Closed Bug 1303813 Opened 9 years ago Closed 9 years ago

Allow madvise(_, _, MADV_FREE) in the GMP seccomp-bpf policy

Categories

(Core :: Security: Process Sandboxing, defect)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
Unspecified
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox50 --- fixed
firefox51 --- fixed
firefox52 --- fixed

People

(Reporter: jld, Assigned: jld)

References

Details

(Whiteboard: sblc2)

Crash Data

Attachments

(1 file)

bug1303813-madv-free-hg0.diff
1.32 KB, patch
gcp
: review+
ritu
: approval-mozilla-aurora+
ritu
: approval-mozilla-beta+
Details | Diff | Splinter Review
Linux 4.5 added MADV_FREE, as follows: #define MADV_FREE 8 /* free pages only if memory pressure */ If Firefox is built on a Linux system with new enough headers, we'll use it instead of MADV_DONTNEED[1][2] in mozjemalloc. The content process policy doesn't filter madvise by advice type (yet), but the GMP policy does, and it doesn't currently allow MADV_FREE. So we should fix that. [1] http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/memory/mozjemalloc/jemalloc.c#323 [2] http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/memory/mozjemalloc/jemalloc.c#3787
Whiteboard: sblc2
Crash Signature: [@ libc-2.24.so@0x1020a7 ] → [@ libc-2.24.so@0x1020a7 ] [@ libc-2.24.so@0x101837 ]
Assignee: nobody → jld
Attachment #8795063 - Flags: review?(gpascutto) → review+
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=54d9852667b1 although the official builds wouldn't affected by this bug because the build hosts have relatively old kernel headers. (The media failures are a little worrying but they're intermittent and don't look related.)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/11a470398b1f Allow media plugins to call madvise with MADV_FREE. r=gcp
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/11a470398b1f
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Jed: Can we uplift this to beta so that our users can enjoy their DRM encumbered video on Linux?
Flags: needinfo?(jld)
Comment on attachment 8795063 [details] [diff] [review] bug1303813-madv-free-hg0.diff Approval Request Comment [Feature/regressing bug #]: EME [User impact if declined]: Widevine plugin crashes on some Linux distributions [Describe test coverage new/current, TreeHerder]: Manually verified that this fixes the crash. The GMP framework has a test suite, and this has been stable on m-c for a few days [Risks and why]: Very low — this just allows a system call that would previously have caused a crash. [String/UUID change made/needed]: None
Flags: needinfo?(jld)
Attachment #8795063 - Flags: approval-mozilla-beta?
Attachment #8795063 - Flags: approval-mozilla-aurora?
Comment on attachment 8795063 [details] [diff] [review] bug1303813-madv-free-hg0.diff Crash fix, Aurora51+, Beta50+
Attachment #8795063 - Flags: approval-mozilla-beta?
Attachment #8795063 - Flags: approval-mozilla-beta+
Attachment #8795063 - Flags: approval-mozilla-aurora?
Attachment #8795063 - Flags: approval-mozilla-aurora+
The described bug started to happen to me on firefox-53.0. I'm on a Gentoo build.
(In reply to bjoern.online from comment #14) > The described bug started to happen to me on firefox-53.0. > > I'm on a Gentoo build. If it's still crashing on 53.0, that's probably a separate bug. If you submitted a crash report, can you comment with the crash ID (available in about:crashes)?
Flags: needinfo?(bjoern.online)
I just tried the firefox-bin on Gentoo and there it works. So I guess it is a Gentoo Problem. I'll just leave the corresponding crashdump here anyway. (about:crashes is disabled in the Gentoo build because of legal issues apparently) Sandbox: seccomp sandbox violation: pid 8533, syscall 28, args 139734261170176 2097152 15 1612 139734263267664 0. Killing process. Sandbox: crash reporter is disabled (or failed); trying stack trace: Sandbox: frame #01: madvise[/lib64/libc.so.6 +0xe3757] Sandbox: frame #02: ???[/usr/lib64/firefox/plugin-container +0x3d7de] Sandbox: frame #03: ???[/usr/lib64/firefox/plugin-container +0x2d41f] Sandbox: frame #04: ???[/usr/lib64/firefox/plugin-container +0x2b563] Sandbox: frame #05: ???[/usr/lib64/firefox/plugin-container +0x2e154] Sandbox: frame #06: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x170ef3] Sandbox: frame #07: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x250bde] Sandbox: frame #08: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x16f199] Sandbox: frame #09: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x16ecbf] Sandbox: frame #10: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x170228] Sandbox: frame #11: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x2568b0] Sandbox: frame #12: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x25df76] Sandbox: frame #13: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x15b797] Sandbox: frame #14: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x524bc] Sandbox: frame #15: ???[/usr/lib64/firefox/libxul.so +0x246a823] Sandbox: frame #16: ???[/usr/lib64/firefox/libxul.so +0x244feb6] Sandbox: frame #17: ???[/usr/lib64/firefox/libxul.so +0xfa0ccd] Sandbox: frame #18: ???[/usr/lib64/firefox/libxul.so +0xf8678f] Sandbox: frame #19: ???[/usr/lib64/firefox/libxul.so +0xf11b2d] Sandbox: frame #20: ???[/usr/lib64/firefox/libxul.so +0xf19e2b] Sandbox: frame #21: ???[/usr/lib64/firefox/libxul.so +0xf1bbad] Sandbox: frame #22: ???[/usr/lib64/firefox/libxul.so +0xec967d] Sandbox: frame #23: ???[/usr/lib64/firefox/libxul.so +0xec9ac6] Sandbox: frame #24: ???[/usr/lib64/firefox/libxul.so +0xebccca] Sandbox: frame #25: ???[/usr/lib64/firefox/libxul.so +0xec22cd] Sandbox: frame #26: ???[/usr/lib64/firefox/libxul.so +0x337eeb6] Sandbox: frame #27: ???[/usr/lib64/firefox/plugin-container +0x73a7] Sandbox: frame #28: ???[/usr/lib64/firefox/plugin-container +0x7089] Sandbox: frame #29: __libc_start_main[/lib64/libc.so.6 +0x20790] Sandbox: frame #30: _start[/usr/lib64/firefox/plugin-container +0x7259] Sandbox: frame #31: ??? (???:???) Sandbox: end of stack.
Flags: needinfo?(bjoern.online)
See Also: → 1364533
15 == MADV_NOHUGEPAGE. I've filed bug 1364533.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: