| ☠☠ backed out by 14ee0b7ecef3 ☠ ☠ | |
| author | Chris Martin <cmartin@mozilla.com> |
| Fri, 08 Feb 2019 14:34:18 +0000 (2019-02-08) | |
| changeset 458249 | 60f9b60f1f4f1af3e6a8583b2c4f2c8d3512c276 |
| parent 458248 | 2a4f6bb7524a70afcf19e57f61a763b2bd9c9a18 |
| child 458250 | c6d1ab19c941bac75643276575b476182c16bc7c |
| push id | 35522 |
| push user | nbeleuzu@mozilla.com |
| push date | Sat, 09 Feb 2019 03:34:29 +0000 (2019-02-09) |
| treeherder | mozilla-central@4e56ef85817a [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | bobowen |
| bugs | 1347710 |
| milestone | 67.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -1031,17 +1031,17 @@ pref("security.sandbox.content.level", 5 pref("security.sandbox.windows.log.stackTraceDepth", 0); #endif // This controls the strength of the Windows GPU process sandbox. Changes // will require restart. // For information on what the level number means, see // SetSecurityLevelForGPUProcess() in // security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp -pref("security.sandbox.gpu.level", 0); +pref("security.sandbox.gpu.level", 1); // Controls whether we disable win32k for the processes. // true means that win32k system calls are not permitted. pref("security.sandbox.rdd.win32k-disable", true); // Note: win32k is currently _not_ disabled for GMP due to intermittent test // failures, where the GMP process fails very early. See bug 1449348. pref("security.sandbox.gmp.win32k-disable", false); #endif
--- a/gfx/ipc/GPUProcessHost.cpp +++ b/gfx/ipc/GPUProcessHost.cpp @@ -31,17 +31,26 @@ GPUProcessHost::GPUProcessHost(Listener* GPUProcessHost::~GPUProcessHost() { MOZ_COUNT_DTOR(GPUProcessHost); } bool GPUProcessHost::Launch(StringVector aExtraOpts) { MOZ_ASSERT(mLaunchPhase == LaunchPhase::Unlaunched); MOZ_ASSERT(!mGPUChild); MOZ_ASSERT(!gfxPlatform::IsHeadless()); #if defined(XP_WIN) && defined(MOZ_SANDBOX) - mSandboxLevel = Preferences::GetInt("security.sandbox.gpu.level"); + // If the user disables the VR process, the VR thread will run in the + // the GPU process. The GPU sandbox may not work and should be disabled in + // this case. + // This is a temporary workaround until VR process is stable. It should be + // removed once VR process is firmly in release. + if (gfxPrefs::VRProcessEnabled()) { + mSandboxLevel = Preferences::GetInt("security.sandbox.gpu.level"); + } else { + mSandboxLevel = 0; + } #endif mLaunchPhase = LaunchPhase::Waiting; mLaunchTime = TimeStamp::Now(); if (!GeckoChildProcessHost::AsyncLaunch(aExtraOpts)) { mLaunchPhase = LaunchPhase::Complete; return false;
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp +++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp @@ -596,17 +596,17 @@ void SandboxBroker::SetSecurityLevelForG // avoid changing their meaning. MOZ_RELEASE_ASSERT(aSandboxLevel >= 1, "Should not be called with aSandboxLevel < 1"); if (aSandboxLevel >= 2) { jobLevel = sandbox::JOB_NONE; accessTokenLevel = sandbox::USER_LIMITED; initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW; delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW; - } else if (aSandboxLevel == 1) { + } else { jobLevel = sandbox::JOB_NONE; accessTokenLevel = sandbox::USER_NON_ADMIN; initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW; delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW; } sandbox::ResultCode result = SetJobLevel(mPolicy, jobLevel, 0 /* ui_exceptions */);