Launching the profiler on linux insta-crashes due to sandbox violation.
Categories
(Core :: Security: Process Sandboxing, defect)
Tracking
()
People
(Reporter: emilio, Assigned: emilio)
References
Details
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta-
jcristau
:
approval-mozilla-esr68+
|
Details | Review |
trying it on a debug build I get:
[Parent 4506, Main Thread] WARNING: NS_ENSURE_TRUE(weakFrame.IsAlive()) failed: file /home/emilio/src/moz/gecko-2/layout/xul/nsXULPopupManager.cpp, line 1058
Sandbox: seccomp sandbox violation: pid 4688, tid 4742, syscall 230, args 0 0 139981609756488 139981609756488 0 139981609756504. Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: clock_nanosleep[/lib64/libc.so.6 +0xc85b1]
Sandbox: frame #02: nanosleep[/lib64/libc.so.6 +0xcdf87]
Sandbox: frame #03: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952b1da]
Sandbox: frame #04: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952ae7a]
Sandbox: frame #05: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952b6b1]
Sandbox: frame #06: ???[/lib64/libpthread.so.0 +0x9482]
Sandbox: frame #07: clone[/lib64/libc.so.6 +0x101453]
Sandbox: frame #08: ??? (???:???)
Sandbox: end of stack.
Sandbox: seccomp sandbox violation: pid 4567, tid 4745, syscall 230, args 0 0 139690952877896 139690952877896 0 139690952877912. Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: clock_nanosleep[/lib64/libc.so.6 +0xc85b1]
Sandbox: frame #02: nanosleep[/lib64/libc.so.6 +0xcdf87]
Sandbox: frame #03: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952b1da]
Sandbox: frame #04: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952ae7a]
Sandbox: frame #05: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952b6b1]
Sandbox: frame #06: ???[/lib64/libpthread.so.0 +0x9482]
Sandbox: frame #07: clone[/lib64/libc.so.6 +0x101453]
Sandbox: frame #08: ??? (???:???)
Sandbox: end of stack.
Sandbox: seccomp sandbox violation: pid 4632, tid 4747, syscall 230, args 0 0 140445303695176 140445303695176 0 140445303695192. Killing process.
Sandbox: crash reporter is disabled (or failed); trying stack trace:
Sandbox: frame #01: clock_nanosleep[/lib64/libc.so.6 +0xc85b1]
Sandbox: frame #02: nanosleep[/lib64/libc.so.6 +0xcdf87]
Sandbox: frame #03: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952b1da]
Sandbox: frame #04: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952ae7a]
Sandbox: frame #05: ???[/home/emilio/src/moz/gecko-2/obj-debug/dist/bin/libxul.so +0x952b6b1]
Sandbox: frame #06: ???[/lib64/libpthread.so.0 +0x9482]
Sandbox: frame #07: clone[/lib64/libc.so.6 +0x101453]
Sandbox: frame #08: ??? (???:???)
Sandbox: end of stack.
Assignee | ||
Comment 1•5 years ago
|
||
So I tried to get a regression range for this and I can reproduce it in 68... so what gives? has it been a system update?
Nazim, have you seen this before?
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
It seems newer glibc versions implement nanosleep() in terms of
clock_nanosleep(), which broke the profiler due to the sandbox rules
whitelisting the former but not the later.
Unfortunate that the profiler will fail in old Firefox versions though... :/
Comment 4•5 years ago
|
||
We can probably uplift this aggressively.
Comment 5•5 years ago
|
||
Unfortunate that the profiler will fail in old Firefox versions though... :/
This can be worked around with:
security.sandbox.content.syscall_whitelist
Comment 7•5 years ago
|
||
Comment on attachment 9110079 [details]
Bug 1597792 - Allow clock_nanosleep in the sandbox filter. r=gcp
Beta/Release Uplift Approval Request
- User impact if declined: Broken profiler after system (libc) updates.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Not risky - adds permissions to the sandbox.
- String changes made/needed:
Comment 8•5 years ago
|
||
bugherder |
Updated•5 years ago
|
Updated•5 years ago
|
Comment 9•5 years ago
|
||
Previous bugs similar to this haven't necessarily needed uplift, because in those cases it was a newly added syscall and glibc has fallback code, and on non-Nightly builds we return ENOSYS
instead of crashing (see gSandboxCrashOnError
).
This bug is an exception. clock_nanosleep
is old (predates the start of the Git history in 2005) and glibc doesn't have fallback code, so we do need uplift. Otherwise, nanosleep
will fail, and the profiler's assertion that it succeeds is debug-only. I haven't tested this, but I'd expect a release (or beta, or ESR) build affected by this bug to busy-loop interrupting threads for samples, probably making the browser unusable. So we'll need uplift of this and bug 1598040.
Assignee | ||
Comment 10•5 years ago
|
||
Comment on attachment 9110079 [details]
Bug 1597792 - Allow clock_nanosleep in the sandbox filter. r=gcp
Beta/Release Uplift Approval Request
- User impact if declined: Profiler doesn't work on Linux.
- Is this code covered by automated tests?: No
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: Bug 1598040
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Simple sandbox allowance, with further restrictions in bug 1598040.
- String changes made/needed: none
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: See above
- User impact if declined: See above.
- Fix Landed on Version: 72
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): see above
- String or UUID changes made by this patch: none
Comment 11•5 years ago
|
||
Comment on attachment 9110079 [details]
Bug 1597792 - Allow clock_nanosleep in the sandbox filter. r=gcp
I talked with emilio and this bug would only affect end users on Linux that use the profiler and have the most recent glibc library, that seems like a very small subset of users for an uplift on RC day so we agreed that this could ride the 72 train, I am leaving the flag for ESR as it probably makes sense to uplift in the January ESR.
Updated•5 years ago
|
Comment 12•5 years ago
|
||
Comment on attachment 9110079 [details]
Bug 1597792 - Allow clock_nanosleep in the sandbox filter. r=gcp
linux sandbox update, approved for 68.4esr
Comment 13•5 years ago
|
||
bugherder uplift |
Description
•