Linux sandbox blocks Widevine 32bit CDM loading

RESOLVED FIXED in Firefox 49

Status

()

Core
Security: Process Sandboxing
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: cpearce, Assigned: jld)

Tracking

(Blocks: 2 bugs)

47 Branch
mozilla51
x86
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox49 fixed, firefox50 fixed, firefox51 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
The 32bit Linux Widevine CDM won't load on 32bit Ubuntu 16.04.1. The 64bit one works fine in 64bit Ubuntu.

STR:
1. Install Ubuntu 16.04 32bit.
2. Install the bad codecs; `sudo apt-get install ubuntu-restricted-extras`.
3. Install latest Nightly 32bit build.
4. Start Nightly.
5. Set the following prefs:
media.gmp-manager.url.override = https://people.mozilla.org/~cpearce/update-widevine-903-linux86.xml
media.gmp-widevinecdm.visible = true
media.gmp-widevinecdm.enabled = true
browser.eme.ui.enabled = true
6. Open about:addons > Plugins, right click on "Widevine..." > Find updates. Wait several seconds for the CDM to install.
7. Open http://bitmovin.com/mpeg-dash-hls-drm-test-player/ click the video play button to play.
8. Observe "The WidevineCdm plugin has crashed" notification.

If I disable the sandbox with MOZ_DISABLE_GMP_SANDBOX=1, it works fine.
(Reporter)

Comment 1

2 years ago
I see lots of logging, such as:

Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966811432.  Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966808168.  Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966804904.  Killing process.
Sandbox: non-read-only open of file /tmp/GeckoChildCrash12608.extra attempted (flags=01101)
Sandbox: seccomp sandbox violation: pid 12608, syscall 5, args 3077174912 577 384 5 3077174912 2966801640.  Killing process.

Does that explain what's happening?
Flags: needinfo?(jld)
(Assignee)

Comment 2

2 years ago
Kind of.  It looks like there was some original crash that's not shown here — it would be the first "seccomp sandbox violation" printed — and then the crash handler tries to open a file and recursively crashes, which seems to be a regression introduced by bug 1236108, maybe?

Leaving needinfo to see if I can reproduce this easily…
Flags: needinfo?(jld)
(Assignee)

Comment 3

2 years ago
Sandbox: seccomp sandbox violation: pid 11797, syscall 201, args 2875558888 0 3001745408 3215032864 2967240948 3215032936.  Killing process.

#define __NR_geteuid32 201

This should be a one-line fix.  The recursive crash problem, however, will need a separate bug.  It's looking like Linux GMP crash reporting has been broken for months and we had no idea….
Assignee: nobody → jld
(Assignee)

Updated

2 years ago
See Also: → bug 1290618
(Assignee)

Updated

2 years ago
See Also: → bug 1290633
(Assignee)

Comment 4

2 years ago
Created attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Try run with a change to make this bug happen for all media plugins:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=7064bcb1491e

Try run with that + this patch:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=1fbb87574802
Attachment #8776676 - Flags: review?(julian.r.hector)
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Review of attachment 8776676 [details] [diff] [review]:
-----------------------------------------------------------------

lgtm
Attachment #8776676 - Flags: review?(julian.r.hector) → review+
(Assignee)

Comment 6

2 years ago
Try runs in comment #4.
Keywords: checkin-needed
OS: Unspecified → Linux
Hardware: Unspecified → x86
Version: unspecified → 47 Branch

Comment 7

2 years ago
Pushed by cbook@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/847bef59265f
Fix Linux GMP sandbox policy's geteuid rule for 32-bit. r=tedd
Keywords: checkin-needed

Comment 8

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/847bef59265f
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox51: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
(Reporter)

Comment 9

2 years ago
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Approval Request Comment
[Feature/regressing bug #]: Widevine EME on Linux
[User impact if declined]: Widevine EME on Linux won't work on 32 bit Linux.
[Describe test coverage new/current, TreeHerder]: We have plenty of EME mochitests, which run on Linux.
[Risks and why]: Low; this is tweaking sandbox rules
[String/UUID change made/needed]: None
Attachment #8776676 - Flags: approval-mozilla-beta?
Attachment #8776676 - Flags: approval-mozilla-aurora?

Updated

2 years ago
status-firefox50: --- → affected

Updated

2 years ago
status-firefox49: --- → affected
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Widevine EME on Linux, Aurora50+
Attachment #8776676 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8776676 [details] [diff] [review]
bug1290343-gmp-euid32-hg0.diff

Let's try this for beta 3 to support Widevine on Linux.
Attachment #8776676 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
(Reporter)

Comment 12

2 years ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-beta/rev/5b61804a7cff
status-firefox49: affected → fixed
Looks like this got uplifted to aurora in https://hg.mozilla.org/releases/mozilla-aurora/rev/c843e9dbdbbc61f9f97484cfeaf60d680ffecab2
status-firefox50: affected → fixed
You need to log in before you can comment on or make changes to this bug.