Closed
Bug 1290343
Opened 8 years ago
Closed 8 years ago
Linux sandbox blocks Widevine 32bit CDM loading
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
RESOLVED
FIXED
mozilla51
People
(Reporter: cpearce, Assigned: jld)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
936 bytes,
patch
|
tedd
:
review+
ritu
:
approval-mozilla-aurora+
lizzard
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
The 32bit Linux Widevine CDM won't load on 32bit Ubuntu 16.04.1. The 64bit one works fine in 64bit Ubuntu.
STR:
1. Install Ubuntu 16.04 32bit.
2. Install the bad codecs; `sudo apt-get install ubuntu-restricted-extras`.
3. Install latest Nightly 32bit build.
4. Start Nightly.
5. Set the following prefs:
media.gmp-manager.url.override = https://people.mozilla.org/~cpearce/update-widevine-903-linux86.xml
media.gmp-widevinecdm.visible = true
media.gmp-widevinecdm.enabled = true
browser.eme.ui.enabled = true
6. Open about:addons > Plugins, right click on "Widevine..." > Find updates. Wait several seconds for the CDM to install.
7. Open http://bitmovin.com/mpeg-dash-hls-drm-test-player/ click the video play button to play.
8. Observe "The WidevineCdm plugin has crashed" notification.
If I disable the sandbox with MOZ_DISABLE_GMP_SANDBOX=1, it works fine.
Reporter | ||
Comment 1•8 years ago
|
||
I see lots of logging, such as:
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966811432. Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966808168. Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966804904. Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966801640. Killing process.
Does that explain what's happening?
Flags: needinfo?(jld)
Assignee | ||
Comment 2•8 years ago
|
||
Kind of. It looks like there was some original crash that's not shown here — it would be the first "seccomp sandbox violation" printed — and then the crash handler tries to open a file and recursively crashes, which seems to be a regression introduced by bug 1236108, maybe?
Leaving needinfo to see if I can reproduce this easily…
Flags: needinfo?(jld)
Assignee | ||
Comment 3•8 years ago
|
||
Sandbox: seccomp sandbox violation: pid 11797, syscall 201, args 2875558888 0 3001745408 3215032864 2967240948 3215032936. Killing process.
#define __NR_geteuid32 201
This should be a one-line fix. The recursive crash problem, however, will need a separate bug. It's looking like Linux GMP crash reporting has been broken for months and we had no idea….
Assignee: nobody → jld
Assignee | ||
Comment 4•8 years ago
|
||
Try run with a change to make this bug happen for all media plugins:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=7064bcb1491e
Try run with that + this patch:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=1fbb87574802
Attachment #8776676 -
Flags: review?(julian.r.hector)
Comment 5•8 years ago
|
||
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff
Review of attachment 8776676 [details] [diff] [review]:
-----------------------------------------------------------------
lgtm
Attachment #8776676 -
Flags: review?(julian.r.hector) → review+
Assignee | ||
Comment 6•8 years ago
|
||
Try runs in comment #4.
Keywords: checkin-needed
OS: Unspecified → Linux
Hardware: Unspecified → x86
Version: unspecified → 47 Branch
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/847bef59265f
Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd
Keywords: checkin-needed
Comment 8•8 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox51:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Reporter | ||
Comment 9•8 years ago
|
||
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff
Approval Request Comment
[Feature/regressing bug #]: Widevine EME on Linux
[User impact if declined]: Widevine EME on Linux won't work on 32 bit Linux.
[Describe test coverage new/current, TreeHerder]: We have plenty of EME mochitests, which run on Linux.
[Risks and why]: Low; this is tweaking sandbox rules
[String/UUID change made/needed]: None
Attachment #8776676 -
Flags: approval-mozilla-beta?
Attachment #8776676 -
Flags: approval-mozilla-aurora?
status-firefox50:
--- → affected
status-firefox49:
--- → affected
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff
Widevine EME on Linux, Aurora50+
Attachment #8776676 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 11•8 years ago
|
||
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff
Let's try this for beta 3 to support Widevine on Linux.
Attachment #8776676 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Reporter | ||
Comment 12•8 years ago
|
||
bugherder uplift |
Reporter | ||
Comment 13•8 years ago
|
||
bugherder uplift |
Looks like this got uplifted to aurora in https://hg.mozilla.org/releases/mozilla-aurora/rev/c843e9dbdbbc61f9f97484cfeaf60d680ffecab2
You need to log in
before you can comment on or make changes to this bug.
Description
•