Open Bug 1830300 Opened 1 year ago Updated 1 year ago

force-enabled VAAPI/X11/Nvidia driver: libva-drm.so crash in [@ __socket]

Categories

(Core :: Security: Process Sandboxing, defect, P3)

Product:
Core
Component:
Security: Process Sandboxing
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox113 --- disabled
firefox114 --- disabled

People

(Reporter: jan, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: crash, nightly-community)

Crash Data

Seen on crash-stats. This user has likely force-enabled VAAPI.

Crash report: https://crash-stats.mozilla.org/report/index/683346c3-d1e3-4e00-b8e3-772760230427

Reason: SIGSYS / SYS_SECCOMP

Top 10 frames of crashing thread:

0  libc.so.6  __socket  /usr/src/debug/glibc/glibc/sysdeps/unix/syscall-template.S:120
1  libxcb.so.1  _xcb_socket  /usr/src/debug/libxcb/libxcb-1.15/src/xcb_util.c:317
2  libxcb.so.1  _xcb_open_abstract  /usr/src/debug/libxcb/libxcb-1.15/src/xcb_util.c:480
2  libxcb.so.1  _xcb_open  /usr/src/debug/libxcb/libxcb-1.15/src/xcb_util.c:291
2  libxcb.so.1  xcb_connect_to_display_with_auth_info  /usr/src/debug/libxcb/libxcb-1.15/src/xcb_util.c:519
3  libX11.so.6  _XConnectXCB  /usr/src/debug/libx11/libX11-1.8.4/src/xcb_disp.c:78
4  libX11.so.6  XOpenDisplay  /usr/src/debug/libx11/libX11-1.8.4/src/OpenDis.c:129
5  libva-drm.so.2  <.text ELF section in libva-drm.so.2.1800.0>  
6  libva.so.2  vaInitialize  
7  libxul.so  libxul.so@0x78591cb

It might be coming from here:
https://github.com/intel/libva/blob/0fc018aff4cca3fb75543ed5e84b90d0f379e462/va/drm/va_drm.c#L57-L65

    /* Authentication is only needed for a legacy DRM device */
    if (ctx->display_type != VA_DISPLAY_DRM_RENDERNODES) {
        ret = drmGetMagic(drm_state->fd, &magic);
        if (ret < 0)
            return VA_STATUS_ERROR_OPERATION_FAILED;

        if (!va_drm_authenticate(drm_state->fd, magic))
            return VA_STATUS_ERROR_OPERATION_FAILED;
    }

va_drm_authenticate calls va_drm_authenticate_x11 which calls drm_auth_x11_init which calls XOpenDisplay.

Edit:
(Jed Davis [:jld] from bug 1748460 comment 1)

[...] I really don't want to allow sockets if there's any way to avoid it [...]

IMHO: Force-enabling hardware decoding could be blocked for deprecated X11 on proprietary Nvidia drivers.
bug 1748460 could focus on Wayland. Or it could be wontfixed and we wait for Vulkan video decode APIs (vp8+vp9+av1 are still missing).
At the moment, those few users run into crashes until they set MOZ_DISABLE_RDD_SANDBOX=1 which is not recommended.

Priority: -- → P3

Based on the topcrash criteria, the crash signature linked to this bug is not a topcrash signature anymore.

For more information, please visit BugBot documentation.

Keywords: topcrash
You need to log in before you can comment on or make changes to this bug.