Closed
Bug 1303813
Opened 8 years ago
Closed 8 years ago
Allow madvise(_, _, MADV_FREE) in the GMP seccomp-bpf policy
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: jld, Assigned: jld)
References
(Blocks 1 open bug)
Details
(Whiteboard: sblc2)
Crash Data
Attachments
(1 file)
|
1.32 KB,
patch
|
gcp
:
review+
ritu
:
approval-mozilla-aurora+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
Linux 4.5 added MADV_FREE, as follows: #define MADV_FREE 8 /* free pages only if memory pressure */ If Firefox is built on a Linux system with new enough headers, we'll use it instead of MADV_DONTNEED[1][2] in mozjemalloc. The content process policy doesn't filter madvise by advice type (yet), but the GMP policy does, and it doesn't currently allow MADV_FREE. So we should fix that. [1] http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/memory/mozjemalloc/jemalloc.c#323 [2] http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/memory/mozjemalloc/jemalloc.c#3787
|
||
Updated•8 years ago
|
Whiteboard: sblc2
|
||
Updated•8 years ago
|
Blocks: widevine-linux
|
Assignee | |
Updated•8 years ago
|
Crash Signature: [@ libc-2.24.so@0x1020a7 ] → [@ libc-2.24.so@0x1020a7 ] [@ libc-2.24.so@0x101837 ]
|
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → jld
|
|
Assignee | |
Comment 3•8 years ago
|
||
Attachment #8795063 -
Flags: review?(gpascutto)
|
||
Updated•8 years ago
|
Attachment #8795063 -
Flags: review?(gpascutto) → review+
|
|
Assignee | |
Comment 4•8 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=54d9852667b1 although the official builds wouldn't affected by this bug because the build hosts have relatively old kernel headers. (The media failures are a little worrying but they're intermittent and don't look related.)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/11a470398b1f Allow media plugins to call madvise with MADV_FREE. r=gcp
Keywords: checkin-needed
|
||
Comment 6•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/11a470398b1f
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
|
|
||
Comment 7•8 years ago
|
||
Jed: Can we uplift this to beta so that our users can enjoy their DRM encumbered video on Linux?
Flags: needinfo?(jld)
|
|
Assignee | |
Comment 8•8 years ago
|
||
Comment on attachment 8795063 [details] [diff] [review] bug1303813-madv-free-hg0.diff Approval Request Comment [Feature/regressing bug #]: EME [User impact if declined]: Widevine plugin crashes on some Linux distributions [Describe test coverage new/current, TreeHerder]: Manually verified that this fixes the crash. The GMP framework has a test suite, and this has been stable on m-c for a few days [Risks and why]: Very low — this just allows a system call that would previously have caused a crash. [String/UUID change made/needed]: None
Flags: needinfo?(jld)
Attachment #8795063 -
Flags: approval-mozilla-beta?
Attachment #8795063 -
Flags: approval-mozilla-aurora?
|
||
Updated•8 years ago
|
status-firefox50:
--- → affected
Comment on attachment 8795063 [details] [diff] [review] bug1303813-madv-free-hg0.diff Crash fix, Aurora51+, Beta50+
Attachment #8795063 -
Flags: approval-mozilla-beta?
Attachment #8795063 -
Flags: approval-mozilla-beta+
Attachment #8795063 -
Flags: approval-mozilla-aurora?
Attachment #8795063 -
Flags: approval-mozilla-aurora+
|
||
Comment 10•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-aurora/rev/d3af65afc4c8
|
|
||
Comment 11•8 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/c97ea049e8f4
|
||
Comment 14•7 years ago
|
||
The described bug started to happen to me on firefox-53.0. I'm on a Gentoo build.
|
|
Assignee | |
Comment 15•7 years ago
|
||
(In reply to bjoern.online from comment #14) > The described bug started to happen to me on firefox-53.0. > > I'm on a Gentoo build. If it's still crashing on 53.0, that's probably a separate bug. If you submitted a crash report, can you comment with the crash ID (available in about:crashes)?
Flags: needinfo?(bjoern.online)
|
|
||
Comment 16•7 years ago
|
||
I just tried the firefox-bin on Gentoo and there it works. So I guess it is a Gentoo Problem. I'll just leave the corresponding crashdump here anyway. (about:crashes is disabled in the Gentoo build because of legal issues apparently) Sandbox: seccomp sandbox violation: pid 8533, syscall 28, args 139734261170176 2097152 15 1612 139734263267664 0. Killing process. Sandbox: crash reporter is disabled (or failed); trying stack trace: Sandbox: frame #01: madvise[/lib64/libc.so.6 +0xe3757] Sandbox: frame #02: ???[/usr/lib64/firefox/plugin-container +0x3d7de] Sandbox: frame #03: ???[/usr/lib64/firefox/plugin-container +0x2d41f] Sandbox: frame #04: ???[/usr/lib64/firefox/plugin-container +0x2b563] Sandbox: frame #05: ???[/usr/lib64/firefox/plugin-container +0x2e154] Sandbox: frame #06: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x170ef3] Sandbox: frame #07: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x250bde] Sandbox: frame #08: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x16f199] Sandbox: frame #09: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x16ecbf] Sandbox: frame #10: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x170228] Sandbox: frame #11: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x2568b0] Sandbox: frame #12: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x25df76] Sandbox: frame #13: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x15b797] Sandbox: frame #14: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x524bc] Sandbox: frame #15: ???[/usr/lib64/firefox/libxul.so +0x246a823] Sandbox: frame #16: ???[/usr/lib64/firefox/libxul.so +0x244feb6] Sandbox: frame #17: ???[/usr/lib64/firefox/libxul.so +0xfa0ccd] Sandbox: frame #18: ???[/usr/lib64/firefox/libxul.so +0xf8678f] Sandbox: frame #19: ???[/usr/lib64/firefox/libxul.so +0xf11b2d] Sandbox: frame #20: ???[/usr/lib64/firefox/libxul.so +0xf19e2b] Sandbox: frame #21: ???[/usr/lib64/firefox/libxul.so +0xf1bbad] Sandbox: frame #22: ???[/usr/lib64/firefox/libxul.so +0xec967d] Sandbox: frame #23: ???[/usr/lib64/firefox/libxul.so +0xec9ac6] Sandbox: frame #24: ???[/usr/lib64/firefox/libxul.so +0xebccca] Sandbox: frame #25: ???[/usr/lib64/firefox/libxul.so +0xec22cd] Sandbox: frame #26: ???[/usr/lib64/firefox/libxul.so +0x337eeb6] Sandbox: frame #27: ???[/usr/lib64/firefox/plugin-container +0x73a7] Sandbox: frame #28: ???[/usr/lib64/firefox/plugin-container +0x7089] Sandbox: frame #29: __libc_start_main[/lib64/libc.so.6 +0x20790] Sandbox: frame #30: _start[/usr/lib64/firefox/plugin-container +0x7259] Sandbox: frame #31: ??? (???:???) Sandbox: end of stack.
Flags: needinfo?(bjoern.online)
|
|
Assignee | |
Comment 17•7 years ago
|
||
15 == MADV_NOHUGEPAGE. I've filed bug 1364533.
You need to log in
before you can comment on or make changes to this bug.
Description
•