Closed
Bug 983518
Opened 11 years ago
Closed 11 years ago
Homescreen sandbox crash on QRD kitkat
Categories
(Core :: Security, defect)
Tracking
()
People
(Reporter: pauljt, Assigned: kang)
References
Details
(Whiteboard: [cr 631673])
Attachments
(1 file, 1 obsolete file)
714 bytes,
patch
|
kang
:
review+
|
Details | Diff | Splinter Review |
Mvines report that homescreen is crashing with a sandbox error on kitkat. We need to jump on this asap.
For the KK baseline (i.e., the real v1.4 baseline) , the homescreen gets
killed at boot with a:
E/Sandbox ( 1241): seccomp sandbox violation: pid 1241, syscall 186, args
3005218204 0 0 3 4308040 0. Killing process.
Bug can be reproduced using this build:
https://bug961246.bugzilla.mozilla.org/attachment.cgi?id=8381550&t=VRMWJg37
Comment 1•11 years ago
|
||
Also enable these configs in arch/arm/configs/msm8226_defconfig first of course:
+CONFIG_SECCOMP=y
+CONFIG_SECCOMP_FILTER=y
Updated•11 years ago
|
blocking-b2g: --- → 1.4+
Updated•11 years ago
|
Whiteboard: [cr 631673]
Comment 2•11 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #0)
> E/Sandbox ( 1241): seccomp sandbox violation: pid 1241, syscall 186, args 3005218204
sigaltstack. It should be reasonably safe to whitelist it. I'm curious what the call stack is, though.
Comment 3•11 years ago
|
||
https://www.codeaurora.org/cgit/quic/la/platform/bionic/tree/libc/bionic/pthread_create.cpp?id=d3e32648689e22569dfe45f77bceb358042914fc#n71
---
Crash reason: SIGSYS
Crash address: 0xb6f4e3cc
Thread 14 (crashed)
0 libc.so + 0x203cc
r4 = 0x00a04c48 r5 = 0x00000000 r6 = 0xb5395fe9 r7 = 0x000000ba
r8 = 0xb5395fe9 r9 = 0xb3202000 r10 = 0xbec812ec fp = 0xb6f7a2ec
sp = 0xb32ffd90 lr = 0xb6f3b1b8 pc = 0xb6f4e3cc
Found by: given as instruction pointer in context
1 libc.so!__thread_entry [pthread_create.cpp : 99 + 0x6]
sp = 0xb32ffdb8 pc = 0xb6f3b200
Found by: stack scanning
2 libc.so!pthread_create [pthread_create.cpp : 224 + 0x16]
r4 = 0x00a04c48 r5 = 0xb32ffdd0 r6 = 0x0000000b r7 = 0x00000078
sp = 0xb32ffdd0 pc = 0xb6f3b3b4
Found by: call frame info
Updated•11 years ago
|
Component: General → Security
Product: Firefox OS → Core
Version: unspecified → Trunk
Assignee | ||
Comment 4•11 years ago
|
||
Reproduced on AU_LINUX_GECKO_B2G_KK_3.5.01.04.00.113 and AU_LINUX_GECKO_B2G_KK_3.5.01.04.00.113.025
Whitelisting the syscall sigaltstack solves it. This stuff is used to keep the signal state in the 'main' stack while handling debugging signals in the alternate stack.
Try: https://tbpl.mozilla.org/?tree=Try&rev=d11b8f4947f1
Attachment #8391546 -
Flags: review?(ptheriault)
Assignee | ||
Comment 5•11 years ago
|
||
Comment on attachment 8391546 [details] [diff] [review]
sigal.patch
Review of attachment 8391546 [details] [diff] [review]:
-----------------------------------------------------------------
I'm tired. wrong reviewer.
Attachment #8391546 -
Flags: review?(ptheriault) → review?(jld)
Comment 6•11 years ago
|
||
Comment on attachment 8391546 [details] [diff] [review]
sigal.patch
Review of attachment 8391546 [details] [diff] [review]:
-----------------------------------------------------------------
::: security/sandbox/linux/seccomp_filter.h
@@ +139,5 @@
> ALLOW_SYSCALL(epoll_ctl), \
> ALLOW_SYSCALL(sched_yield), \
> ALLOW_SYSCALL(sched_getscheduler), \
> + ALLOW_SYSCALL(sched_setscheduler), \
> + ALLOW_SYSCALL(sigalstack),
"sigaltstack", with a "t".
Attachment #8391546 -
Flags: review?(jld) → review+
Assignee | ||
Comment 7•11 years ago
|
||
Attachment #8391546 -
Attachment is obsolete: true
Attachment #8391571 -
Flags: review+
Comment 8•11 years ago
|
||
Assignee: nobody → gdestuynder
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
Updated•11 years ago
|
status-b2g-v1.4:
--- → fixed
status-firefox28:
--- → wontfix
status-firefox29:
--- → wontfix
status-firefox30:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•