Closed Bug 1303813 Opened 3 years ago Closed 3 years ago

Allow madvise(_, _, MADV_FREE) in the GMP seccomp-bpf policy

Categories

(Core :: Security: Process Sandboxing, defect)

Unspecified
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla52
Tracking Status
firefox50 --- fixed
firefox51 --- fixed
firefox52 --- fixed

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

(Whiteboard: sblc2)

Crash Data

Attachments

(1 file)

Linux 4.5 added MADV_FREE, as follows:

#define MADV_FREE       8               /* free pages only if memory pressure */

If Firefox is built on a Linux system with new enough headers, we'll use it instead of MADV_DONTNEED[1][2] in mozjemalloc.  The content process policy doesn't filter madvise by advice type (yet), but the GMP policy does, and it doesn't currently allow MADV_FREE.

So we should fix that.


[1] http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/memory/mozjemalloc/jemalloc.c#323
[2] http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/memory/mozjemalloc/jemalloc.c#3787
Whiteboard: sblc2
Duplicate of this bug: 1304220
Crash Signature: [@ libc-2.24.so@0x1020a7 ] → [@ libc-2.24.so@0x1020a7 ] [@ libc-2.24.so@0x101837 ]
Assignee: nobody → jld
Duplicate of this bug: 1305334
Attachment #8795063 - Flags: review?(gpascutto) → review+
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=54d9852667b1 although the official builds wouldn't affected by this bug because the build hosts have relatively old kernel headers.  (The media failures are a little worrying but they're intermittent and don't look related.)
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/11a470398b1f
Allow media plugins to call madvise with MADV_FREE. r=gcp
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/11a470398b1f
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Jed: Can we uplift this to beta so that our users can enjoy their DRM encumbered video on Linux?
Flags: needinfo?(jld)
Comment on attachment 8795063 [details] [diff] [review]
bug1303813-madv-free-hg0.diff

Approval Request Comment
[Feature/regressing bug #]: EME
[User impact if declined]: Widevine plugin crashes on some Linux distributions
[Describe test coverage new/current, TreeHerder]: Manually verified that this fixes the crash.  The GMP framework has a test suite, and this has been stable on m-c for a few days
[Risks and why]: Very low — this just allows a system call that would previously have caused a crash.
[String/UUID change made/needed]: None
Flags: needinfo?(jld)
Attachment #8795063 - Flags: approval-mozilla-beta?
Attachment #8795063 - Flags: approval-mozilla-aurora?
Comment on attachment 8795063 [details] [diff] [review]
bug1303813-madv-free-hg0.diff

Crash fix, Aurora51+, Beta50+
Attachment #8795063 - Flags: approval-mozilla-beta?
Attachment #8795063 - Flags: approval-mozilla-beta+
Attachment #8795063 - Flags: approval-mozilla-aurora?
Attachment #8795063 - Flags: approval-mozilla-aurora+
Duplicate of this bug: 1310449
Duplicate of this bug: 1315934
The described bug started to happen to me on firefox-53.0.

I'm on a Gentoo build.
(In reply to bjoern.online from comment #14)
> The described bug started to happen to me on firefox-53.0.
> 
> I'm on a Gentoo build.

If it's still crashing on 53.0, that's probably a separate bug.  If you submitted a crash report, can you comment with the crash ID (available in about:crashes)?
Flags: needinfo?(bjoern.online)
I just tried the firefox-bin on Gentoo and there it works. So I guess it is a Gentoo Problem.

I'll just leave the corresponding crashdump here anyway. (about:crashes is disabled in the Gentoo build because of legal issues apparently)

Sandbox: seccomp sandbox violation: pid 8533, syscall 28, args 139734261170176 2097152 15 1612 139734263267664 0.  Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: madvise[/lib64/libc.so.6 +0xe3757]
Sandbox: frame #02: ???[/usr/lib64/firefox/plugin-container +0x3d7de]
Sandbox: frame #03: ???[/usr/lib64/firefox/plugin-container +0x2d41f]
Sandbox: frame #04: ???[/usr/lib64/firefox/plugin-container +0x2b563]
Sandbox: frame #05: ???[/usr/lib64/firefox/plugin-container +0x2e154]
Sandbox: frame #06: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x170ef3]
Sandbox: frame #07: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x250bde]
Sandbox: frame #08: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x16f199]
Sandbox: frame #09: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x16ecbf]
Sandbox: frame #10: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x170228]
Sandbox: frame #11: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x2568b0]
Sandbox: frame #12: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x25df76]
Sandbox: frame #13: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x15b797]
Sandbox: frame #14: ???[/home/bjoern/.mozilla/firefox/km4tx04x.default/gmp-widevinecdm/1.4.8.903/libwidevinecdm.so +0x524bc]
Sandbox: frame #15: ???[/usr/lib64/firefox/libxul.so +0x246a823]
Sandbox: frame #16: ???[/usr/lib64/firefox/libxul.so +0x244feb6]
Sandbox: frame #17: ???[/usr/lib64/firefox/libxul.so +0xfa0ccd]
Sandbox: frame #18: ???[/usr/lib64/firefox/libxul.so +0xf8678f]
Sandbox: frame #19: ???[/usr/lib64/firefox/libxul.so +0xf11b2d]
Sandbox: frame #20: ???[/usr/lib64/firefox/libxul.so +0xf19e2b]
Sandbox: frame #21: ???[/usr/lib64/firefox/libxul.so +0xf1bbad]
Sandbox: frame #22: ???[/usr/lib64/firefox/libxul.so +0xec967d]
Sandbox: frame #23: ???[/usr/lib64/firefox/libxul.so +0xec9ac6]
Sandbox: frame #24: ???[/usr/lib64/firefox/libxul.so +0xebccca]
Sandbox: frame #25: ???[/usr/lib64/firefox/libxul.so +0xec22cd]
Sandbox: frame #26: ???[/usr/lib64/firefox/libxul.so +0x337eeb6]
Sandbox: frame #27: ???[/usr/lib64/firefox/plugin-container +0x73a7]
Sandbox: frame #28: ???[/usr/lib64/firefox/plugin-container +0x7089]
Sandbox: frame #29: __libc_start_main[/lib64/libc.so.6 +0x20790]
Sandbox: frame #30: _start[/usr/lib64/firefox/plugin-container +0x7259]
Sandbox: frame #31: ??? (???:???)
Sandbox: end of stack.
Flags: needinfo?(bjoern.online)
See Also: → 1364533
15 == MADV_NOHUGEPAGE.  I've filed bug 1364533.
You need to log in before you can comment on or make changes to this bug.