Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: crashes on Android O #23750

Closed
zx2c4 opened this issue Feb 8, 2018 · 8 comments

Comments

Projects
None yet
5 participants
@zx2c4
Copy link
Contributor

commented Feb 8, 2018

Android O has a seccomp filter.

Unfortunately it disallows use of open and epoll_wait, which are used by the Go runtime. Fortunately, it allows for openat and epoll_pwait, which map directly to the former ones by passing them the right arguments.

So far as I can see, these support open and epoll_wait:

So far as I can see, these support openat and epoll_pwait:

In other words, 64-bit architectures are affected. ARM64 was already fixed. This CL fixes the remaining two architectures: https://go-review.googlesource.com/c/go/+/92895

@ianlancetaylor ianlancetaylor added this to the Go1.9.5 milestone Feb 8, 2018

@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

commented Feb 8, 2018

Marking for 1.9.5, but note that this is also not fixed in 1.10. We need some way to get a sense of whether the patches will work on a range of systems; likely they will but some experience is needed. Probably best to commit them after 1.10 branches, and then consider backports to 1.10.1 and 1.9.5.

@gopherbot

This comment has been minimized.

Copy link

commented Feb 8, 2018

Change https://golang.org/cl/92895 mentions this issue: runtime: use Android O friendly syscalls on 64-bit machines

@gopherbot gopherbot closed this in 04e6ae6 Feb 13, 2018

@zx2c4

This comment has been minimized.

Copy link
Contributor Author

commented Feb 13, 2018

@ianlancetaylor This should probably be reopened until 04e6ae6 is backported to 1.9 and 1.10 branches.

@andybons

This comment has been minimized.

Copy link
Member

commented Mar 27, 2018

CL 102792 OK for Go 1.10.1
CL 103035 OK for Go 1.10.1
CL 102995 OK for Go 1.10.1
CL 100878 OK for Go 1.10.1

@gopherbot

This comment has been minimized.

Copy link

commented Mar 28, 2018

Change https://golang.org/cl/102791 mentions this issue: [release-branch.go1.9] runtime: use Android O friendly syscalls on 64-bit machines

@gopherbot

This comment has been minimized.

Copy link

commented Mar 28, 2018

Change https://golang.org/cl/102792 mentions this issue: [release-branch.go1.10] runtime: use Android O friendly syscalls on 64-bit machines

@ianlancetaylor

This comment has been minimized.

Copy link
Contributor

commented Mar 28, 2018

Looks like we should also include CL 100877 and 100878 in 1.10.1 and 1.9.5.

@andybons

This comment has been minimized.

Copy link
Member

commented Mar 28, 2018

Done.

gopherbot pushed a commit that referenced this issue Mar 29, 2018

[release-branch.go1.10] runtime: use Android O friendly syscalls on 6…
…4-bit machines

Android O disallows open on 64-bit, so let's use openat with AT_FDCWD to
achieve the same behavior.

Android O disallows epoll_wait on 64-bit, so let's use epoll_pwait with
the last argument as NULL to achieve the same behavior.

See here:
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/arm64_app_policy.cpp
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/mips64_app_policy.cpp
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/x86_64_app_policy.cpp

Fixes #23750

Change-Id: If8d5a663357471e5d2c1f516151344a9d05b188a
Reviewed-on: https://go-review.googlesource.com/92895
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/102792
Run-TryBot: Andrew Bonventre <andybons@golang.org>

@andybons andybons closed this Mar 29, 2018

henryoswald added a commit to overleaf/clsi that referenced this issue Jan 24, 2019

add epoll_pwait to secomp profile
Last year golang changed from epoll_wait to epoll_pwait golang/go#23750

This causes golang panic errors on mac when running secomp secure compiles using docker 18.09.1. It may start to become a problem on linux where we are running on 17.03.2-ce in production.

@golang golang locked and limited conversation to collaborators Mar 29, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.