Closed Bug 1304220 Opened 8 years ago Closed 8 years ago

Allow times(2) for Linux media plugin processes; used by Widevine

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Product:
Core
Component:
Security: Process Sandboxing
Version:
49 Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla52
Tracking Flags:
Tracking Status
firefox50 --- fixed
firefox51 --- fixed
firefox52 --- fixed

People

(Reporter: mozilla, Assigned: jld, NeedInfo)

References

(Blocks 1 open bug)

Details

Crash Data

Attachments

(1 file)

bug1304220-times-hg0.diff
879 bytes, patch
gcp
: review+
ritu
: approval-mozilla-aurora+
ritu
: approval-mozilla-beta+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36 Build ID: 20160916101415 Steps to reproduce: Spoof user agent to "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36" and attempt to play content from Netflix. Actual results: Widevine crash: https://crash-stats.mozilla.com/report/index/70e79fc5-1fea-42a0-bf15-4b5fc2160920 Expected results: Play content from Netflix using the Widevine DRM
Component: Untriaged → General
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Crash Signature: [@ libc-2.17.so@0xbda1c]
Component: General → Audio/Video: Playback
Product: Firefox → Core
Flags: needinfo?(cpearce)
Priority: -- → P1
Brayden: What version of Fedora are you using? Are you using a custom built kernel, or the default kernel which ships with your distro?
I'm running CentOS actually. $ cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) $ uname -r 3.10.0-327.36.1.el7.x86_64 Kernel is the default one shipping with the distro.
I also encountered a crash on Arch Linux with Firefox 49 with a clean profile and spoofing the user agent to "Mozilla/5.0 (Windows NT 10.0; rv:49.0) Gecko/20100101 Firefox/49.0" via general.useragent.override. I could not reproduce it in Dev Edition in either e10s or single-process mode. Widevine Coredump: http://pastebin.com/99RAbSJf
I also seem to have the same issue on netflix while spoofing user agent to "Linux / Chrome 53: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/53.0.2785.34 Safari/537.36" firefox stderr: http://hastebin.com/ozohiwoyum about:support: http://hastebin.com/baqunuresa.json Distribution is Arch Linux with a modified kernel. More info the better I hope.
I'm getting what seems to be widevine crash while attempting to play DRM videos from http://demo.castlabs.com/ Output: http://pastebin.com/qpYCuRte Arch linux with default kernel, clean firefox profile about:support: http://pastebin.com/H9mu1sKU
(In reply to despruk from comment #5) > I'm getting what seems to be widevine crash while attempting to play DRM > videos from http://demo.castlabs.com/ > > Output: http://pastebin.com/qpYCuRte From this output, we can see that the CDM is doing something that the sandbox is blocking: > Sandbox: seccomp sandbox violation: pid 26554, syscall 28, args 140668695470080 8192 8 140668737421593 16384 2. Killing process. Jed: any idea what syscall 28 is, and whether it's safe for us to add that to our whitelist?
Flags: needinfo?(cpearce) → needinfo?(jld)
Status: UNCONFIRMED → NEW
Ever confirmed: true
According to unistd_64.h (Linux Kernel Headers) syscall 28 is madvise: http://man7.org/linux/man-pages/man2/madvise.2.html
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jld)
Resolution: --- → DUPLICATE
Comment #5 / comment #6 is bug 1303813, but comment #0 is different. The “crash address” (actually the syscall number; see bug 1017393) is 0x64, which means it's times(2): #define __NR_times 100
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Summary: Widevine crash in Firefox 49 on Netflix (Linux) → Allow times(2) for Linux gmp processes; used by Widevine
Summary: Allow times(2) for Linux gmp processes; used by Widevine → Allow times(2) for Linux media plugin processes; used by Widevine
Assignee: nobody → jld
The libc-2.15.so build ID in bp-3477cc65-c21f-4fdb-b255-829b32160923 matches the one from Ubuntu's package libc6-dbg_2.15-0ubuntu10.15_amd64.deb, so I can resolve libc's part of that crash stack: it's from the implementation of clock(3). glibc switched clock(3) from times(2) to clock_gettime(2) in 2.18[1][2], so this needs an older glibc to reproduce (and this also explains why the crashes reported so far are from 2.15 and 2.17). [1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=58206c6863f6b861a5e2fa6d3599e487294ded63 [2]: https://sourceware.org/bugzilla/show_bug.cgi?id=12515
Component: Audio/Video: Playback → Security: Process Sandboxing
Attachment #8795067 - Flags: review?(gpascutto) → review+
Out of curiosity, which is arch Linux affected? Isn't it on the latest version of everything?
(In reply to Gian-Carlo Pascutto [:gcp] from comment #14) > Out of curiosity, which is arch Linux affected? Isn't it on the latest > version of everything? It's not affected, as far as I know. The crashes on Arch that were reported here really belong to bug 1303813; they wound up on this bug because it was open and titled “Widevine crash” and nobody (including me, at first) realized there might be two independent causes.
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=54d9852667b1 The media failures are a little worrying but they're intermittent and don't look related.
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/17592aa00499 Allow media plugins to use the times(2) syscall. r=gcp
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/17592aa00499
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Jed: Can we uplift this to beta so that our users can enjoy their DRM encumbered video on Linux?
Flags: needinfo?(jld)
Comment on attachment 8795067 [details] [diff] [review] bug1304220-times-hg0.diff Approval Request Comment [Feature/regressing bug #]: EME with Widevine [User impact if declined]: CDM plugin crashes on some older (but still supported) Linux distributions. Unlike bug 1303813, this does affect official Firefox builds. [Describe test coverage new/current, TreeHerder]: GMP has a test suite, and this has been stable on m-c for a few days. [Risks and why]: Very low; this just allows a system call that previously would have caused a crash. [String/UUID change made/needed]: NOne
Flags: needinfo?(jld)
Attachment #8795067 - Flags: approval-mozilla-beta?
Attachment #8795067 - Flags: approval-mozilla-aurora?
Hello Brayden, could you please verify this issue is fixed as expected on a latest Nightly build? Thanks!
Flags: needinfo?(mozilla)
Comment on attachment 8795067 [details] [diff] [review] bug1304220-times-hg0.diff Crash fix, seems low risk, Aurora51+, Beta50+
Attachment #8795067 - Flags: approval-mozilla-beta?
Attachment #8795067 - Flags: approval-mozilla-beta+
Attachment #8795067 - Flags: approval-mozilla-aurora?
Attachment #8795067 - Flags: approval-mozilla-aurora+
(In reply to Ritu Kothari (:ritu) from comment #21) > Hello Brayden, could you please verify this issue is fixed as expected on a > latest Nightly build? Thanks! It is fixed for me.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: