Closed Bug 1458553 Opened 7 years ago Closed 7 years ago

Return of Google Maps all black map with updated Nvidia web driver on Mac

Categories

(Core :: Security: Process Sandboxing, defect, P1)

Product:
Core
Component:
Security: Process Sandboxing
Version:
60 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla61
Tracking Flags:
Tracking Status
relnote-firefox --- 60+
firefox-esr52 --- unaffected
firefox-esr60 --- fixed
firefox59 --- unaffected
firefox60 --- fixed
firefox61 --- fixed

People

(Reporter: mattsmeltz, Assigned: haik)

References

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac
59 bytes, text/x-review-board-request
Alex_Gaynor
: review+
jcristau
: approval-mozilla-release+
jcristau
: approval-mozilla-esr60+
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID: 20180426170554 Steps to reproduce: This issue is very similar to bug 1422027 I have a Macbook Pro 11,3 with Intel Iris Pro 5200 and Nvidia GeForce GT 750M and am using the updated Nvidia Web Driver. With the Nvidia Web Driver installed, navigate to Google Maps. Actual results: When I go to Google Maps, the map navigation is very slow and the map is occasionally all black or blinks black especially while trying to zoom in or out. It is unusable. Expected results: Google Maps should work normally. mozregression: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=4536fd333b16bfa86eb1fdf94616d2d067bfc41f&tochange=a678eec13c6e6bf1662cc4db5719bbb413c63f65
Blocks: 1428055
Component: Untriaged → Security: Process Sandboxing
Product: Firefox → Core
Thanks for reporting the problem and running mozregression. Given what was reported about the Nvidia Web driver on https://bugzilla.mozilla.org/show_bug.cgi?id=1421262#c8 we probably need to add "/Library/GPU Bundles" to the file-map-executable allow list in the sandbox policy. I'll try to confirm that.
mws, does the problem also occur for you with Nightly? If so, would you be willing to test a build of Nightly with a potential fix? The build linked below is a build of Nightly with a change to the sandbox policy which I suspect will solve the problem. I don't have access to a machine that supports the Nvidia Web driver yet to confirm it myself. https://queue.taskcluster.net/v1/task/Rv-PzqmWSYmdHL5p7sTpCg/runs/0/artifacts/public/build/target.dmg
Flags: needinfo?(mattsmeltz)
Yes the problem is in Nightly too. The fix in the test build does solve the problem. Thanks!
Flags: needinfo?(mattsmeltz)
Assignee: nobody → haftandilian
Priority: -- → P1
(In reply to mws from comment #3) > Yes the problem is in Nightly too. > > The fix in the test build does solve the problem. Thanks! Great. Thanks for testing. The only change was in the content process sandbox to allow mapping in executable code read from /Library/GPUBundles. Which makes sense because the Web driver installs files there. This should make Beta 60 and we might be able to expedite the fix into Release on account of the fix being very low risk.
I forgot to mention in the description of this bug, but I think I should just for completeness, that the workaround from bug 1421262 of changing security.sandbox.content.level did not work this time. (In reply to Haik Aftandilian [:haik] from comment #5) > (In reply to mws from comment #3) > > Yes the problem is in Nightly too. > > > > The fix in the test build does solve the problem. Thanks! > > Great. Thanks for testing. The only change was in the content process > sandbox to allow mapping in executable code read from /Library/GPUBundles. > Which makes sense because the Web driver installs files there. This should > make Beta 60 and we might be able to expedite the fix into Release on > account of the fix being very low risk. Thanks, I'll look out for it in Nightly and Beta 60. The problem is not in 59.
(In reply to mws from comment #6) > I forgot to mention in the description of this bug, but I think I should > just for completeness, that the workaround from bug 1421262 of changing > security.sandbox.content.level did not work this time. Sorry for not mentioning that, but it is expected given that the file-map-executable use in the sandbox is not affected by the level pref. If there's a dire need for a workaround, you can completely disable the content sandbox using an environment variable, but it's better to avoid that due to the reduced security. > Thanks, I'll look out for it in Nightly and Beta 60. The problem is not in 59. Bug 1428055 (which introduced this) didn't make it into 59, but it is in 60 which will soon become Release.
Comment on attachment 8972716 [details] Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac https://reviewboard.mozilla.org/r/241246/#review247238 Can you change the first line of the commit message to be clearer for people not already familiar with this issue?
Attachment #8972716 - Flags: review?(agaynor) → review+
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Keywords: regression
Comment on attachment 8972716 [details] Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac https://reviewboard.mozilla.org/r/241246/#review247238 Thanks. Updated commit message to be 'Update Mac sandbox rules to allow executable mappings from /Library/GPUBundles which is used by the Nvidia downloadable "Web" driver.'
Pushed by haftandilian@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d67ad5505bc5 Return of Google Maps all black map with updated Nvidia web driver on Mac r=Alex_Gaynor
Comment on attachment 8972716 [details] Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac Approval Request Comment [Feature/Bug causing the regression]: Bug 1428055 - "Deny access to some properties from the mac sandbox which are included in the default permissions" which is in build 60 about to hit Release. [User impact if declined]: On some Macs running the downloadable Nvidia graphics drivers (aka Web Drivers), Firefox is unusable on certain sites like Google Maps. If we decline the uplift to Beta at this time, we could uplift to Release. Uplifting now prevents a regression in Release. [Is this code covered by automated tests?]: The changed code is executed every time content processes startup, but validating that the downloadable drivers work is not done. [Has the fix been verified in Nightly?]: The fix is on Autoland at this time. [Needs manual test from QE? If yes, steps to reproduce]: See description. Requires a Mac that is supported by the downloadable Web drivers. [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: The change is small and results in the content process sandbox being slightly more permissive which is very unlikely to introduce problems. [String changes made/needed]: None
Attachment #8972716 - Flags: approval-mozilla-beta?
https://hg.mozilla.org/mozilla-central/rev/d67ad5505bc5
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox61: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Confirmed. Google Maps works in the latest Nightly on my machine.
(In reply to Haik Aftandilian [:haik] from comment #12) > [User impact if declined]: > On some Macs running the downloadable Nvidia graphics drivers (aka Web > Drivers), Firefox is unusable on certain sites like Google Maps. If we > decline the uplift to Beta at this time, we could uplift to Release. > Uplifting now prevents a regression in Release. > beta is 61 at this point, and 60 is in mozilla-release. We've built two release candidates, and I'm not planning on a third unless something really really bad comes up. I'm not sure this fits the bill.
status-firefox59: --- → unaffected
status-firefox60: --- → affected
status-firefox-esr52: --- → unaffected
status-firefox-esr60: --- → affected
Comment on attachment 8972716 [details] Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac Moving the request to the appropriate branches, regardless.
Attachment #8972716 - Flags: approval-mozilla-release?
Attachment #8972716 - Flags: approval-mozilla-esr60?
Attachment #8972716 - Flags: approval-mozilla-beta?
Do we know how many people this might affect?
Flags: needinfo?(haftandilian)
(In reply to Julien Cristau [:jcristau] from comment #17) > Do we know how many people this might affect? No. I tried to get an answer using telemetry, but haven't found a good approximation yet. It's the percentage of Mac users on Macs with Nvidia graphics who go out of the way to install the Nvidia driver. The last released Mac with an Nvidia card was the 2014 MacBook Pro which still is supported by Apple to run macOS High Sierra 10.13. Firefox supports systems running on Mac OS 10.9+ so that would include many of the older Macs running Nvidia cards. If this doesn't make the 60 release, I think it should be fixed in the first update. The fix is low risk.
Flags: needinfo?(haftandilian)
Yep, it's on my list for 60.0.1, thanks.
Comment on attachment 8972716 [details] Bug 1458553 - Return of Google Maps all black map with updated Nvidia web driver on Mac fix an issue with some nvidia drivers on mac, approved for 60.0.1 and corresponding esr.
Attachment #8972716 - Flags: approval-mozilla-release?
Attachment #8972716 - Flags: approval-mozilla-release+
Attachment #8972716 - Flags: approval-mozilla-esr60?
Attachment #8972716 - Flags: approval-mozilla-esr60+
Added this to Firefox and ESR 60.0.1 release notes
relnote-firefox: --- → 60+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: