp-bpf-helpers/sigsys_handlers.h | 14 +++++++++++
+ .../linux/syscall_broker/broker_process.cc | 21 ++++++++++------
+ .../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
+ sandbox/linux/system_headers/linux_stat.h | 4 +++
+ 7 files changed, 89 insertions(+), 18 deletions(-)
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+index f2a60bb4d7..9df0d2dbd3 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -20,6 +20,7 @@
+ #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
+ #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ #if !defined(SO_PEEK_OFF)
+@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+ return Allow();
+ }
+
++ // The fstatat syscalls are file system syscalls, which will be denied below
++ // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
++ // libc implementations to fstatat syscalls, and we need to rewrite them back.
++ if (sysno == __NR_fstatat_default) {
++ return RewriteFstatatSIGSYS(fs_denied_errno);
++ }
++
+ if (SyscallSets::IsFileSystem(sysno) ||
+ SyscallSets::IsCurrentDirectory(sysno)) {
+ return Error(fs_denied_errno);
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index 68c29b564b..57d307e09d 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -51,7 +51,8 @@ namespace sandbox {
+
+ namespace {
+
+-// This also tests that read(), write() and fstat() are allowed.
++// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
++// AT_EMPTY_PATH) are allowed.
+ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+ BPF_ASSERT_LE(0, read_end.get());
+ BPF_ASSERT_LE(0, write_end.get());
+@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+ BPF_ASSERT_EQ(0, sys_ret);
+ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
+
++ sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
++ BPF_ASSERT_EQ(0, sys_ret);
++ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
++
++ // Make sure fstatat with anything other than an empty string is denied.
++ sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
++ BPF_ASSERT_EQ(sys_ret, -1);
++ BPF_ASSERT_EQ(EPERM, errno);
++
++ // Make sure fstatat without AT_EMPTY_PATH is denied.
++ sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
++ BPF_ASSERT_EQ(sys_ret, -1);
++ BPF_ASSERT_EQ(EPERM, errno);
++
+ const ssize_t kTestTransferSize = 4;
+ static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
+ ssize_t transfered = 0;
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+index 64edbd68bd..71068a0452 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+@@ -6,6 +6,7 @@
+
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -22,6 +23,7 @@
+ #include "sandbox/linux/seccomp-bpf/syscall.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ #if defined(__mips__)
+@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
+ return -ENOSYS;
+ }
+
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* fs_denied_errno) {
++ if (args.nr == __NR_fstatat_default) {
++ if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
++ args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
++ return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
++ reinterpret_cast<default_stat_struct*>(args.args[2]));
++ }
++ return -reinterpret_cast<intptr_t>(fs_denied_errno);
++ }
++
++ CrashSIGSYS_Handler(args, fs_denied_errno);
++
++ // Should never be reached.
++ RAW_CHECK(false);
++ return -ENOSYS;
++}
++
+ bpf_dsl::ResultExpr CrashSIGSYS() {
+ return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
+ }
+@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
+ return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+ }
+
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
++ return bpf_dsl::Trap(SIGSYSFstatatHandler,
++ reinterpret_cast<void*>(fs_denied_errno));
++}
++
+ void AllocateCrashKeys() {
+ #if !defined(OS_NACL_NONSFI)
+ if (seccomp_crash_key)
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+index 7a958b93b2..8cd735ce15 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
+ // sched_setparam(), sched_setscheduler()
+ SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
+ void* aux);
++// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
++// then rewrite the syscall to the equivalent fstat() syscall which can be
++// adequately sandboxed.
++// If the fstatat() is not functionally equivalent to an fstat() syscall, we
++// fail with -fs_denied_errno.
++// If the syscall is not an fstatat() at all, crash in the same way as
++// CrashSIGSYS_Handler.
++// This is necessary because glibc and musl have started rewriting fstat(fd,
++// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter
++// back to the former, which is actually sandboxable.
++SANDBOX_EXPORT intptr_t
++SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* fs_denied_errno);
+
+ // Variants of the above functions for use with bpf_dsl.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
+@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
+
+ // Allocates a crash key so that Seccomp information can be recorded.
+ void AllocateCrashKeys();
+diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc
+index c2176eb785..e9dad37485 100644
+--- a/sandbox/linux/syscall_broker/broker_process.cc
++++ b/sandbox/linux/syscall_broker/broker_process.cc
+@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
+ }
+
+ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
++ // The syscalls unavailable on aarch64 are all blocked by Android's default
++ // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX()
++ // with a corresponding XXat() versions are typically unavailable in aarch64
++ // and are default disabled in Android. So, we should refuse to broker them
++ // to be consistent with the platform's restrictions.
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_access:
+ #endif
+ case __NR_faccessat:
+ return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_mkdir:
+ #endif
+ case __NR_mkdirat:
+ return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_open:
+ #endif
+ case __NR_openat:
+ return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_readlink:
+ #endif
+ case __NR_readlinkat:
+ return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_rename:
+ #endif
+ case __NR_renameat:
+ case __NR_renameat2:
+ return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_rmdir:
+ return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_stat:
+ case __NR_lstat:
+ #endif
+@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
+ return !fast_check || allowed_command_set_.test(COMMAND_STAT);
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_unlink:
+ return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
+ #endif
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index c65f25a78a..f0db08d84e 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
+ const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand = {
+ {COMMAND_ACCESS,
+ {__NR_faccessat,
+-#if defined(__NR_access)
++#if defined(__NR_access) && !defined(OS_ANDROID)
+ __NR_access
+ #endif
+ }},
+ {COMMAND_MKDIR,
+ {__NR_mkdirat,
+-#if defined(__NR_mkdir)
++#if defined(__NR_mkdir) && !defined(OS_ANDROID)
+ __NR_mkdir
+ #endif
+ }},
+ {COMMAND_OPEN,
+ {__NR_openat,
+-#if defined(__NR_open)
++#if defined(__NR_open) && !defined(OS_ANDROID)
+ __NR_open
+ #endif
+ }},
+ {COMMAND_READLINK,
+ {__NR_readlinkat,
+-#if defined(__NR_readlink)
++#if defined(__NR_readlink) && !defined(OS_ANDROID)
+ __NR_readlink
+ #endif
+ }},
+ {COMMAND_RENAME,
+ {__NR_renameat,
+-#if defined(__NR_rename)
++#if defined(__NR_rename) && !defined(OS_ANDROID)
+ __NR_rename
+ #endif
+ }},
+ {COMMAND_UNLINK,
+ {__NR_unlinkat,
+-#if defined(__NR_unlink)
++#if defined(__NR_unlink) && !defined(OS_ANDROID)
+ __NR_unlink
+ #endif
+ }},
+ {COMMAND_RMDIR,
+ {__NR_unlinkat,
+-#if defined(__NR_rmdir)
++#if defined(__NR_rmdir) && !defined(OS_ANDROID)
+ __NR_rmdir
+ #endif
+ }},
+ {COMMAND_STAT,
+ {
+-#if defined(__NR_stat)
++#if defined(__NR_stat) && !defined(OS_ANDROID)
+ __NR_stat,
+ #endif
+-#if defined(__NR_lstat)
++#if defined(__NR_lstat) && !defined(OS_ANDROID)
+ __NR_lstat,
+ #endif
+ #if defined(__NR_fstatat)
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+index 35788eb22a..83b89efc75 100644
+--- a/sandbox/linux/system_headers/linux_stat.h
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -157,6 +157,10 @@ struct kernel_stat {
+ };
+ #endif
+
++#if !defined(AT_EMPTY_PATH)
++#define AT_EMPTY_PATH 0x1000
++#endif
++
+ // On 32-bit systems, we default to the 64-bit stat struct like libc
+ // implementations do. Otherwise we default to the normal stat struct which is
+ // already 64-bit.
Added: linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
===================================================================
--- linux-sandbox-syscall-broker-use-struct-kernel_stat.patch (rev 0)
+++ linux-sandbox-syscall-broker-use-struct-kernel_stat.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek at chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna at google.com>
+> > > Owners-Override: Victor Vianna <victorvianna at google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton at chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek at chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto at chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko at chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton at chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko at chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko at chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bc..ccbbc91716 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911..8a941983b1 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da3..95d1bb6cbb 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab..76c393032c 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129..3bec18a14e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88..b55340e4a2 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8..64b9cea80f 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d363..149c463b06 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433..e24f659fcf 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2..26ca78101c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df..1cdc01a888 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb2..c65f25a78a 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb708..f517a9867c 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14a..8a42397ef8 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9..1d6653caf3 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000..35788eb22a
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd..f18c806611 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c..cf6041a4b4 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4..43b028b1e3 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8..6dc8c0581b 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
Added: replace-blacklist-with-ignorelist.patch
===================================================================
--- replace-blacklist-with-ignorelist.patch (rev 0)
+++ replace-blacklist-with-ignorelist.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -0,0 +1,196 @@
+From 9d080c0934b848ee4a05013c78641e612fcc1e03 Mon Sep 17 00:00:00 2001
+From: Dylan Cutler <dylancutler at google.com>
+Date: Wed, 26 May 2021 16:39:52 +0000
+Subject: [PATCH] Reland "Replace 'blacklist' with 'ignorelist' in
+ ./tools/msan/."
+
+This is a reland of 3b6263f2eece1264b052dfdcbc03b851d5abfb48
+
+Relanding now that https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/2897974 is merged
+
+Original change's description:
+> Replace 'blacklist' with 'ignorelist' in ./tools/msan/.
+>
+> Bug: 1097272, 1097268
+> Change-Id: Id5c8227a5bfb1ffaec82d3168b609085b10c8297
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2867730
+> Commit-Queue: Dylan Cutler <dylancutler at google.com>
+> Reviewed-by: Nico Weber <thakis at chromium.org>
+> Reviewed-by: Jonathan Metzman <metzman at chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#883035}
+
+Bug: 1097272
+Bug: 1097268
+Change-Id: I11a5bc8972680c95fb1dab95ed3b707ed76f4667
+Cq-Include-Trybots: luci.chromium.try:chromeos-amd64-generic-cfi-thin-lto-rel
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2911096
+Commit-Queue: Dylan Cutler <dylancutler at google.com>
+Reviewed-by: Nico Weber <thakis at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#886773}
+---
+ build/config/sanitizers/BUILD.gn | 44 ++++++++++----------
+ build_overrides/build.gni | 14 +++----
+ tools/msan/{blacklist.txt => ignorelist.txt} | 0
+ 3 files changed, 29 insertions(+), 29 deletions(-)
+ rename tools/msan/{blacklist.txt => ignorelist.txt} (100%)
+
+diff --git a/build/config/sanitizers/BUILD.gn b/build/config/sanitizers/BUILD.gn
+index aaaad023474d..55b388a43743 100644
+--- a/build/config/sanitizers/BUILD.gn
++++ b/build/config/sanitizers/BUILD.gn
+@@ -272,11 +272,11 @@ config("asan_flags") {
+ if (is_asan) {
+ cflags += [ "-fsanitize=address" ]
+ if (is_win) {
+- if (!defined(asan_win_blacklist_path)) {
+- asan_win_blacklist_path =
++ if (!defined(asan_win_blocklist_path)) {
++ asan_win_blocklist_path =
+ rebase_path("//tools/memory/asan/blocklist_win.txt", root_build_dir)
+ }
+- cflags += [ "-fsanitize-blacklist=$asan_win_blacklist_path" ]
++ cflags += [ "-fsanitize-ignorelist=$asan_win_blocklist_path" ]
+ }
+ }
+ }
+@@ -306,13 +306,13 @@ config("link_shared_library") {
+ config("cfi_flags") {
+ cflags = []
+ if (is_cfi && current_toolchain == default_toolchain) {
+- if (!defined(cfi_blacklist_path)) {
+- cfi_blacklist_path =
++ if (!defined(cfi_ignorelist_path)) {
++ cfi_ignorelist_path =
+ rebase_path("//tools/cfi/ignores.txt", root_build_dir)
+ }
+ cflags += [
+ "-fsanitize=cfi-vcall",
+- "-fsanitize-blacklist=$cfi_blacklist_path",
++ "-fsanitize-ignorelist=$cfi_ignorelist_path",
+ ]
+
+ if (use_cfi_cast) {
+@@ -409,14 +409,14 @@ config("msan_flags") {
+ if (is_msan) {
+ assert(is_linux || is_chromeos,
+ "msan only supported on linux x86_64/ChromeOS")
+- if (!defined(msan_blacklist_path)) {
+- msan_blacklist_path =
+- rebase_path("//tools/msan/blacklist.txt", root_build_dir)
++ if (!defined(msan_ignorelist_path)) {
++ msan_ignorelist_path =
++ rebase_path("//tools/msan/ignorelist.txt", root_build_dir)
+ }
+ cflags = [
+ "-fsanitize=memory",
+ "-fsanitize-memory-track-origins=$msan_track_origins",
+- "-fsanitize-blacklist=$msan_blacklist_path",
++ "-fsanitize-ignorelist=$msan_ignorelist_path",
+ ]
+ }
+ }
+@@ -424,13 +424,13 @@ config("msan_flags") {
+ config("tsan_flags") {
+ if (is_tsan) {
+ assert(is_linux || is_chromeos, "tsan only supported on linux x86_64")
+- if (!defined(tsan_blacklist_path)) {
+- tsan_blacklist_path =
++ if (!defined(tsan_ignorelist_path)) {
++ tsan_ignorelist_path =
+ rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
+ }
+ cflags = [
+ "-fsanitize=thread",
+- "-fsanitize-blacklist=$tsan_blacklist_path",
++ "-fsanitize-ignorelist=$tsan_ignorelist_path",
+ ]
+ }
+ }
+@@ -438,8 +438,8 @@ config("tsan_flags") {
+ config("ubsan_flags") {
+ cflags = []
+ if (is_ubsan) {
+- if (!defined(ubsan_blacklist_path)) {
+- ubsan_blacklist_path =
++ if (!defined(ubsan_ignorelist_path)) {
++ ubsan_ignorelist_path =
+ rebase_path("//tools/ubsan/ignorelist.txt", root_build_dir)
+ }
+ cflags += [
+@@ -456,7 +456,7 @@ config("ubsan_flags") {
+ "-fsanitize=signed-integer-overflow",
+ "-fsanitize=unreachable",
+ "-fsanitize=vla-bound",
+- "-fsanitize-blacklist=$ubsan_blacklist_path",
++ "-fsanitize-ignorelist=$ubsan_ignorelist_path",
+ ]
+
+ # Chromecast ubsan builds fail to compile with these
+@@ -486,8 +486,8 @@ config("ubsan_no_recover") {
+
+ config("ubsan_security_flags") {
+ if (is_ubsan_security) {
+- if (!defined(ubsan_security_blacklist_path)) {
+- ubsan_security_blacklist_path =
++ if (!defined(ubsan_security_ignorelist_path)) {
++ ubsan_security_ignorelist_path =
+ rebase_path("//tools/ubsan/security_ignorelist.txt", root_build_dir)
+ }
+ cflags = [
+@@ -495,7 +495,7 @@ config("ubsan_security_flags") {
+ "-fsanitize=shift",
+ "-fsanitize=signed-integer-overflow",
+ "-fsanitize=vla-bound",
+- "-fsanitize-blacklist=$ubsan_security_blacklist_path",
++ "-fsanitize-ignorelist=$ubsan_security_ignorelist_path",
+ ]
+ }
+ }
+@@ -508,13 +508,13 @@ config("ubsan_null_flags") {
+
+ config("ubsan_vptr_flags") {
+ if (is_ubsan_vptr) {
+- if (!defined(ubsan_vptr_blacklist_path)) {
+- ubsan_vptr_blacklist_path =
++ if (!defined(ubsan_vptr_ignorelist_path)) {
++ ubsan_vptr_ignorelist_path =
+ rebase_path("//tools/ubsan/vptr_ignorelist.txt", root_build_dir)
+ }
+ cflags = [
+ "-fsanitize=vptr",
+- "-fsanitize-blacklist=$ubsan_vptr_blacklist_path",
++ "-fsanitize-ignorelist=$ubsan_vptr_ignorelist_path",
+ ]
+ }
+ }
+diff --git a/build_overrides/build.gni b/build_overrides/build.gni
+index 82627b03653f..f3e563ab701b 100644
+--- a/build_overrides/build.gni
++++ b/build_overrides/build.gni
+@@ -42,15 +42,15 @@ declare_args() {
+ # Allows different projects to specify their own suppression/ignore lists for
+ # sanitizer tools.
+ # asan_suppressions_file = "path/to/asan_suppressions.cc"
+-# asan_win_blacklist_path = "path/to/asan/blocklist_win.txt"
++# asan_win_ignorelist_path = "path/to/asan/blocklist_win.txt"
+ # lsan_suppressions_file = "path/to/lsan_suppressions.cc"
+ # tsan_suppressions_file = "path/to/tsan_suppressions.cc"
+-# tsan_blacklist_path = "path/to/tsan/ignores.txt"
+-# msan_blacklist_path = "path/to/msan/blacklist.txt"
+-# ubsan_blacklist_path = "path/to/ubsan/blacklist.txt"
+-# ubsan_vptr_blacklist_path = "path/to/ubsan/vptr_blacklist.txt"
+-# ubsan_security_blacklist_path = "path/to/ubsan/security_blacklist.txt"
+-# cfi_blacklist_path = "path/to/cfi/ignores.txt"
++# tsan_ignorelist_path = "path/to/tsan/ignores.txt"
++# msan_ignorelist_path = "path/to/msan/ignorelist.txt"
++# ubsan_ignorelist_path = "path/to/ubsan/ignorelist.txt"
++# ubsan_vptr_ignorelist_path = "path/to/ubsan/vptr_ignorelist.txt"
++# ubsan_security_ignorelist_path = "path/to/ubsan/security_ignorelist.txt"
++# cfi_ignorelist_path = "path/to/cfi/ignores.txt"
+
+ declare_args() {
+ # Android 32-bit non-component, non-clang builds cannot have symbol_level=2
+diff --git a/tools/msan/blacklist.txt b/tools/msan/ignorelist.txt
+similarity index 100%
+rename from tools/msan/blacklist.txt
+rename to tools/msan/ignorelist.txt
Deleted: unbundle-use-char16_t-as-UCHAR_TYPE.patch
===================================================================
--- unbundle-use-char16_t-as-UCHAR_TYPE.patch 2021-09-02 10:52:47 UTC (rev 1010567)
+++ unbundle-use-char16_t-as-UCHAR_TYPE.patch 2021-09-02 11:29:41 UTC (rev 1010568)
@@ -1,30 +0,0 @@
-From 79819c94f27524005889def53740c97a32cd7747 Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09 at googlemail.com>
-Date: Fri, 16 Apr 2021 20:57:15 +0000
-Subject: [PATCH] [unbundle] Use char16_t as UCHAR_TYPE
-
-Overriding UCHAR_TYPE was dropped with:
-https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2732628
-
-Bug: 911896
-Change-Id: I4c1172aab445c82ba247b1162b8484ed0db9c381
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830820
-Commit-Queue: Stephan Hartmann <stha09 at googlemail.com>
-Reviewed-by: Lei Zhang <thestig at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#873470}
----
- build/linux/unbundle/icu.gn | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/build/linux/unbundle/icu.gn b/build/linux/unbundle/icu.gn
-index 0f52fc11e79e6..6f3f8438bd854 100644
---- a/build/linux/unbundle/icu.gn
-+++ b/build/linux/unbundle/icu.gn
-@@ -16,7 +16,6 @@ config("icu_config") {
- defines = [
- "USING_SYSTEM_ICU=1",
- "ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC",
-- "UCHAR_TYPE=uint16_t",
-
- # U_EXPORT (defined in unicode/platform.h) is used to set public visibility
- # on classes through the U_COMMON_API and U_I18N_API macros (among others).
More information about the arch-commits
mailing list