New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 805966 link

Starred by 2 users
Status: Fixed
Owner:
warx@chromium.org
Last visit > 30 days ago
Closed: Jan 2018
Cc:
malaykeshav@chromium.org
ihf@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug


Show other hotlists

Hotlists containing this issue:
Hotlist-1


Sign in to add a comment

Four informational builders failed on HWTest(bvt-inline) security_OpenFDs: FAIL: Unexpected open file descriptors

Project Member Reported by warx@chromium.org, Jan 25 2018

Comment 1 by warx@chromium.org, Jan 25 2018 

Typo, should be: "the latest tricky-tot-chrome-pfq-informational build #7822 succeed"

Comment 2 by warx@chromium.org, Jan 25 2018

Status: Started (was: Assigned)
Still fails. Will bisect find the culprit CL. Hopefully it is not flaky.

Comment 3 by warx@chromium.org, Jan 25 2018 

Culprit CL identified. Reverting patch is created and in CQ: https://chromium-review.googlesource.com/c/chromium/src/+/887290

Comment 4 by csharrison@chromium.org, Jan 25 2018 

I believe our ruleset neets to be whitelisted as an open FD in the renderer, since it is mmapped in.

Comment 5 by csharrison@chromium.org, Jan 25 2018

Cc: ihf@chromium.org
ihf: could you help me with this issue? I see you are the last person touching security_OpenFDs.py. I'm not quite sure how to go about changing that file.

Our feature opens a mmapped ruleset in the render process that is used to match against outgoing requests. I think it needs to be added to the OpenFDs whitelist.

From the logs [1] it looks like this is under the path:
/home/chronos/Subresource Filter/Indexed Rules/19/7.54/Ruleset Data
Although the various path versioning is subject to change. I'm also not sure if home/chronos is going to be constant across these builders as Chrome's user-data-dir.

Comment 6 by ihf@chromium.org, Jan 25 2018 

From the logs the failure is

01/24 16:15:48.729 DEBUG|  security_OpenFDs:0138| Found pid 14946 for chrome
01/24 16:15:48.745 ERROR|  security_OpenFDs:0144| Some filter(s) failed to match any fds: set(['0700 anon_inode:dmabuf', '0700 /dev/dri/renderD128'])
01/24 16:15:48.755 ERROR|  security_OpenFDs:0147| Found unexpected fds in chrome type=renderer: set(['0500 /home/chronos/Subresource Filter/Indexed Rules/19/7.54/Ruleset Data'])
01/24 16:15:48.764 DEBUG|  security_OpenFDs:0138| Found pid 14990 for chrome
01/24 16:15:48.771 ERROR|  security_OpenFDs:0144| Some filter(s) failed to match any fds: set(['0700 anon_inode:dmabuf', '0700 /dev/dri/renderD128'])
01/24 16:15:48.781 ERROR|  security_OpenFDs:0147| Found unexpected fds in chrome type=renderer: set(['0500 /home/chronos/Subresource Filter/Indexed Rules/19/7.54/Ruleset Data'])

Comment 7 by ihf@chromium.org, Jan 25 2018 

Yes, /home/chronos/ will stay the same.

If this is a new feature you should whitelist it with an appropriate regex to accommodate version changes.
Project Member

Comment 8 by bugdroid1@chromium.org, Jan 26 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ad9fe998d1954d8688c96e5ee864c4d4f1f6642d

commit ad9fe998d1954d8688c96e5ee864c4d4f1f6642d
Author: Qiang(Joe) Xu <warx@chromium.org>
Date: Fri Jan 26 18:12:08 2018

Revert "[subresource_filter] Enable SubresourceFilter experiment by default"

This reverts commit 32bff724cd465ee648b139dca392b6c30ab7e475.

Reason for revert: causing chrome pfq HWTest failure:  crbug.com/805966 

Original change's description:
> [subresource_filter] Enable SubresourceFilter experiment by default
>
> This also enables the filtering after a phishing interstitial by
> default.
>
> Bug: None
> Change-Id: Icb5a074575e2cf1ecd69d5e0ccfb573cf06cf799
> Reviewed-on: https://chromium-review.googlesource.com/729144
> Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
> Commit-Queue: Charlie Harrison <csharrison@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#531639}

TBR=csharrison@chromium.org,shivanisha@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  805966 
Change-Id: Ie448e5e468d9f4b00eaf63754acac952acad06af
Reviewed-on: https://chromium-review.googlesource.com/887290
Commit-Queue: Qiang(Joe) Xu <warx@chromium.org>
Reviewed-by: Qiang(Joe) Xu <warx@chromium.org>
Cr-Commit-Position: refs/heads/master@{#532019}
[modify] https://crrev.com/ad9fe998d1954d8688c96e5ee864c4d4f1f6642d/chrome/browser/subresource_filter/subresource_filter_browsertest.cc
[modify] https://crrev.com/ad9fe998d1954d8688c96e5ee864c4d4f1f6642d/components/subresource_filter/core/browser/subresource_filter_features.cc
[modify] https://crrev.com/ad9fe998d1954d8688c96e5ee864c4d4f1f6642d/components/subresource_filter/core/browser/subresource_filter_features_unittest.cc

Comment 9 by warx@chromium.org, Jan 26 2018

Components: Build

Comment 10 by warx@chromium.org, Jan 26 2018

Status: Fixed (was: Started)
There are already two successful builds on tricky-tot-chrome-pfq-informational and peach_pit-tot-chrome-pfq-informational builders. Mark this as fixed.
Project Member

Comment 11 by bugdroid1@chromium.org, Jan 31 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/1281f2d7630a86d97a4c3965ac77606f4273bf7a

commit 1281f2d7630a86d97a4c3965ac77606f4273bf7a
Author: Charles Harrison <csharrison@chromium.org>
Date: Wed Jan 31 16:29:46 2018

security_OpenFDs: whitelist subresource filter ruleset

BUG= chromium:805966 
TEST=test_that <ipaddr> security_OpenFDs does not list Subresource Filter
Change-Id: Id407e9e469f0c27a9a5ec4fa3083486c050d9c43
Reviewed-on: https://chromium-review.googlesource.com/886864
Commit-Ready: Charlie Harrison <csharrison@chromium.org>
Tested-by: Ilja H. Friedel <ihf@chromium.org>
Tested-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Ilja H. Friedel <ihf@chromium.org>

[modify] https://crrev.com/1281f2d7630a86d97a4c3965ac77606f4273bf7a/client/site_tests/security_OpenFDs/security_OpenFDs.py
Project Member

Comment 12 by bugdroid1@chromium.org, Jan 31 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/38a750533d2ad85489be54d6126807e8fd6c7a89

commit 38a750533d2ad85489be54d6126807e8fd6c7a89
Author: Charles Harrison <csharrison@chromium.org>
Date: Wed Jan 31 18:59:43 2018

Reland: [subresource_filter] Enable SubresourceFilter experiment by default

This relands crrev.com/531639. This is fixed by upstreaming CrOS change
https://chromium-review.googlesource.com/c/chromiumos/third_party/autotest/+/886864

Original description:
This also enables the filtering after a phishing interstitial by
default.

Bug:  805966 
Change-Id: I691058f6e9c636b6c494b8d03b2e8fa82416d994
Reviewed-on: https://chromium-review.googlesource.com/729144
Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
Commit-Queue: Charlie Harrison <csharrison@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#531639}
Reviewed-on: https://chromium-review.googlesource.com/895707
Cr-Commit-Position: refs/heads/master@{#533345}
[modify] https://crrev.com/38a750533d2ad85489be54d6126807e8fd6c7a89/chrome/browser/subresource_filter/subresource_filter_browsertest.cc
[modify] https://crrev.com/38a750533d2ad85489be54d6126807e8fd6c7a89/components/subresource_filter/core/browser/subresource_filter_features.cc
[modify] https://crrev.com/38a750533d2ad85489be54d6126807e8fd6c7a89/components/subresource_filter/core/browser/subresource_filter_features_unittest.cc

Sign in to add a comment