Closed Bug 1290343 Opened 8 years ago Closed 8 years ago

Linux sandbox blocks Widevine 32bit CDM loading

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Version:
47 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox49 --- fixed
firefox50 --- fixed
firefox51 --- fixed

People

(Reporter: cpearce, Assigned: jld)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

bug1290343-gmp-euid32-hg0.diff
936 bytes, patch
tedd
: review+
ritu
: approval-mozilla-aurora+
lizzard
: approval-mozilla-beta+
Details | Diff | Splinter Review 
The 32bit Linux Widevine CDM won't load on 32bit Ubuntu 16.04.1. The 64bit one works fine in 64bit Ubuntu.

STR:
1. Install Ubuntu 16.04 32bit.
2. Install the bad codecs; `sudo apt-get install ubuntu-restricted-extras`.
3. Install latest Nightly 32bit build.
4. Start Nightly.
5. Set the following prefs:
media.gmp-manager.url.override = https://people.mozilla.org/~cpearce/update-widevine-903-linux86.xml
media.gmp-widevinecdm.visible = true
media.gmp-widevinecdm.enabled = true
browser.eme.ui.enabled = true
6. Open about:addons > Plugins, right click on "Widevine..." > Find updates. Wait several seconds for the CDM to install.
7. Open http://bitmovin.com/mpeg-dash-hls-drm-test-player/ click the video play button to play.
8. Observe "The WidevineCdm plugin has crashed" notification.

If I disable the sandbox with MOZ_DISABLE_GMP_SANDBOX=1, it works fine.
I see lots of logging, such as:

Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966811432.  Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966808168.  Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966804904.  Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966801640.  Killing process.

Does that explain what's happening?
Flags: needinfo?(jld)
Kind of.  It looks like there was some original crash that's not shown here — it would be the first "seccomp sandbox violation" printed — and then the crash handler tries to open a file and recursively crashes, which seems to be a regression introduced by bug 1236108, maybe?

Leaving needinfo to see if I can reproduce this easily…
Flags: needinfo?(jld)
Sandbox: seccomp sandbox violation: pid 11797, syscall 201, args 2875558888 0 3001745408 3215032864 2967240948 3215032936.  Killing process.

#define __NR_geteuid32 201

This should be a one-line fix.  The recursive crash problem, however, will need a separate bug.  It's looking like Linux GMP crash reporting has been broken for months and we had no idea….
Assignee: nobody → jld
See Also: → 1290618
See Also: → 1290633
Try run with a change to make this bug happen for all media plugins:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=7064bcb1491e

Try run with that + this patch:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=1fbb87574802
Attachment #8776676 - Flags: review?(julian.r.hector)
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Review of attachment 8776676 [details] [diff] [review]:
-----------------------------------------------------------------

lgtm
Attachment #8776676 - Flags: review?(julian.r.hector) → review+
Try runs in comment #4.
Keywords: checkin-needed
OS: Unspecified → Linux
Hardware: Unspecified → x86
Version: unspecified → 47 Branch
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/847bef59265f
Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/847bef59265f
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox51: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Approval Request Comment
[Feature/regressing bug #]: Widevine EME on Linux
[User impact if declined]: Widevine EME on Linux won't work on 32 bit Linux.
[Describe test coverage new/current, TreeHerder]: We have plenty of EME mochitests, which run on Linux.
[Risks and why]: Low; this is tweaking sandbox rules
[String/UUID change made/needed]: None
Attachment #8776676 - Flags: approval-mozilla-beta?
Attachment #8776676 - Flags: approval-mozilla-aurora?
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Widevine EME on Linux, Aurora50+
Attachment #8776676 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Let's try this for beta 3 to support Widevine on Linux.
Attachment #8776676 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: