diff --git a/mozglue/misc/WindowsProcessMitigations.cpp b/mozglue/misc/WindowsProcessMitigations.cpp index bd5a72b5f0a5..391876cef4c8 100644 --- a/mozglue/misc/WindowsProcessMitigations.cpp +++ b/mozglue/misc/WindowsProcessMitigations.cpp @@ -17,11 +17,18 @@ BOOL WINAPI GetProcessMitigationPolicy( namespace mozilla { -MFBT_API bool IsWin32kLockedDown() { +static const DynamicallyLinkedFunctionPtr< + decltype(&::GetProcessMitigationPolicy)>& +FetchGetProcessMitigationPolicyFunc() { static const DynamicallyLinkedFunctionPtr pGetProcessMitigationPolicy(L"kernel32.dll", "GetProcessMitigationPolicy"); + return pGetProcessMitigationPolicy; +} + +MFBT_API bool IsWin32kLockedDown() { + auto& pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc(); if (!pGetProcessMitigationPolicy) { return false; } @@ -36,4 +43,20 @@ MFBT_API bool IsWin32kLockedDown() { return polInfo.DisallowWin32kSystemCalls; } +MFBT_API bool IsDynamicCodeDisabled() { + auto& pGetProcessMitigationPolicy = FetchGetProcessMitigationPolicyFunc(); + if (!pGetProcessMitigationPolicy) { + return false; + } + + PROCESS_MITIGATION_DYNAMIC_CODE_POLICY polInfo; + if (!pGetProcessMitigationPolicy(::GetCurrentProcess(), + ProcessDynamicCodePolicy, &polInfo, + sizeof(polInfo))) { + return false; + } + + return polInfo.ProhibitDynamicCode; +} + } // namespace mozilla diff --git a/mozglue/misc/WindowsProcessMitigations.h b/mozglue/misc/WindowsProcessMitigations.h index 353aa5b734d3..b8721080ea4b 100644 --- a/mozglue/misc/WindowsProcessMitigations.h +++ b/mozglue/misc/WindowsProcessMitigations.h @@ -12,6 +12,7 @@ namespace mozilla { MFBT_API bool IsWin32kLockedDown(); +MFBT_API bool IsDynamicCodeDisabled(); } // namespace mozilla diff --git a/mozglue/misc/interceptor/Trampoline.h b/mozglue/misc/interceptor/Trampoline.h index b9d9a61ac059..909de6e11564 100644 --- a/mozglue/misc/interceptor/Trampoline.h +++ b/mozglue/misc/interceptor/Trampoline.h @@ -12,6 +12,7 @@ #include "mozilla/CheckedInt.h" #include "mozilla/Maybe.h" #include "mozilla/Types.h" +#include "mozilla/WindowsProcessMitigations.h" namespace mozilla { namespace interceptor { @@ -345,9 +346,18 @@ class MOZ_STACK_CLASS TrampolineCollection final { return; } - DebugOnly ok = mMMPolicy.Protect(aLocalBase, aNumTramps * aTrampSize, - PAGE_EXECUTE_READWRITE, &mPrevProt); - MOZ_ASSERT(ok); + BOOL ok = mMMPolicy.Protect(aLocalBase, aNumTramps * aTrampSize, + PAGE_EXECUTE_READWRITE, &mPrevProt); + if (!ok) { + // When destroying a sandboxed process that uses + // MITIGATION_DYNAMIC_CODE_DISABLE, we won't be allowed to write to our + // executable memory so we just do nothing. If we fail to get access + // to memory for any other reason, we still don't want to crash but we + // do assert. + MOZ_ASSERT(IsDynamicCodeDisabled()); + mNumTramps = 0; + mPrevProt = 0; + } } ~TrampolineCollection() { @@ -405,7 +415,7 @@ class MOZ_STACK_CLASS TrampolineCollection final { uint8_t* const mLocalBase; const uintptr_t mRemoteBase; const uint32_t mTrampSize; - const uint32_t mNumTramps; + uint32_t mNumTramps; uint32_t mPrevProt; CRITICAL_SECTION* mCS;