Crash on windows when logging AEC data from about:webrtc

RESOLVED FIXED in Firefox 49

Status

()

Core
WebRTC: Audio/Video
P1
normal
Rank:
10
RESOLVED FIXED
2 years ago
9 months ago

People

(Reporter: jesup, Assigned: jesup)

Tracking

(Blocks: 1 bug)

Trunk
mozilla49
Points:
---

Firefox Tracking Flags

(e10s-, firefox49 fixed)

Details

Attachments

(3 attachments, 1 obsolete attachment)

(Assignee)

Description

2 years ago
We're crashing the plugin-container because we fail to open AEC log files in windows under e10s.  The code considers a failure-to-open to be crash-worthy.

Another cause for crashing is if you set the pref to a directory that doesn't exist or you can't write to (from the Content process in e10s, or in non-e10s mode, if you can't write for any reason.)

Also, we're using XP_WIN to know if we're on windows or not, we should be using WEBRTC_WIN; XP_WIN is a mozilla-ism.

The base problem for e10s seems to be the use of NS_OS_TEMP_DIR -- I think we should be using NS_WIN_LOW_INTEGRITY_TEMP_BASE.  Separately we should not crash on failure to open (override the upstream code's preference to crash).
(Assignee)

Comment 1

2 years ago
bob/jimm: Is NS_WIN_LOW_INTEGRITY_TEMP_BASE the right thing to use?
Rank: 10
Flags: needinfo?(jmathies)
Flags: needinfo?(bobowen.code)
Priority: -- → P1
(Assignee)

Comment 2

2 years ago
Created attachment 8748442 [details] [diff] [review]
use NS_WIN_LOW_INTEGRITY_TEMP_BASE for AEC logs

MozReview-Commit-ID: ByZZs9MKMDK
Attachment #8748442 - Flags: review?(bobowen.code)
(Assignee)

Comment 3

2 years ago
Created attachment 8748443 [details] [diff] [review]
Fix some errant (though working) ifdefs in mods to upstream webrtc code

MozReview-Commit-ID: 3bCBD3I4fHO
Attachment #8748443 - Flags: review?(pkerr)
(Assignee)

Comment 4

2 years ago
Created attachment 8748444 [details] [diff] [review]
don't crash if an AEC logfile fails to open

MozReview-Commit-ID: 4MgOZe5jO3p
Attachment #8748444 - Flags: review?(pkerr)

Updated

2 years ago
Attachment #8748443 - Flags: review?(pkerr) → review+

Updated

2 years ago
Attachment #8748444 - Flags: review?(pkerr) → review+
(Assignee)

Comment 5

2 years ago
Created attachment 8748448 [details] [diff] [review]
use NS_WIN_LOW_INTEGRITY_TEMP_BASE for AEC logs

as pkerr points out, that's clearly windows-only
Attachment #8748448 - Flags: review?(bobowen.code)
(Assignee)

Updated

2 years ago
Attachment #8748442 - Attachment is obsolete: true
Attachment #8748442 - Flags: review?(bobowen.code)

Comment 6

2 years ago
(In reply to Randell Jesup [:jesup] from comment #1)
> bob/jimm: Is NS_WIN_LOW_INTEGRITY_TEMP_BASE the right thing to use?

It depends on what you want.

You might be better using NS_APP_CONTENT_PROCESS_TEMP_DIR, which will work for Mac as well.
I suspect you might have similar problems on Mac Nightly with this logging.

NS_APP_CONTENT_PROCESS_TEMP_DIR gets deleted on shutdown, so if that's a problem you could use NS_WIN_LOW_INTEGRITY_TEMP_BASE or perhaps a new directory beneath it.
Although you might need to think about how that gets cleaned up, because it's in a place that users wouldn't normally go to clear temp files.

Also if you're using this directory in the parent, this might have security implications.
Could you use separate directories in the parent and child?
When necessary, NS_OS_TEMP_DIR in the content process gets changed to the same as NS_APP_CONTENT_PROCESS_TEMP_DIR during ContentProcess::Init.

Happened to notice that WebRtcLog.cpp looks like it sets up another log file with NS_OS_TEMP_DIR, would that need to be changed as well?

I'll clear the review request for the moment.
Flags: needinfo?(jmathies)
Flags: needinfo?(bobowen.code)

Updated

2 years ago
Attachment #8748448 - Flags: review?(bobowen.code)
tracking-e10s: --- → ?

Comment 7

2 years ago
I'm not sure what is best here.

You could use NS_WIN_LOW_INTEGRITY_TEMP_BASE and construct a sandbox writeable directory and file, but this won't help for Mac assuming you have the same problem.

Even these writeable directories are a bit of a stop gap that we'd like to get rid of eventually, particularly for release builds.

Assuming that this logging is turned on in the UI, could you pass file handles to the child process to be used?
This is probably the best long term solution.
(Assignee)

Comment 8

2 years ago
Opening in the parent may make sense, though that will be a pain since the low-level code is what's deciding the files to log.  Can the master process create a directory that's writable by content, and pass that down somehow?

In the shorter term, we want to get something working so we can ask people for logs and not tell them to use non-e10s windows or turn it off.  So we may want to land this or something very like it and then follow up.

Passing the data through IPC would be another option, but would require a *bunch* more work to batch this up and asynchronously feed it across from another thread (this is collected in realtime code; it's already playing with fire by using fwrite here today and is mostly saved by stdio/OS buffering and faster machines).

Some of this work may already have been done for webrtc.org logging, so that might be leveraged here.  Chrome instead dumps logs and AEC data and other stuff all into one composite metafile where stuff can pulled out.

Comment 9

2 years ago
sandboxing related.
tracking-e10s: ? → -

Comment 10

2 years ago
(In reply to Randell Jesup [:jesup] from comment #8)
> Opening in the parent may make sense, though that will be a pain since the
> low-level code is what's deciding the files to log.  Can the master process
> create a directory that's writable by content, and pass that down somehow?
> 
> In the shorter term, we want to get something working so we can ask people
> for logs and not tell them to use non-e10s windows or turn it off.  So we
> may want to land this or something very like it and then follow up.

Can you ask them to disable the security sandbox instead? AFAICT e10s isn't really key here.

Maybe just harden your logging code such that it doesn't crash if the sandbox is on. That should work up to the point where we start enforcing a minimal sandbox for content processes.

Updated

2 years ago
Blocks: 1259160
(Assignee)

Comment 11

2 years ago
(In reply to Jim Mathies [:jimm] from comment #10)
> (In reply to Randell Jesup [:jesup] from comment #8)
> > Opening in the parent may make sense, though that will be a pain since the
> > low-level code is what's deciding the files to log.  Can the master process
> > create a directory that's writable by content, and pass that down somehow?
> > 
> > In the shorter term, we want to get something working so we can ask people
> > for logs and not tell them to use non-e10s windows or turn it off.  So we
> > may want to land this or something very like it and then follow up.
> 
> Can you ask them to disable the security sandbox instead? AFAICT e10s isn't
> really key here.

We need to be able to ask users (and third-party-developers) for logs, and in particular to turn on logs in the middle of existing calls. 

> Maybe just harden your logging code such that it doesn't crash if the
> sandbox is on. That should work up to the point where we start enforcing a
> minimal sandbox for content processes.

The other two patches here will block the crashing; but that doesn't help us deal with reports of "I hear echo sometimes", and only barely helps with "I hear echo on machine X".  It's confusing enough getting people to tell the person *not* hearing the echo to turn on AEC logging.

For other logs (i.e. mtransport/nicer/R_LOG* logs) it's perhaps more problematic, though those (currently) are turned on before starting the browser.

I prefer not to go back to the equivalent of the old "please download a debug build and try to repro with logging" if I can.

Comment 12

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/00dd4f7e1b8f
https://hg.mozilla.org/integration/mozilla-inbound/rev/6251d574735f
https://hg.mozilla.org/mozilla-central/rev/00dd4f7e1b8f
https://hg.mozilla.org/mozilla-central/rev/6251d574735f
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox49: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla49

Updated

9 months ago
See Also: → bug 1345046
You need to log in before you can comment on or make changes to this bug.