Use USER_LIMITED for the Windows GPU process sandbox on Nightly
Categories
(Core :: Security: Process Sandboxing, enhancement, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox144 | --- | fixed |
People
(Reporter: bobowen, Assigned: bobowen)
References
Details
(Keywords: perf-alert)
Attachments
(1 file)
Landing USER_LIMITED for the Windows GPU process sandbox on Nightly only, to see if we still have the user reported issues we had previously.
|
Assignee | |
Comment 1•1 year ago
|
||
|
||
Comment 3•1 year ago
|
||
| bugherder | ||
|
||
Comment 4•1 year ago
|
||
Lead to huge regressions on many Talos startup-y tests only on Windows hw-wr. Sw-wr is unaffected. So the sandbox is delaying/hampering stuff at startup.
90% on startup_about_home_paint
104% on sessionrestore hw-wr but sw-wr is unaffected
|
||
Comment 5•1 year ago
|
||
(In reply to Mayank Bansal from comment #4)
Mayank: I really appreciate that you're helping us track performance issues. However, please stop CC'ing me on everything you find; I'm not on the performance team and I don't know about everything in Firefox (case in point: I know approximately nothing about our graphics code and sandboxing, i.e. this bug). Usually if you're asking questions or think action needs to be taken, pinging the assignee of the bug or triage owner (if there isn't an assignee) would be more appropriate.
Lead to huge regressions on many Talos startup-y tests only on Windows hw-wr. Sw-wr is unaffected. So the sandbox is delaying/hampering stuff at startup.
Is there a separate perf alert bug on file? That is the typical way to deal with this, right? If not, let's get one on file and needinfo the assignee of the regressing bug (Bob) there. Even better if you have profiles of a before/after build to show what is causing the slowdown.
|
||
Comment 7•1 year ago
|
||
Backed out for causing sandboxing crashes related to font loading
Backout link: https://hg.mozilla.org/integration/autoland/rev/f3a91d82cca84a81609f5c5e9bf827198b8c9ebc
|
|
||
Comment 9•1 year ago
|
||
Gijs: I had cc'd you based on the test owner mentioned here for startup_about_home_paint
|
||
Comment 10•1 year ago
|
||
Backout merged to central: https://hg.mozilla.org/mozilla-central/rev/f3a91d82cca8
|
|
Assignee | |
Updated•1 year ago
|
|
||
Comment 11•1 year ago
|
||
(In reply to Sandor Molnar[:smolnar] from comment #7)
Backed out for causing sandboxing crashes related to font loading
Backout link: https://hg.mozilla.org/integration/autoland/rev/f3a91d82cca84a81609f5c5e9bf827198b8c9ebc
Perfherder has detected a talos performance change from push f3a91d82cca84a81609f5c5e9bf827198b8c9ebc.
If you have any questions, please reach out to a performance sheriff. Alternatively, you can find help on Slack by joining #perf-help, and on Matrix you can find help by joining #perftest.
Improvements:
| Ratio | Test | Platform | Options | Absolute values (old vs new) |
|---|---|---|---|---|
| 56% | ts_paint | windows11-64-24h2-shippable | e10s fission stylo webrender | 725.50 -> 320.92 |
| 53% | sessionrestore_no_auto_restore | windows11-64-24h2-shippable | e10s fission stylo webrender | 762.50 -> 358.08 |
| 52% | sessionrestore | windows11-64-24h2-shippable | e10s fission stylo webrender | 740.33 -> 354.67 |
| 47% | startup_about_home_paint_cached | windows11-64-24h2-shippable | e10s fission stylo webrender | 869.25 -> 458.83 |
| 47% | startup_about_home_paint | windows11-64-24h2-shippable | e10s fission stylo webrender | 870.67 -> 463.17 |
| 46% | startup_about_home_paint_realworld_webextensions | windows11-64-24h2-shippable | e10s fission stylo webrender | 891.00 -> 483.67 |
Details of the alert can be found in the alert summary, including links to graphs and comparisons for each of the affected tests.
If you need the profiling jobs you can trigger them yourself from treeherder job view or ask a performance sheriff to do that for you.
You can run all of these tests on try with ./mach try perf --alert 45210
The following documentation link provides more information about this command.
|
|
Assignee | |
Comment 12•1 year ago
|
||
|
||
Comment 13•1 year ago
|
||
|
||
Comment 14•1 year ago
|
||
| bugherder | ||
|
|
||
Comment 15•1 year ago
|
||
|
||
Comment 16•1 year ago
|
||
Backed out as requested
|
|
||
Comment 17•1 year ago
|
||
Backout merged to central: https://hg-edge.mozilla.org/mozilla-central/rev/584aadc43139
|
|
Assignee | |
Comment 18•11 months ago
|
||
It looks like this is down to people having user only fonts in places other than the standard directory.
This could be manually done or more likely to be third party font managers.
This would not normally cause issues as the content process can't access these either (issues other than not being able to use those fonts).
However, dropdown/combo boxes still have their layout done in the parent, so it can access these fonts.
So, if they are used the GPU process can't find them causing either garbled fonts or crashes.
Even if it is possible moving the layout back to the content process, doesn't seem to be trivial.
The simplest solution is to add policy rules to allow read access to either the fonts or their dirs.
While not ideal, only the user, SYSTEM and Administrators have write access to the registry key, so to add malicious entry an attacker would already have user or higher access to the system.
|
|
Assignee | |
Comment 19•9 months ago
|
||
try push with latest fix from bug 1977201:
https://treeherder.mozilla.org/jobs?repo=try&revision=50699f5a6fdfbb0857459681f6ad635a6ffd2548
|
|
||
Comment 20•9 months ago
|
||
|
|
||
Comment 21•9 months ago
|
||
|
||
Comment 22•9 months ago
|
||
Backed out for causing marionette failures on test_refresh_firefox.py
|
|
Assignee | |
Updated•9 months ago
|
|
|
||
Comment 23•9 months ago
|
||
|
||
Comment 24•9 months ago
|
||
| bugherder | ||
|
||
Comment 25•9 months ago
|
||
:bobowen, anything you want to mention here in a release note? (Process info)
We could include it in the nightly only release notes if you wanted some extra visibility.
|
|
Assignee | |
Comment 26•9 months ago
|
||
(In reply to Donal Meehan [:dmeehan] from comment #25)
:bobowen, anything you want to mention here in a release note? (Process info)
We could include it in the nightly only release notes if you wanted some extra visibility.
Possibly, but I'll wait a couple of days to make sure it sticks and the existing issues on previous attempts seem to be fixed.
There isn't anything specific people can do testing-wise, apart from look out for GPU process crashes and possibly rendering quirks, so we'll have to explain that, but I guess people using Nightly are more used to looking out for such things.
|
|
Assignee | |
Updated•9 months ago
|
|
||
Updated•8 months ago
|
|
|
Assignee | |
Comment 27•8 months ago
•
|
||
I'm going to wait until I'm back to think about this again.
Description
•