1384439 - Sandbox: seccomp sandbox violation on latest Firefox Nightly 56.0a1 (2017-07-26) (64-bit) - compiled with alsa

Status: RESOLVED DUPLICATE of bug 1376910

(Core :: Security: Process Sandboxing, defect, P1)

Description

[drJeckyll]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0
Build ID: 20170726064325

Steps to reproduce:

Latest Nightly 56.0a1 (2017-07-26) (64-bit) compiled with alsa crash tab when start playing video from youtube.

about:buildconfig
Build platform
target
x86_64-pc-linux-gnu
Build tools
Compiler 	Version 	Compiler flags
/usr/bin/ccache /usr/lib/llvm/4/bin/clang -std=gnu99 	4.0.1 	-Qunused-arguments -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wclass-varargs -Wloop-analysis -Wstring-conversion -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wformat -Wno-gnu-zero-variadic-macro-arguments -Wformat-security -march=native -pipe -O3 -march=native -pipe -fPIC -fomit-frame-pointer -fno-exceptions -D_GLIBCXX_USE_CXX11_ABI=0 -flto=thin -fno-strict-aliasing -fno-math-errno -pthread -pipe
/usr/bin/ccache /usr/lib/llvm/4/bin/clang++ -std=gnu++11 	4.0.1 	-Qunused-arguments -Qunused-arguments -Wall -Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wloop-analysis -Wc++11-compat-pedantic -Wc++14-compat -Wc++14-compat-pedantic -Wc++1z-compat -Wcomma -Wimplicit-fallthrough -Wstring-conversion -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wformat -Wno-gnu-zero-variadic-macro-arguments -Wformat-security -Wno-unknown-warning-option -Wno-return-type-c-linkage -march=native -pipe -O3 -march=native -pipe -fPIC -fomit-frame-pointer -fno-exceptions -D_GLIBCXX_USE_CXX11_ABI=0 -flto=thin -fno-exceptions -fno-strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno -pthread -pipe -O2 -fno-omit-frame-pointer
Configure options

--host=x86_64-pc-linux-gnu --target=x86_64-pc-linux-gnu --enable-application=browser --disable-tests PKG_CONFIG=x86_64-pc-linux-gnu-pkg-config --with-ccache CC=clang LD=x86_64-pc-linux-gnu-ld CXX=clang++ HOST_CC=x86_64-pc-linux-gnu-gcc HOST_CXX=x86_64-pc-linux-gnu-g++ --disable-debug-symbols --enable-gold RUSTC=/usr/bin/rustc CARGO=/usr/bin/cargo --enable-default-toolkit=cairo-gtk3 --with-google-api-keyfile=/build/portage/www-client/firefox-54.0/work/firefox-54.0/google-api-key MAKE=make XARGS=/usr/bin/xargs --enable-alsa --disable-crashreporter --enable-dbus --enable-extensions=default --disable-gconf --disable-install-strip --enable-ion --disable-necko-wifi --enable-official-branding --enable-optimize --disable-pulseaudio --enable-startup-notification --enable-strip --disable-system-cairo --disable-system-sqlite --disable-updater --libdir=/usr/lib64 --prefix=/usr --with-default-mozilla-five-home=/usr/lib64/firefox --with-intl-api --with-system-bz2 --without-system-icu --with-system-jpeg --with-system-libvpx --with-system-zlib --x-includes=/usr/include --x-libraries=/usr/lib64

about:config
security.sandbox.content.level = 3

If security.sandbox.content.level = 0 video is played as expected, but firefox take control over sound device and it can't be opened from other applications (like mpv).


Actual results:

Sandbox: seccomp sandbox violation: pid 10131, tid 10289, syscall 64, args 5678293 1 944 140150214494929 0 140150214494928.  Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: semget[/lib64/libc.so.6 +0xea2a7]
Sandbox: frame #02: ???[/usr/lib64/libasound.so.2 +0x8059c]
Sandbox: frame #03: snd_pcm_dmix_open[/usr/lib64/libasound.so.2 +0x7bbe6]
Sandbox: frame #04: _snd_pcm_dmix_open[/usr/lib64/libasound.so.2 +0x7c4c2]
Sandbox: frame #05: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #06: ???[/usr/lib64/libasound.so.2 +0x49bd8]
Sandbox: frame #07: ???[/usr/lib64/libasound.so.2 +0x4b8de]
Sandbox: frame #08: _snd_pcm_softvol_open[/usr/lib64/libasound.so.2 +0x87234]
Sandbox: frame #09: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #10: ???[/usr/lib64/libasound.so.2 +0x4b911]
Sandbox: frame #11: _snd_pcm_plug_open[/usr/lib64/libasound.so.2 +0x68905]
Sandbox: frame #12: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #13: ???[/usr/lib64/libasound.so.2 +0x4b911]
Sandbox: frame #14: _snd_pcm_asym_open[/usr/lib64/libasound.so.2 +0x83bdc]
Sandbox: frame #15: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #16: ???[/usr/lib64/libasound.so.2 +0x4b911]
Sandbox: frame #17: _snd_pcm_empty_open[/usr/lib64/libasound.so.2 +0x6ec7c]
Sandbox: frame #18: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #19: ???[/usr/lib64/libasound.so.2 +0x49bd8]
Sandbox: frame #20: snd_pcm_open[/usr/lib64/libasound.so.2 +0x4b5cd]
Sandbox: frame #21: ???[/usr/lib64/firefox/libxul.so +0x3ada009]
Sandbox: frame #22: ???[/usr/lib64/firefox/libxul.so +0x3ad97c8]
Sandbox: frame #23: ???[/usr/lib64/firefox/libxul.so +0x2b2b633]
Sandbox: frame #24: ???[/usr/lib64/firefox/libxul.so +0x2cbf2ae]
Sandbox: frame #25: ???[/usr/lib64/firefox/libxul.so +0x2cc43d4]
Sandbox: frame #26: ???[/usr/lib64/firefox/libxul.so +0x2b78f5d]
Sandbox: frame #27: ???[/usr/lib64/firefox/libxul.so +0x2b7d01e]
Sandbox: frame #28: ???[/usr/lib64/firefox/libxul.so +0x2ba0467]
Sandbox: frame #29: ???[/usr/lib64/firefox/libxul.so +0xa5b112]
Sandbox: frame #30: ???[/usr/lib64/firefox/libxul.so +0xa56abb]
Sandbox: frame #31: ???[/usr/lib64/firefox/libxul.so +0xa69014]
Sandbox: frame #32: ???[/usr/lib64/firefox/libxul.so +0xa6924d]
Sandbox: frame #33: ???[/usr/lib64/firefox/libxul.so +0xa65c5a]
Sandbox: frame #34: ???[/usr/lib64/firefox/libxul.so +0xfcb06e]
Sandbox: frame #35: ???[/usr/lib64/firefox/libxul.so +0xa62f7f]
Sandbox: frame #36: ???[/usr/lib64/firefox/libnspr4.so +0x37686]
Sandbox: frame #37: ???[/lib64/libpthread.so.0 +0x7394]
Sandbox: frame #38: clone[/lib64/libc.so.6 +0xe89ff]
Sandbox: frame #39: ??? (???:???)
Sandbox: end of stack.

Comment 1

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Attachment: Bug 1384439 - Fix #ifdef MOZ_ALSA in security/sandbox/linux.

Review commit: https://reviewboard.mozilla.org/r/161610/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/161610/

Comment 2

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

Comment on attachment 8890474 [details]
Bug 1384439 - Fix #ifdef MOZ_ALSA in security/sandbox/linux.

https://reviewboard.mozilla.org/r/161610/#review166894

::: security/sandbox/linux/moz.build:110
(Diff revision 1)
>  LOCAL_INCLUDES += ['/security/sandbox/chromium-shim']
>  LOCAL_INCLUDES += ['/security/sandbox/chromium']
>  LOCAL_INCLUDES += ['/nsprpub']
>  
> +if CONFIG['MOZ_ALSA']:
> +    DEFINES['MOZ_ALSA'] = True

Should I do this per-directory, like we did in bug 1309098, or would it be better to `AC_DEFINE` it in `old-configure.in`?

Comment 3

[drJeckyll]

Proposed patch not working for me. Today co from hg + patch from https://reviewboard.mozilla.org/r/161610/#review166894 gives me:

Sandbox: seccomp sandbox violation: pid 22116, tid 22232, syscall 29, args 5678293 488 432 0 0 0.  Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: shmget[/lib64/libc.so.6 +0xea397]
Sandbox: frame #02: ???[/usr/lib64/libasound.so.2 +0x80690]
Sandbox: frame #03: snd_pcm_dmix_open[/usr/lib64/libasound.so.2 +0x7bc54]
Sandbox: frame #04: _snd_pcm_dmix_open[/usr/lib64/libasound.so.2 +0x7c4c2]
Sandbox: frame #05: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #06: ???[/usr/lib64/libasound.so.2 +0x49bd8]
Sandbox: frame #07: ???[/usr/lib64/libasound.so.2 +0x4b8de]
Sandbox: frame #08: _snd_pcm_softvol_open[/usr/lib64/libasound.so.2 +0x87234]
Sandbox: frame #09: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #10: ???[/usr/lib64/libasound.so.2 +0x4b911]
Sandbox: frame #11: _snd_pcm_plug_open[/usr/lib64/libasound.so.2 +0x68905]
Sandbox: frame #12: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #13: ???[/usr/lib64/libasound.so.2 +0x4b911]
Sandbox: frame #14: _snd_pcm_asym_open[/usr/lib64/libasound.so.2 +0x83bdc]
Sandbox: frame #15: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #16: ???[/usr/lib64/libasound.so.2 +0x4b911]
Sandbox: frame #17: _snd_pcm_empty_open[/usr/lib64/libasound.so.2 +0x6ec7c]
Sandbox: frame #18: ???[/usr/lib64/libasound.so.2 +0x495c0]
Sandbox: frame #19: ???[/usr/lib64/libasound.so.2 +0x49bd8]
Sandbox: frame #20: snd_pcm_open[/usr/lib64/libasound.so.2 +0x4b5cd]
Sandbox: frame #21: ???[/usr/lib64/firefox/libxul.so +0x3adae09]
Sandbox: frame #22: ???[/usr/lib64/firefox/libxul.so +0x3ada5c8]
Sandbox: frame #23: ???[/usr/lib64/firefox/libxul.so +0x2b2cb23]
Sandbox: frame #24: ???[/usr/lib64/firefox/libxul.so +0x2cc079e]
Sandbox: frame #25: ???[/usr/lib64/firefox/libxul.so +0x2cc58c4]
Sandbox: frame #26: ???[/usr/lib64/firefox/libxul.so +0x2b7a44d]
Sandbox: frame #27: ???[/usr/lib64/firefox/libxul.so +0x2b7e50e]
Sandbox: frame #28: ???[/usr/lib64/firefox/libxul.so +0x2ba1957]
Sandbox: frame #29: ???[/usr/lib64/firefox/libxul.so +0xa5b2c2]
Sandbox: frame #30: ???[/usr/lib64/firefox/libxul.so +0xa56c6b]
Sandbox: frame #31: ???[/usr/lib64/firefox/libxul.so +0xa691f4]
Sandbox: frame #32: ???[/usr/lib64/firefox/libxul.so +0xa6942d]
Sandbox: frame #33: ???[/usr/lib64/firefox/libxul.so +0xa65e0a]
Sandbox: frame #34: ???[/usr/lib64/firefox/libxul.so +0xfcb3de]
Sandbox: frame #35: ???[/usr/lib64/firefox/libxul.so +0xa6312f]
Sandbox: frame #36: ???[/usr/lib64/firefox/libnspr4.so +0x37686]
Sandbox: frame #37: ???[/lib64/libpthread.so.0 +0x7394]
Sandbox: frame #38: clone[/lib64/libc.so.6 +0xe89ff]
Sandbox: frame #39: ??? (???:???)
Sandbox: end of stack.

Comment 4

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

(In reply to drJeckyll from comment #3)
> Proposed patch not working for me. Today co from hg + patch from
> https://reviewboard.mozilla.org/r/161610/#review166894 gives me:
> 
> Sandbox: seccomp sandbox violation: pid 22116, tid 22232, syscall 29, args
> 5678293 488 432 0 0 0.  Killing process.
> Sandbox: crash reporter is disabled (or failed); trying stack trace:
> Sandbox: frame #01: shmget[/lib64/libc.so.6 +0xea397]

Thanks.  It looks like dmix is using shared memory as well as semaphores.  I've backed out bug 1376910 for some graphics-related problems; I'll make sure to fix that when I re-land it.

Comment 5

[Mike Hommey [:glandium]]

Comment on attachment 8890474 [details]
Bug 1384439 - Fix #ifdef MOZ_ALSA in security/sandbox/linux.

https://reviewboard.mozilla.org/r/161610/#review168654

::: security/sandbox/linux/moz.build:110
(Diff revision 1)
>  LOCAL_INCLUDES += ['/security/sandbox/chromium-shim']
>  LOCAL_INCLUDES += ['/security/sandbox/chromium']
>  LOCAL_INCLUDES += ['/nsprpub']
>  
> +if CONFIG['MOZ_ALSA']:
> +    DEFINES['MOZ_ALSA'] = True

Let's keep this per-directory for now.

Comment 6

[Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧]

I'm going to merge this into bug 1376910, because this should currently be working, and the “fix” will be to not re-break it when SysV IPC goes away again.  (There's something going on with with graphics that neither I nor the actual graphics people can adequately explain yet, so that may take a while.)