Seccomp sandbox violation: sys_fallocate called in content process of Firefox desktop

RESOLVED FIXED in Firefox 50

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: tedd, Assigned: tedd)

Tracking

unspecified
mozilla50
Points:
---

Firefox Tracking Flags

(firefox50 fixed)

Details

(Whiteboard: sblc1, crash signature)

Attachments

(2 attachments)

(Assignee)

Description

a year ago
Crash reports show that sys_fallocate is called from the content process:

https://crash-stats.mozilla.com/search/?product=Firefox&reason=~SIGSYS&address=0x11d&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports

Updated

a year ago
Whiteboard: sblc1
Crash Signature: [@ libc-2.23.so@0xdf26f ] [@ libc-2.23.so@0xfba0f ] [@ libc-2.21.so@0xf80af ] [@ libc-2.19.so@0xe0840 ] [@ libc-2.22.so@0xe092f ] [@ libc-2.23.so@0xf7edf ] [@ libc-2.22.so@0xf765f ]
Just in case it helps, this happens consistently for me when printing to a file.

Also, crash happens just after reaching a supposedly unreached code:

[Child 8846] ###!!! ASSERTION: Deallocator for PPrintProgressDialogChild should not be called on nsPrintingProxy.: 'Not Reached'

http://searchfox.org/mozilla-central/source/embedding/components/printingui/ipc/nsPrintingProxy.cpp#227
Created attachment 8773574 [details]
stack trace, crashed due to printing to file

Just crashed trying to print a boarding pass to PDF.
Looks like we need to whitelist this at least until we have proper e10s-enabled printing on Linux.
(Assignee)

Comment 4

a year ago
Created attachment 8774333 [details] [diff] [review]
Add sys_fallocate to seccomp whitelist. r=gcp

Try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=c020cee1bab7
Assignee: nobody → julian.r.hector
Status: NEW → ASSIGNED
Attachment #8774333 - Flags: review?(gpascutto)
Attachment #8774333 - Flags: review?(gpascutto) → review+
(Assignee)

Comment 5

a year ago
Try in Comment 4
Keywords: checkin-needed

Comment 6

a year ago
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7107f6c51542
Add sys_fallocate to seccomp whitelist. r=gcp
Keywords: checkin-needed

Comment 7

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/7107f6c51542
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
status-firefox50: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in before you can comment on or make changes to this bug.