From df1c31188d7262772e1d2dc476e1443b5b8dbdaf Mon Sep 17 00:00:00 2001
From: Christian Blichmann <cblichmann@google.com>
Date: Mon, 11 Oct 2021 01:21:26 -0700
Subject: [PATCH] Fix sums test under MSAN by allowing Scudo to add
 `MAP_NORESERVE` in `mmap()`

Note: This change allows `MAP_NORESERVE` generally, not just for MSAN. This follows
what we do for `AllowTcMalloc()/AllowSystemMalloc()`
PiperOrigin-RevId: 402231980
Change-Id: Ifa1c6b9f61f636dd6db231dde3765c3b4a40911b
---
 sandboxed_api/sandbox.h                 | 2 +-
 sandboxed_api/sandbox2/policybuilder.cc | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/sandboxed_api/sandbox.h b/sandboxed_api/sandbox.h
index 10d8364..7c150d9 100644
--- a/sandboxed_api/sandbox.h
+++ b/sandboxed_api/sandbox.h
@@ -131,7 +131,7 @@ class Sandbox {
   //  - absolute: will be used as is.
   virtual std::string GetLibPath() const { return ""; }
 
-  // Gets the environment varialbes passed to the sandboxee.
+  // Gets the environment variables passed to the sandboxee.
   virtual void GetEnvs(std::vector<std::string>* envs) const {}
 
   // Modifies the Executor object if needed.
diff --git a/sandboxed_api/sandbox2/policybuilder.cc b/sandboxed_api/sandbox2/policybuilder.cc
index 6bcf14c..25462f7 100644
--- a/sandboxed_api/sandbox2/policybuilder.cc
+++ b/sandboxed_api/sandbox2/policybuilder.cc
@@ -113,7 +113,8 @@ PolicyBuilder& PolicyBuilder::AllowScudoMalloc() {
 
         // PROT_READ | PROT_WRITE
         ARG_32(3),  // flags
-        JEQ32(MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, ALLOW),
+        BPF_STMT(BPF_ALU | BPF_AND | BPF_K,
+                 ~uint32_t{MAP_FIXED | MAP_NORESERVE}),
         JEQ32(MAP_PRIVATE | MAP_ANONYMOUS, ALLOW),
         JUMP(&labels, mmap_end),