Closed Bug 1304220 Opened 3 years ago Closed 3 years ago

Allow times(2) for Linux media plugin processes; used by Widevine

Categories

(Core :: Security: Process Sandboxing, defect, P1)

49 Branch
x86_64
Linux
defect

Tracking

()

RESOLVED FIXED
mozilla52
Tracking Status
firefox50 --- fixed
firefox51 --- fixed
firefox52 --- fixed

People

(Reporter: mozilla, Assigned: jld, NeedInfo)

References

(Blocks 1 open bug)

Details

Crash Data

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Build ID: 20160916101415

Steps to reproduce:

Spoof user agent to "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36" and attempt to play content from Netflix.


Actual results:

Widevine crash: https://crash-stats.mozilla.com/report/index/70e79fc5-1fea-42a0-bf15-4b5fc2160920


Expected results:

Play content from Netflix using the Widevine DRM
Component: Untriaged → General
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Crash Signature: [@ libc-2.17.so@0xbda1c]
Component: General → Audio/Video: Playback
Product: Firefox → Core
Flags: needinfo?(cpearce)
Priority: -- → P1
Brayden: What version of Fedora are you using? Are you using a custom built kernel, or the default kernel which ships with your distro?
I'm running CentOS actually.

$ cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 

$ uname -r
3.10.0-327.36.1.el7.x86_64

Kernel is the default one shipping with the distro.
I also encountered a crash on Arch Linux with Firefox 49 with a clean profile and spoofing the user agent to "Mozilla/5.0 (Windows NT 10.0; rv:49.0) Gecko/20100101 Firefox/49.0" via general.useragent.override. I could not reproduce it in Dev Edition in either e10s or single-process mode.

Widevine Coredump: http://pastebin.com/99RAbSJf
I also seem to have the same issue on netflix while spoofing user agent to "Linux / Chrome 53: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/53.0.2785.34 Safari/537.36"

firefox stderr: http://hastebin.com/ozohiwoyum

about:support: http://hastebin.com/baqunuresa.json

Distribution is Arch Linux with a modified kernel.

More info the better I hope.
I'm getting what seems to be widevine crash while attempting to play DRM videos from http://demo.castlabs.com/

Output: http://pastebin.com/qpYCuRte

Arch linux with default kernel, clean firefox profile
about:support: http://pastebin.com/H9mu1sKU


(In reply to despruk from comment #5)
> I'm getting what seems to be widevine crash while attempting to play DRM
> videos from http://demo.castlabs.com/
> 
> Output: http://pastebin.com/qpYCuRte


From this output, we can see that the CDM is doing something that the sandbox is blocking:

> Sandbox: seccomp sandbox violation: pid 26554, syscall 28, args 140668695470080 8192 8 140668737421593 16384 2.  Killing process.


Jed: any idea what syscall 28 is, and whether it's safe for us to add that to our whitelist?
Flags: needinfo?(cpearce) → needinfo?(jld)
Status: UNCONFIRMED → NEW
Ever confirmed: true
According to unistd_64.h (Linux Kernel Headers) syscall 28 is madvise: http://man7.org/linux/man-pages/man2/madvise.2.html
Duplicate of this bug: 1305334
Status: NEW → RESOLVED
Closed: 3 years ago
Flags: needinfo?(jld)
Resolution: --- → DUPLICATE
Duplicate of bug: 1303813
Comment #5 / comment #6 is bug 1303813, but comment #0 is different.  The “crash address” (actually the syscall number; see bug 1017393) is 0x64, which means it's times(2):

#define __NR_times 100
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Summary: Widevine crash in Firefox 49 on Netflix (Linux) → Allow times(2) for Linux gmp processes; used by Widevine
Summary: Allow times(2) for Linux gmp processes; used by Widevine → Allow times(2) for Linux media plugin processes; used by Widevine
Assignee: nobody → jld
The libc-2.15.so build ID in bp-3477cc65-c21f-4fdb-b255-829b32160923 matches the one from Ubuntu's package libc6-dbg_2.15-0ubuntu10.15_amd64.deb, so I can resolve libc's part of that crash stack: it's from the implementation of clock(3).

glibc switched clock(3) from times(2) to clock_gettime(2) in 2.18[1][2], so this needs an older glibc to reproduce (and this also explains why the crashes reported so far are from 2.15 and 2.17).


[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=58206c6863f6b861a5e2fa6d3599e487294ded63
[2]: https://sourceware.org/bugzilla/show_bug.cgi?id=12515
Component: Audio/Video: Playback → Security: Process Sandboxing
Attachment #8795067 - Flags: review?(gpascutto) → review+
Out of curiosity, which is arch Linux affected? Isn't it on the latest version of everything?
(In reply to Gian-Carlo Pascutto [:gcp] from comment #14)
> Out of curiosity, which is arch Linux affected? Isn't it on the latest
> version of everything?

It's not affected, as far as I know.  The crashes on Arch that were reported here really belong to bug 1303813; they wound up on this bug because it was open and titled “Widevine crash” and nobody (including me, at first) realized there might be two independent causes.
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=54d9852667b1

The media failures are a little worrying but they're intermittent and don't look related.
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/17592aa00499
Allow media plugins to use the times(2) syscall. r=gcp
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/17592aa00499
Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Jed: Can we uplift this to beta so that our users can enjoy their DRM encumbered video on Linux?
Flags: needinfo?(jld)
Comment on attachment 8795067 [details] [diff] [review]
bug1304220-times-hg0.diff

Approval Request Comment
[Feature/regressing bug #]: EME with Widevine
[User impact if declined]: CDM plugin crashes on some older (but still supported) Linux distributions.  Unlike bug 1303813, this does affect official Firefox builds.
[Describe test coverage new/current, TreeHerder]: GMP has a test suite, and this has been stable on m-c for a few days.
[Risks and why]: Very low; this just allows a system call that previously would have caused a crash.
[String/UUID change made/needed]: NOne
Flags: needinfo?(jld)
Attachment #8795067 - Flags: approval-mozilla-beta?
Attachment #8795067 - Flags: approval-mozilla-aurora?
Hello Brayden, could you please verify this issue is fixed as expected on a latest Nightly build? Thanks!
Flags: needinfo?(mozilla)
Comment on attachment 8795067 [details] [diff] [review]
bug1304220-times-hg0.diff

Crash fix, seems low risk, Aurora51+, Beta50+
Attachment #8795067 - Flags: approval-mozilla-beta?
Attachment #8795067 - Flags: approval-mozilla-beta+
Attachment #8795067 - Flags: approval-mozilla-aurora?
Attachment #8795067 - Flags: approval-mozilla-aurora+
(In reply to Ritu Kothari (:ritu) from comment #21)
> Hello Brayden, could you please verify this issue is fixed as expected on a
> latest Nightly build? Thanks!

It is fixed for me.
You need to log in before you can comment on or make changes to this bug.