| author | Chris Martin <cmartin@mozilla.com> |
| Thu, 13 Jan 2022 20:51:22 +0000 | |
| changeset 604521 | 4c969fd895f9ea47fb1d2892041deb6ab486b228 |
| parent 604520 | 344f14b85f84dabbc7709b5fc5d23e9471060d75 |
| child 604522 | a4812c35655a128b654331dc52d8a84710cd3866 |
| push id | 156021 |
| push user | cmartin@mozilla.com |
| push date | Thu, 13 Jan 2022 20:53:43 +0000 |
| treeherder | autoland@4c969fd895f9 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| bugs | 1736605 |
| milestone | 98.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/security/sandbox/common/SandboxSettings.cpp +++ b/security/sandbox/common/SandboxSettings.cpp @@ -6,16 +6,17 @@ #include "mozilla/SandboxSettings.h" #include "mozISandboxSettings.h" #include "mozilla/Components.h" #include "mozilla/Preferences.h" #include "mozilla/StaticPrefs_media.h" #include "mozilla/StaticPrefs_security.h" +#include "mozilla/StaticPrefs_webgl.h" #include "prenv.h" #ifdef XP_WIN # include "mozilla/gfx/gfxVars.h" # include "mozilla/WindowsVersion.h" # include "nsExceptionHandler.h" #endif // XP_WIN @@ -33,16 +34,19 @@ const char* ContentWin32kLockdownStateTo case ContentWin32kLockdownState::MissingWebRender: return "Win32k Lockdown disabled -- Missing WebRender"; case ContentWin32kLockdownState::OperatingSystemNotSupported: return "Win32k Lockdown disabled -- Operating system not supported"; case ContentWin32kLockdownState::PrefNotSet: return "Win32k Lockdown disabled -- Preference not set"; + + case ContentWin32kLockdownState::MissingRemoteWebGL: + return "Win32k Lockdown disabled -- Missing Remote WebGL"; } MOZ_CRASH("Should never reach here"); } ContentWin32kLockdownState GetContentWin32kLockdownState() { #ifdef XP_WIN static ContentWin32kLockdownState result = [] { @@ -56,16 +60,23 @@ ContentWin32kLockdownState GetContentWin // non-WR render path. // // We don't want a situation where "Win32k Lockdown + No WR" occurs // without the user explicitly requesting unsupported behavior. if (!gfx::gfxVars::UseWebRender()) { return ContentWin32kLockdownState::MissingWebRender; } + // Win32k Lockdown requires Remote WebGL, but it may be disabled on + // certain hardware or virtual machines. + if (!gfx::gfxVars::AllowWebglOop() || + !StaticPrefs::webgl_out_of_process()) { + return ContentWin32kLockdownState::MissingRemoteWebGL; + } + // It's important that this goes last, as we'd like to know in // telemetry and crash reporting if the only thing holding the user // back from Win32k Lockdown is the-lack-of-asking-for-it if (!StaticPrefs::security_sandbox_content_win32k_disable()) { return ContentWin32kLockdownState::PrefNotSet; } return ContentWin32kLockdownState::LockdownEnabled;
--- a/security/sandbox/common/SandboxSettings.h +++ b/security/sandbox/common/SandboxSettings.h @@ -18,21 +18,25 @@ namespace mozilla { // minimum allowed level. Returns 0 (disabled) if the env var // MOZ_DISABLE_CONTENT_SANDBOX is set. int GetEffectiveContentSandboxLevel(); int GetEffectiveSocketProcessSandboxLevel(); // Checks whether the effective content sandbox level is > 0. bool IsContentSandboxEnabled(); +// If you update this enum, don't forget to raise the limit in +// TelemetryEnvironmentTesting.jsm and record the new value in +// environment.rst enum class ContentWin32kLockdownState : int32_t { LockdownEnabled = 1, MissingWebRender, OperatingSystemNotSupported, PrefNotSet, + MissingRemoteWebGL, }; const char* ContentWin32kLockdownStateToString( ContentWin32kLockdownState aValue); ContentWin32kLockdownState GetContentWin32kLockdownState(); #if defined(XP_MACOSX)
--- a/toolkit/components/telemetry/app/TelemetryEnvironment.jsm +++ b/toolkit/components/telemetry/app/TelemetryEnvironment.jsm @@ -1621,24 +1621,18 @@ EnvironmentCache.prototype = { let contentWin32kLockdownState = null; try { let sandboxSettings = Cc[ "@mozilla.org/sandbox/sandbox-settings;1" ].getService(Ci.mozISandboxSettings); effectiveContentProcessLevel = sandboxSettings.effectiveContentSandboxLevel; - // See `ContentWin32kLockdownState` in - // <security/sandbox/common/SandboxSettings.h> - // - // Values: - // 1 = LockdownEnabled - // 2 = MissingWebRender - // 3 = OperatingSystemNotSupported - // 4 = PrefNotSet + // The possible values for this are defined in the ContentWin32kLockdownState + // enum in security/sandbox/common/SandboxSettings.h contentWin32kLockdownState = sandboxSettings.contentWin32kLockdownState; } catch (e) {} return { effectiveContentProcessLevel, contentWin32kLockdownState, }; },
--- a/toolkit/components/telemetry/docs/data/environment.rst +++ b/toolkit/components/telemetry/docs/data/environment.rst @@ -422,17 +422,17 @@ The attribution data is included in some sandbox ~~~~~~~ This object contains data about the state of Firefox's sandbox. Specific keys are: - ``effectiveContentProcessLevel``: The meanings of the values are OS dependent. Details of the meanings can be found in the `Firefox prefs file <https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js>`_. The value here is the effective value, not the raw value, some platforms enforce a minimum sandbox level. If there is an error calculating this, it will be ``null``. -- ``contentWin32kLockdownState``: The status of Win32k Lockdown for Content process. 1 = "Lockdown enabled", 2 = "Lockdown disabled -- Missing WebRender", 3 = "Lockdown disabled -- Unsupported OS", 4 = "Lockdown disabled -- User pref not set". If there is an error calculating this, it will be ``null``. +- ``contentWin32kLockdownState``: The status of Win32k Lockdown for Content process. 1 = "Lockdown enabled", 2 = "Lockdown disabled -- Missing WebRender", 3 = "Lockdown disabled -- Unsupported OS", 4 = "Lockdown disabled -- User pref not set", 5 = "Lockdown disabled -- Missing Remote WebGL". If there is an error calculating this, it will be ``null``. profile ------- creationDate ~~~~~~~~~~~~ The assumed creation date of this client's profile.
--- a/toolkit/components/telemetry/tests/unit/TelemetryEnvironmentTesting.jsm +++ b/toolkit/components/telemetry/tests/unit/TelemetryEnvironmentTesting.jsm @@ -312,17 +312,17 @@ var TelemetryEnvironmentTesting = { Assert.equal( typeof data.settings.sandbox.contentWin32kLockdownState, "number", "sandbox.contentWin32kLockdownState must have the correct type" ); let win32kLockdownState = data.settings.sandbox.contentWin32kLockdownState; - Assert.ok(win32kLockdownState >= 1 && win32kLockdownState <= 4); + Assert.ok(win32kLockdownState >= 1 && win32kLockdownState <= 5); } // Check "defaultSearchEngine" separately, as it can either be undefined or string. if ("defaultSearchEngine" in data.settings) { this.checkString(data.settings.defaultSearchEngine); Assert.equal(typeof data.settings.defaultSearchEngineData, "object"); }
--- a/widget/windows/GfxInfo.cpp +++ b/widget/windows/GfxInfo.cpp @@ -1276,16 +1276,19 @@ static OperatingSystem WindowsVersionToO static bool OnlyAllowFeatureOnWhitelistedVendor(int32_t aFeature) { switch (aFeature) { // The GPU process doesn't need hardware acceleration and can run on // devices that we normally block from not being on our whitelist. case nsIGfxInfo::FEATURE_GPU_PROCESS: // We can mostly assume that ANGLE will work case nsIGfxInfo::FEATURE_DIRECT3D_11_ANGLE: + // Remote WebGL is needed for Win32k Lockdown, so it should be enabled + // regardless of HW support or not + case nsIGfxInfo::FEATURE_ALLOW_WEBGL_OUT_OF_PROCESS: return false; default: return true; } } // Return true if the CPU supports AVX, but the operating system does not. #if defined(_M_X64)