[sandbox-bpf] GPU policy requires addition of sysinfo syscall approval on Glibc >=2.23 systems
Reported by
binarykh...@googlemail.com,
Apr 22 2016
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36 Steps to reproduce the problem: 1. Launch chromium on a Glibc >= 2.23 system 2. Visit https://virtualart.chromeexperiments.com/ and start it 3. WebGL will hit a "Rats! WebGL hit a snag..." What is the expected behavior? The page should run and display just fine w/ WebGL. What went wrong? Starting with Glibc 2.23, __get_phys_pages and __get_avphys_pages stopped parsing /proc/meminfo for their required information and now use sysinfo() instead. This has direct implications on e.g. qsort which uses those functions and thus now transitively also requires the sysinfo syscall. If one accesses a WebGL site for example, somewhere along the line, qsort_r is used, thus a sysinfo syscall is made which is crashed by the policy and brings the browser into disarray causing graphical glitches all over with tearing and more in all tabs. This not only happens with WebGL obviously. Crashed report ID: How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 50.0.2661.86 Channel: stable OS Version: K: 4.5.2, Glibc: 2.23 Flash Version: 21.0.0.216 Starting the browser with --disable-seccomp-filter-sandbox obviously "masks" the problem and everything "works". Also adding sysinfo to the list of allowed syscalls in the GPU policy, also works just fine with the sandbox-bpf enabled.
,
Apr 26 2016
Cc'ing yunlian@ for related work on Issue 603189 for more inputs and help in finding an appropriate owner for this. Note: I've EGLIBC 2.19 on my Ubuntu 14.04 system.
,
May 13 2016
This has been fixed by https://codereview.chromium.org/1930223002 which landed recently on master. Thus, this issue can be closed now. Thanks.
,
Aug 16 2016
,
Jun 20 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by binarykh...@googlemail.com
, Apr 22 2016