Closed Bug 1501126 Opened 7 years ago Closed 7 years ago

[Mac] Enable sandbox early startup by default on Nightly

Categories

(Core :: Security: Process Sandboxing, enhancement, P1)

Product:
Core
Component:
Security: Process Sandboxing
Version:
65 Branch
Platform:
Unspecified
macOS
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla65
Tracking Flags:
Tracking Status
firefox65 --- fixed

People

(Reporter: haik, Assigned: haik)

References

(Depends on 1 open bug)

Details

Attachments

(1 file)

Bug 1501126 - [Mac] Enable sandbox early startup by default on Nightly r?Alex_Gaynor
47 bytes, text/x-phabricator-request
Details | Review
Enable the early startup mode of the Mac content sandbox by default in Nightly by default (by setting security.sandbox.content.mac.earlyinit=true).
Assignee: nobody → haftandilian
Depends on: 1501121, 1431441
Priority: -- → P1
Depends on: 1502228
From bug 1431441 comment 33 by Ionut > Before the backout, we noticed these big performance regressions: > > == Change summary for alert #16766 (as of Fri, 12 Oct 2018 13:23:55 GMT) == > > Regressions: > > 16% sessionrestore osx-10-10 opt e10s stylo 640.67 -> 745.17 > 13% ts_paint osx-10-10 opt e10s stylo 707.67 -> 802.83 > 13% sessionrestore_no_auto_restore osx-10-10 opt e10s stylo 675.29 -> 764.67 > 13% ts_paint_webext osx-10-10 opt e10s stylo 712.33 -> 803.92 > > For up to date results, see: https://treeherder.mozilla.org/perf.html#/alerts?id=16766 The changes move our call to sandbox_init_with_parameters() in content processes from being run on the main thread event loop during initialization to early in main. I do not think the regressions in sessionrestore, ts_paint, or ts_paint_webext are meaningful because it appears that those tests previously (without the code changes) didn't include the execution time of sandbox_init_with_parameters(), but do now that the function has been moved. I tested this by adding a 0.5 second busy loop in the original code site and found that it didn't affect those benchmarks. That wasn't the case for sessionrestore_no_auto_restore. I need some help understanding exactly what these tests are timing though. Ionut, are you able to help with that or is there someone you can recommend? I also found that sandbox_init_with_parameters() is much slower on older hardware like we have on try. Some rough numbers I collected for the average execution time: 2008 MacBook with macOS 10.9: 500ms try hardware (t-yosemite-r7-186) with macOS 10.10: 122ms 2015 MacBook Air with macOS 10.14: 15ms 2012 MacBook Pro with macOS 10.11: 14ms 2018 MacBook Pro with macOS 10.14: 8ms
Flags: needinfo?(igoldan)
@Ionut, jmaher offered to help with my questions. Is it OK to land while still resolving this?
(In reply to Haik Aftandilian [:haik] from comment #1) > From bug 1431441 comment 33 by Ionut > > Before the backout, we noticed these big performance regressions: > > > > == Change summary for alert #16766 (as of Fri, 12 Oct 2018 13:23:55 GMT) == > > > > Regressions: > > > > 16% sessionrestore osx-10-10 opt e10s stylo 640.67 -> 745.17 > > 13% ts_paint osx-10-10 opt e10s stylo 707.67 -> 802.83 > > 13% sessionrestore_no_auto_restore osx-10-10 opt e10s stylo 675.29 -> 764.67 > > 13% ts_paint_webext osx-10-10 opt e10s stylo 712.33 -> 803.92 > > > > For up to date results, see: https://treeherder.mozilla.org/perf.html#/alerts?id=16766 > > I need some help understanding exactly what these tests are timing though. > Ionut, are you able to help with that or is there someone you can recommend? Yes, for sessionrestore* test you can contact :mikedeboer. As for ts_paint, it used to be :milan, but now I think one of the contacts would be :davidb.
(In reply to Haik Aftandilian [:haik] from comment #2) > @Ionut, jmaher offered to help with my questions. Is it OK to land while > still resolving this? You can land this, it's just that I need constant feedback on the evolution of the fix, from your behalf.
Flags: needinfo?(igoldan)
Depends on: 1505445
I think bug 1505445 will address the talos regressions listed in comment 3. I plan to land this fix after bug 1505445 which is out for review.
Set security.sandbox.content.mac.earlyinit=true to enable sandbox early startup by default on Nightly only.
Blocks: 1505573
Pushed by haftandilian@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/22d335fc020f [Mac] Enable sandbox early startup by default on Nightly r=Alex_Gaynor
https://hg.mozilla.org/mozilla-central/rev/22d335fc020f
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox65: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Depends on: 1506776
Depends on: 1506495
Depends on: 1524694
Regressions: 1588821
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: