commit 4f49c8bca6f8beaf30de9e51b7a767036e9e6489
parent 384b70cdf5968d43feb375730c2229906f774bd4
Author: Bob Owen <bobowencode@gmail.com>
Date: Mon, 3 Nov 2025 19:50:29 +0000
Bug 1997854 - Change the number of policy memory pages back to previous value. r=yjuglaret
This also surfaces that value as a constant, so that we can rely on it.
Differential Revision: https://phabricator.services.mozilla.com/D271086
Diffstat:
4 files changed, 59 insertions(+), 3 deletions(-)
diff --git a/security/sandbox/chromium-shim/patches/52_surface_kPolMemPageCount_and_revert_to_14.patch b/security/sandbox/chromium-shim/patches/52_surface_kPolMemPageCount_and_revert_to_14.patch
@@ -0,0 +1,51 @@
+This surfaces the memory page count for the maximum policy size as a constant,
+so that we can rely on it in our code. It also reverts it to 14, the value
+it was set to before the latest chromium sandbox update.
+
+diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h b/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
+index 4d9d8f270890..bffab2fae890 100644
+--- a/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
++++ b/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
+@@ -10,16 +10,19 @@
+
+ #include "base/containers/span.h"
+ #include "base/memory/scoped_refptr.h"
+ #include "sandbox/win/src/sandbox_types.h"
+ #include "sandbox/win/src/security_level.h"
+
+ namespace sandbox {
+
++// Number of memory pages to allow for the policy storage.
++constexpr size_t kPolMemPageCount = 14;
++
+ class AppContainer;
+
+ // Desktop used to launch child, controls GetDesktop().
+ enum class Desktop {
+ // Child is launched without changing the desktop.
+ kDefault,
+ // Child is launched using the alternate desktop.
+ kAlternateDesktop,
+diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc b/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
+index 2559133d772b..3395e9cadc07 100644
+--- a/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
++++ b/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
+@@ -44,17 +44,17 @@
+
+ namespace sandbox {
+ namespace {
+
+ // The standard windows size for one memory page.
+ constexpr size_t kOneMemPage = 4096;
+ // The IPC and Policy shared memory sizes.
+ constexpr size_t kIPCMemSize = kOneMemPage * 2;
+-constexpr size_t kPolMemSize = kOneMemPage * 6;
++constexpr size_t kPolMemSize = kOneMemPage * kPolMemPageCount;
+
+ // Offset of pShimData in ntdll!_PEB.
+ #if defined(_WIN64)
+ // This is the same on x64 and arm64.
+ constexpr ptrdiff_t kShimDataOffset = 0x2d8;
+ #else
+ constexpr ptrdiff_t kShimDataOffset = 0x1e8;
+ #endif
diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h b/security/sandbox/chromium/sandbox/win/src/sandbox_policy.h
@@ -15,6 +15,9 @@
namespace sandbox {
+// Number of memory pages to allow for the policy storage.
+constexpr size_t kPolMemPageCount = 14;
+
class AppContainer;
// Desktop used to launch child, controls GetDesktop().
diff --git a/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc b/security/sandbox/chromium/sandbox/win/src/sandbox_policy_base.cc
@@ -49,7 +49,7 @@ namespace {
constexpr size_t kOneMemPage = 4096;
// The IPC and Policy shared memory sizes.
constexpr size_t kIPCMemSize = kOneMemPage * 2;
-constexpr size_t kPolMemSize = kOneMemPage * 6;
+constexpr size_t kPolMemSize = kOneMemPage * kPolMemPageCount;
// Offset of pShimData in ntdll!_PEB.
#if defined(_WIN64)
diff --git a/security/sandbox/win/src/sandboxbroker/ConfigHelpers.cpp b/security/sandbox/win/src/sandboxbroker/ConfigHelpers.cpp
@@ -30,8 +30,10 @@ SizeTrackingConfig::SizeTrackingConfig(sandbox::TargetConfig* aConfig,
: mConfig(aConfig) {
MOZ_ASSERT(mConfig);
- // The calculation at the start of sandbox_policy_base.cc allows for 14 pages.
- MOZ_ASSERT(aStoragePages <= 14);
+ // The calculation uses the kPolMemPageCount constant in sandbox_policy.h.
+ // We reduce the allowable size by 1 to account for the PolicyGlobal.
+ MOZ_ASSERT(aStoragePages > 0);
+ MOZ_ASSERT(static_cast<size_t>(aStoragePages) < sandbox::kPolMemPageCount);
constexpr int32_t kOneMemPage = 4096;
mRemainingSize = kOneMemPage * aStoragePages;
