зеркало из https://github.com/mozilla/gecko-dev.git
bb7bbfa321
If these aren't close-on-exec, they can be inherited by the crash reporter process after the parent process has crashed and exited, causing child processes to continue running when the IPC I/O thread blocks in the file broker trying to open a GeckoChildCrash temp file. (Empirically, the main thread then blocks waiting for the I/O thread.) Operations that run on dedicated threads, like playing media, may continue even though the main and IPC threads are locked up, resulting in videos that keep playing sound even though the browser seems to no longer exist. If the broker socket is closed as expected when the parent process exits, the child will return failure from the brokered file operation and then go on to get an IPC error due to the parent process's nonexistence, and will exit as normal. This patch makes the same change to rejected syscall reporting, even though that's a one-way asynchronous message with no response to wait for, just in case something goes wrong enough to fill the entire socket buffer but not so badly broken that it would wind up in an infinite loop anyway. SOCK_CLOEXEC has been present since Linux 2.6.26, and it would be used only if seccomp-bpf is available, so it should be safe to use unconditionally. MozReview-Commit-ID: 7tDPBJILzlj --HG-- extra : rebase_source : b797655dff2eea88c406d83dcee4a859f2a038b7 |
||
|---|---|---|
| .. | ||
| SandboxReporter.cpp | ||
| SandboxReporter.h | ||
| SandboxReporterCommon.h | ||
| SandboxReporterWrappers.cpp | ||
| moz.build | ||