Closed
Bug 1304220
Opened 8 years ago
Closed 8 years ago
Allow times(2) for Linux media plugin processes; used by Widevine
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla52
People
(Reporter: mozilla, Assigned: jld, NeedInfo)
References
(Blocks 1 open bug)
Details
Crash Data
Attachments
(1 file)
879 bytes,
patch
|
gcp
:
review+
ritu
:
approval-mozilla-aurora+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Build ID: 20160916101415
Steps to reproduce:
Spoof user agent to "Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36" and attempt to play content from Netflix.
Actual results:
Widevine crash: https://crash-stats.mozilla.com/report/index/70e79fc5-1fea-42a0-bf15-4b5fc2160920
Expected results:
Play content from Netflix using the Widevine DRM
Reporter | ||
Updated•8 years ago
|
Component: Untriaged → General
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Updated•8 years ago
|
Crash Signature: [@ libc-2.17.so@0xbda1c]
Updated•8 years ago
|
Flags: needinfo?(cpearce)
Priority: -- → P1
Comment 1•8 years ago
|
||
Brayden: What version of Fedora are you using? Are you using a custom built kernel, or the default kernel which ships with your distro?
Reporter | ||
Comment 2•8 years ago
|
||
I'm running CentOS actually.
$ cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
$ uname -r
3.10.0-327.36.1.el7.x86_64
Kernel is the default one shipping with the distro.
I also encountered a crash on Arch Linux with Firefox 49 with a clean profile and spoofing the user agent to "Mozilla/5.0 (Windows NT 10.0; rv:49.0) Gecko/20100101 Firefox/49.0" via general.useragent.override. I could not reproduce it in Dev Edition in either e10s or single-process mode.
Widevine Coredump: http://pastebin.com/99RAbSJf
I also seem to have the same issue on netflix while spoofing user agent to "Linux / Chrome 53: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/53.0.2785.34 Safari/537.36"
firefox stderr: http://hastebin.com/ozohiwoyum
about:support: http://hastebin.com/baqunuresa.json
Distribution is Arch Linux with a modified kernel.
More info the better I hope.
I'm getting what seems to be widevine crash while attempting to play DRM videos from http://demo.castlabs.com/
Output: http://pastebin.com/qpYCuRte
Arch linux with default kernel, clean firefox profile
about:support: http://pastebin.com/H9mu1sKU
Comment 6•8 years ago
|
||
(In reply to despruk from comment #5)
> I'm getting what seems to be widevine crash while attempting to play DRM
> videos from http://demo.castlabs.com/
>
> Output: http://pastebin.com/qpYCuRte
From this output, we can see that the CDM is doing something that the sandbox is blocking:
> Sandbox: seccomp sandbox violation: pid 26554, syscall 28, args 140668695470080 8192 8 140668737421593 16384 2. Killing process.
Jed: any idea what syscall 28 is, and whether it's safe for us to add that to our whitelist?
Flags: needinfo?(cpearce) → needinfo?(jld)
Comment 7•8 years ago
|
||
Updated•8 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
According to unistd_64.h (Linux Kernel Headers) syscall 28 is madvise: http://man7.org/linux/man-pages/man2/madvise.2.html
Assignee | ||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jld)
Resolution: --- → DUPLICATE
Assignee | ||
Comment 11•8 years ago
|
||
Comment #5 / comment #6 is bug 1303813, but comment #0 is different. The “crash address” (actually the syscall number; see bug 1017393) is 0x64, which means it's times(2):
#define __NR_times 100
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Assignee | ||
Updated•8 years ago
|
Summary: Widevine crash in Firefox 49 on Netflix (Linux) → Allow times(2) for Linux gmp processes; used by Widevine
Assignee | ||
Updated•8 years ago
|
Summary: Allow times(2) for Linux gmp processes; used by Widevine → Allow times(2) for Linux media plugin processes; used by Widevine
Updated•8 years ago
|
Blocks: widevine-linux
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → jld
Assignee | ||
Comment 12•8 years ago
|
||
The libc-2.15.so build ID in bp-3477cc65-c21f-4fdb-b255-829b32160923 matches the one from Ubuntu's package libc6-dbg_2.15-0ubuntu10.15_amd64.deb, so I can resolve libc's part of that crash stack: it's from the implementation of clock(3).
glibc switched clock(3) from times(2) to clock_gettime(2) in 2.18[1][2], so this needs an older glibc to reproduce (and this also explains why the crashes reported so far are from 2.15 and 2.17).
[1]: https://sourceware.org/git/?p=glibc.git;a=commit;h=58206c6863f6b861a5e2fa6d3599e487294ded63
[2]: https://sourceware.org/bugzilla/show_bug.cgi?id=12515
Assignee | ||
Comment 13•8 years ago
|
||
Attachment #8795067 -
Flags: review?(gpascutto)
Assignee | ||
Updated•8 years ago
|
Component: Audio/Video: Playback → Security: Process Sandboxing
Updated•8 years ago
|
Attachment #8795067 -
Flags: review?(gpascutto) → review+
Comment 14•8 years ago
|
||
Out of curiosity, which is arch Linux affected? Isn't it on the latest version of everything?
Assignee | ||
Comment 15•8 years ago
|
||
(In reply to Gian-Carlo Pascutto [:gcp] from comment #14)
> Out of curiosity, which is arch Linux affected? Isn't it on the latest
> version of everything?
It's not affected, as far as I know. The crashes on Arch that were reported here really belong to bug 1303813; they wound up on this bug because it was open and titled “Widevine crash” and nobody (including me, at first) realized there might be two independent causes.
Assignee | ||
Comment 16•8 years ago
|
||
Try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=54d9852667b1
The media failures are a little worrying but they're intermittent and don't look related.
Keywords: checkin-needed
Comment 17•8 years ago
|
||
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/17592aa00499
Allow media plugins to use the times(2) syscall. r=gcp
Keywords: checkin-needed
Comment 18•8 years ago
|
||
bugherder |
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Comment 19•8 years ago
|
||
Jed: Can we uplift this to beta so that our users can enjoy their DRM encumbered video on Linux?
Flags: needinfo?(jld)
Assignee | ||
Comment 20•8 years ago
|
||
Comment on attachment 8795067 [details] [diff] [review]
bug1304220-times-hg0.diff
Approval Request Comment
[Feature/regressing bug #]: EME with Widevine
[User impact if declined]: CDM plugin crashes on some older (but still supported) Linux distributions. Unlike bug 1303813, this does affect official Firefox builds.
[Describe test coverage new/current, TreeHerder]: GMP has a test suite, and this has been stable on m-c for a few days.
[Risks and why]: Very low; this just allows a system call that previously would have caused a crash.
[String/UUID change made/needed]: NOne
Flags: needinfo?(jld)
Attachment #8795067 -
Flags: approval-mozilla-beta?
Attachment #8795067 -
Flags: approval-mozilla-aurora?
Updated•8 years ago
|
status-firefox50:
--- → affected
status-firefox51:
--- → affected
Hello Brayden, could you please verify this issue is fixed as expected on a latest Nightly build? Thanks!
Flags: needinfo?(mozilla)
Comment on attachment 8795067 [details] [diff] [review]
bug1304220-times-hg0.diff
Crash fix, seems low risk, Aurora51+, Beta50+
Attachment #8795067 -
Flags: approval-mozilla-beta?
Attachment #8795067 -
Flags: approval-mozilla-beta+
Attachment #8795067 -
Flags: approval-mozilla-aurora?
Attachment #8795067 -
Flags: approval-mozilla-aurora+
Comment 23•8 years ago
|
||
bugherder uplift |
Comment 24•8 years ago
|
||
bugherder uplift |
Reporter | ||
Comment 25•8 years ago
|
||
(In reply to Ritu Kothari (:ritu) from comment #21)
> Hello Brayden, could you please verify this issue is fixed as expected on a
> latest Nightly build? Thanks!
It is fixed for me.
You need to log in
before you can comment on or make changes to this bug.
Description
•