Closed Bug 1285771 Opened 8 years ago Closed 8 years ago

Seccomp sandbox violation: sys_mlock called in content process of Firefox desktop

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla50
Tracking Flags:
Tracking Status
firefox50 --- fixed

People

(Reporter: tedd, Assigned: tedd)

References

Details

Crash Data

Attachments

(1 file)

Add sys_mlock to seccomp whitelist r=gcp
782 bytes, patch
gcp
: review+
Details | Diff | Splinter Review 
sys_mlock doesn't look like a dangerous system call, it allows to lock a memory range into RAM preventing it from being swapped out (probably used by graphics). I don't see why we shouldn't whitelist it.

Try push for build: https://treeherder.mozilla.org/#/jobs?repo=try&revision=6a26abbddbaf
Assignee: nobody → julian.r.hector
Attachment #8769776 - Flags: review?(gpascutto)
Stack is a bit complicated but underlying caller is most likely the proprietary AMD gfx driver.
Attachment #8769776 - Flags: review?(gpascutto) → review+
Keywords: checkin-needed
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/52763f9aca69
Add sys_mlock to seccomp whitelist. r=gcp
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/52763f9aca69
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox50: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
Crash Signature: [@ libc-2.20.so@0xf2027 ] [@ libc-2.19.so@0xe22c7 ] [@ libc-2.23.so@0xe3627 ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: