From 1f5e706a21ef202513de1137608ef0edde917ddf Mon Sep 17 00:00:00 2001
From: Alexandre Lissy <lissyx+mozillians@lissyx.dyndns.org>
Date: Thu, 18 May 2023 13:28:07 +0000
Subject: [PATCH] Bug 1833110 - Cache ldconfig to limit main thread io
 r=jld,Gijs

Differential Revision: https://phabricator.services.mozilla.com/D178150
---
 .../performance/browser_startup_mainthreadio.js    | 14 --------
 .../linux/broker/SandboxBrokerPolicyFactory.cpp    | 40 +++++++++++++++-------
 2 files changed, 28 insertions(+), 26 deletions(-)

diff --git a/browser/base/content/test/performance/browser_startup_mainthreadio.js b/browser/base/content/test/performance/browser_startup_mainthreadio.js
index 10eea1f238e0..117ef40ddbe8 100644
--- a/browser/base/content/test/performance/browser_startup_mainthreadio.js
+++ b/browser/base/content/test/performance/browser_startup_mainthreadio.js
@@ -490,20 +490,6 @@ const startupPhases = {
       close: 1,
     },
     {
-      // bug 1833110, utility process instantiation due to JS ORB validator.
-      path: "*ld.so.conf*",
-      condition:
-        LINUX &&
-        !AppConstants.MOZ_CODE_COVERAGE &&
-        Services.prefs.getBoolPref(
-          "browser.opaqueResponseBlocking.javascriptValidator"
-        ),
-      read: 14,
-      /* Whether this happens before or after idle is racy: */
-      ignoreIfUnused: true,
-      close: 7,
-    },
-    {
       // bug 1391590
       path: "ProfD:places.sqlite-journal",
       ignoreIfUnused: true,
diff --git a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
index d83f9c81a285..83c642855dae 100644
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -16,6 +16,7 @@
 #include "mozilla/SandboxLaunch.h"
 #include "mozilla/SandboxSettings.h"
 #include "mozilla/StaticPrefs_security.h"
+#include "mozilla/StaticMutex.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/UniquePtrExtensions.h"
 #include "nsComponentManagerUtils.h"
@@ -62,6 +63,9 @@ static const int access = SandboxBroker::MAY_ACCESS;
 static const int deny = SandboxBroker::FORCE_DENY;
 }  // namespace
 
+using CacheE = std::pair<nsCString, int>;
+using FileCacheT = nsTArray<CacheE>;
+
 static void AddDriPaths(SandboxBroker::Policy* aPolicy) {
   // Bug 1401666: Mesa driver loader part 2: Mesa <= 12 using libudev
   // Used by libdrm, which is used by Mesa, and
@@ -157,12 +161,11 @@ static void JoinPathIfRelative(const nsACString& aCwd, const nsACString& inPath,
   }
 }
 
-static void AddPathsFromFile(SandboxBroker::Policy* aPolicy,
-                             const nsACString& aPath);
+static void CachePathsFromFile(FileCacheT& aCache, const nsACString& aPath);
 
-static void AddPathsFromFileInternal(SandboxBroker::Policy* aPolicy,
-                                     const nsACString& aCwd,
-                                     const nsACString& aPath) {
+static void CachePathsFromFileInternal(FileCacheT& aCache,
+                                       const nsACString& aCwd,
+                                       const nsACString& aPath) {
   nsresult rv;
   nsCOMPtr<nsIFile> ldconfig(do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv));
   if (NS_FAILED(rv)) {
@@ -223,7 +226,7 @@ static void AddPathsFromFileInternal(SandboxBroker::Policy* aPolicy,
                   &globbuf)) {
           for (size_t fileIdx = 0; fileIdx < globbuf.gl_pathc; fileIdx++) {
             nsAutoCString filePath(globbuf.gl_pathv[fileIdx]);
-            AddPathsFromFile(aPolicy, filePath);
+            CachePathsFromFile(aCache, filePath);
           }
           globfree(&globbuf);
         }
@@ -237,14 +240,13 @@ static void AddPathsFromFileInternal(SandboxBroker::Policy* aPolicy,
     }
     char* resolvedPath = realpath(line.get(), nullptr);
     if (resolvedPath) {
-      aPolicy->AddDir(rdonly, resolvedPath);
+      aCache.AppendElement(std::make_pair(nsCString(resolvedPath), rdonly));
       free(resolvedPath);
     }
   } while (more);
 }
 
-static void AddPathsFromFile(SandboxBroker::Policy* aPolicy,
-                             const nsACString& aPath) {
+static void CachePathsFromFile(FileCacheT& aCache, const nsACString& aPath) {
   // Find the new base path where that file sits in.
   nsresult rv;
   nsCOMPtr<nsIFile> includeFile(
@@ -275,12 +277,26 @@ static void AddPathsFromFile(SandboxBroker::Policy* aPolicy,
   if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
     SANDBOX_LOG("Parent path is %s", PromiseFlatCString(parentPath).get());
   }
-  AddPathsFromFileInternal(aPolicy, parentPath, aPath);
+  CachePathsFromFileInternal(aCache, parentPath, aPath);
 }
 
 static void AddLdconfigPaths(SandboxBroker::Policy* aPolicy) {
-  nsAutoCString ldConfig("/etc/ld.so.conf"_ns);
-  AddPathsFromFile(aPolicy, ldConfig);
+  static StaticMutex sMutex;
+  StaticMutexAutoLock lock(sMutex);
+
+  static FileCacheT ldConfigCache{};
+  static bool ldConfigCachePopulated = false;
+  if (!ldConfigCachePopulated) {
+    CachePathsFromFile(ldConfigCache, "/etc/ld.so.conf"_ns);
+    ldConfigCachePopulated = true;
+    RunOnShutdown([&] {
+      ldConfigCache.Clear();
+      MOZ_ASSERT(ldConfigCache.IsEmpty(), "ldconfig cache should be empty");
+    });
+  }
+  for (const CacheE& e : ldConfigCache) {
+    aPolicy->AddDir(e.second, e.first.get());
+  }
 }
 
 static void AddLdLibraryEnvPaths(SandboxBroker::Policy* aPolicy) {
-- 
2.11.4.GIT