Most of the EME tests are failing for me locally after the landing of bug 1137963. The spin lock is calling sched_yield() which isn't whitelisted for the GMP sandbox. Unsure if we want to solve this differently, but attaching a patch to whitelist sched_yield() for GMPs. Error message: Sandbox: seccomp sandbox violation: pid 22649, syscall 24, args 0 65535 140222581956852 140222581956304 2 2041. Killing process. Stack: #0 0x00007f29b8764237 in sched_yield () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f29c205c78e in PR_Sleep (ticks=0) at /home/me/src/evil-central/nsprpub/pr/src/pthreads/ptthread.c:818 #2 0x00007f29b9e23668 in AutoTraceLogLock::AutoTraceLogLock (this=0x7f29afffe1a5) at /home/me/src/evil-central/xpcom/base/nsTraceRefcnt.cpp:65 #3 0x00007f29b9e1efed in NS_LogAddRef (aPtr=0x7f29b000f880, aRefcnt=1, aClass=0x7f29bf0b65a5 "FileDescriptorSet", aClassSize=40) at /home/me/src/evil-central/xpcom/base/nsTraceRefcnt.cpp:991 #4 0x00007f29ba3779b4 in FileDescriptorSet::AddRef (this=0x7f29b000f880) at /home/me/src/evil-central/ipc/chromium/src/chrome/common/file_descriptor_set_posix.h:21 #5 0x00007f29ba37e433 in nsRefPtr<FileDescriptorSet>::assign_with_AddRef (this=0x7f29b000f930, aRawPtr=0x7f29b000f880) at ../../dist/include/nsRefPtr.h:29 #6 0x00007f29ba37aa0b in nsRefPtr<FileDescriptorSet>::operator= (this=0x7f29b000f930, aRhs=0x7f29b000f880) at ../../dist/include/nsRefPtr.h:134 #7 0x00007f29ba3736af in IPC::Message::EnsureFileDescriptorSet (this=0x7f29b000f910) at /home/me/src/evil-central/ipc/chromium/src/chrome/common/ipc_message.cc:162 #8 0x00007f29ba3493cc in IPC::Message::file_descriptor_set (this=0x7f29b000f910) at /home/me/src/evil-central/ipc/chromium/src/chrome/common/ipc_message.h:335 #9 0x00007f29ba3482ed in IPC::Channel::ChannelImpl::ProcessOutgoingMessages (this=0x7f29b005f000) at /home/me/src/evil-central/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:683 #10 0x00007f29ba348812 in IPC::Channel::ChannelImpl::Send (this=0x7f29b005f000, message=0x7f29b000f910) at /home/me/src/evil-central/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:792 #11 0x00007f29ba348fbd in IPC::Channel::Send (this=0x7f29b0022640, message=0x7f29b000f910) at /home/me/src/evil-central/ipc/chromium/src/chrome/common/ipc_channel_posix.cc:997 #12 0x00007f29ba3bc3a4 in DispatchToMethod<IPC::Channel, bool (IPC::Channel::*)(IPC::Message*), IPC::Message*> (obj=0x7f29b0022640, method=&virtual table offset 16, arg=...) at /home/me/src/evil-central/ipc/chromium/src/base/tuple.h:393 #13 0x00007f29ba3bbd06 in RunnableMethod<IPC::Channel, bool (IPC::Channel::*)(IPC::Message*), Tuple1<IPC::Message*> >::Run (this=0x7f29b000cf40) at /home/me/src/evil-central/ipc/chromium/src/base/task.h:310 #14 0x00007f29ba3573f7 in MessageLoop::RunTask (this=0x7f29afffea00, task=0x7f29b000cf40) at /home/me/src/evil-central/ipc/chromium/src/base/message_loop.cc:361 #15 0x00007f29ba35746f in MessageLoop::DeferOrRunPendingTask (this=0x7f29afffea00, pending_task=...) at /home/me/src/evil-central/ipc/chromium/src/base/message_loop.cc:369 #16 0x00007f29ba3578ca in MessageLoop::DoWork (this=0x7f29afffea00) at /home/me/src/evil-central/ipc/chromium/src/base/message_loop.cc:456 #17 0x00007f29ba335173 in base::MessagePumpLibevent::Run (this=0x7f29b000c680, delegate=0x7f29afffea00) at /home/me/src/evil-central/ipc/chromium/src/base/message_pump_libevent.cc:311 #18 0x00007f29ba356ecf in MessageLoop::RunInternal (this=0x7f29afffea00) at /home/me/src/evil-central/ipc/chromium/src/base/message_loop.cc:233 #19 0x00007f29ba356e64 in MessageLoop::RunHandler (this=0x7f29afffea00) at /home/me/src/evil-central/ipc/chromium/src/base/message_loop.cc:226 #20 0x00007f29ba356df5 in MessageLoop::Run (this=0x7f29afffea00) at /home/me/src/evil-central/ipc/chromium/src/base/message_loop.cc:200 #21 0x00007f29ba36d350 in base::Thread::ThreadMain (this=0x7f29b002a750) at /home/me/src/evil-central/ipc/chromium/src/base/thread.cc:170 #22 0x00007f29ba335e31 in ThreadFunc (closure=0x7f29b002a750) at /home/me/src/evil-central/ipc/chromium/src/base/platform_thread_posix.cc:39 #23 0x00007f29c227e182 in start_thread (arg=<error reading variable: can't compute CFA for this frame>) at pthread_create.c:312 #24 0x0000000000000000 in ?? ()

Comment on attachment 8581349 [details] [diff] [review] Whitelist sched_yield syscall in GMP sandbox on Linux sched_yield shouldn't be a significant increase in privilege or attack surface.

https://hg.mozilla.org/integration/mozilla-inbound/rev/84b52c0b3bd1 https://hg.mozilla.org/integration/mozilla-inbound/rev/906d30061f76

https://hg.mozilla.org/mozilla-central/rev/84b52c0b3bd1 https://hg.mozilla.org/mozilla-central/rev/906d30061f76

Comment on attachment 8581349 [details] [diff] [review] Whitelist sched_yield syscall in GMP sandbox on Linux Approval Request Comment [Feature/regressing bug #]: EME [User impact if declined]: Without the patch in this bug, the patch in Bug 1148071 turns Linux mochitests red, and we need the patch in Bug 1148071 before we can ship EME. [Describe test coverage new/current, TreeHerder]: Mochitests exercise this; without this patch and the patch for Bug 1148071 Linux tests burn. [Risks and why]: Seems low, just allows something else through the sandbox. [String/UUID change made/needed]: None.

Comment on attachment 8581349 [details] [diff] [review] Whitelist sched_yield syscall in GMP sandbox on Linux Should be in 38 beta 3