x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403

eliasnaur · 2018-03-15T08:07:56Z

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (`go version`)?

go version devel +672729ebbd Thu Mar 15 04:18:11 2018 +0000 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What did you do?

Unpack seccomp.zip, start a 64 bit Android O emulator and then

$ cd seccomp
$ GOPATH=`pwd`:$GOPATH gomobile install -target=android/amd64 osstat
$ GOPATH=`pwd`:$GOPATH gomobile install -target=android/amd64 println

(the -target argument is to make sure the amd64 version is executed)

You may need to run go get -u golang.org/x/mobile/cmd/... and then gomobile init first.

The "osstat" app crashes with the following:

03-15 08:52:22.951  4070  4095 F libc    : Fatal signal 31 (SIGSYS), code 1 in tid 4095 (ng.todo.seccomp)
03-15 08:52:22.982  4099  4099 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-15 08:52:22.982  4099  4099 F DEBUG   : Build fingerprint: 'Android/sdk_gphone_x86_64/generic_x86_64:8.0.0/OSR1.170901.056/4497355:userdebug/dev-keys'
03-15 08:52:22.982  4099  4099 F DEBUG   : Revision: '0'
03-15 08:52:22.982  4099  4099 F DEBUG   : ABI: 'x86_64'
03-15 08:52:22.982  4099  4099 F DEBUG   : pid: 4070, tid: 4095, name: ng.todo.seccomp  >>> org.golang.todo.seccomp <<<
03-15 08:52:22.982  4099  4099 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
03-15 08:52:22.982  4099  4099 F DEBUG   : Cause: seccomp prevented call to disallowed x86_64 system call 0
03-15 08:52:22.982  4099  4099 F DEBUG   :     rax 0000000000000004  rbx 0000000000000000  rcx ffffffffffffffff  rdx 0000000000000000
03-15 08:52:22.982  4099  4099 F DEBUG   :     rsi 000000c00009e108  rdi 000000c0000a005c
03-15 08:52:22.982  4099  4099 F DEBUG   :     r8  0000000000000000  r9  0000000000000000  r10 0000000000000000  r11 0000000000000206
03-15 08:52:22.982  4099  4099 F DEBUG   :     r12 000000000000001a  r13 0000000000000011  r14 00007b6a1c7f0aeb  r15 0000000000000000
03-15 08:52:22.982  4099  4099 F DEBUG   :     cs  0000000000000033  ss  000000000000002b
03-15 08:52:22.982  4099  4099 F DEBUG   :     rip 00007b6a1c793090  rbp 000000c000029eb8  rsp 000000c000029e50  eflags 0000000000000206
03-15 08:52:22.983  4099  4099 F DEBUG   : 
03-15 08:52:22.983  4099  4099 F DEBUG   : backtrace:
03-15 08:52:22.983  4099  4099 F DEBUG   :     #00 pc 00000000000ec090  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (syscall.Syscall+48)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #01 pc 00000000000ebb86  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (syscall.Stat+150)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #02 pc 00000000000f579b  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (os.statNolog+91)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #03 pc 00000000000f54dc  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (os.Stat+76)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #04 pc 00000000001327d9  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (main.main.func1+57)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #05 pc 00000000001313bf  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (golang.org/x/mobile/app.mainUI.func1+63)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #06 pc 00000000000da8a0  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (runtime.goexit)

It seems to me the "stat" syscall is blocked and have to be replaced (with fstatat?)

The "println" app crashes with:

03-15 08:54:48.531  4330  4353 F libc    : Fatal signal 31 (SIGSYS), code 1 in tid 4353 (ng.todo.println)
03-15 08:54:48.560  4356  4356 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-15 08:54:48.560  4356  4356 F DEBUG   : Build fingerprint: 'Android/sdk_gphone_x86_64/generic_x86_64:8.0.0/OSR1.170901.056/4497355:userdebug/dev-keys'
03-15 08:54:48.560  4356  4356 F DEBUG   : Revision: '0'
03-15 08:54:48.560  4356  4356 F DEBUG   : ABI: 'x86_64'
03-15 08:54:48.560  4356  4356 F DEBUG   : pid: 4330, tid: 4353, name: ng.todo.println  >>> org.golang.todo.println <<<
03-15 08:54:48.560  4356  4356 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
03-15 08:54:48.560  4356  4356 F DEBUG   : Cause: seccomp prevented call to disallowed x86_64 system call 0
03-15 08:54:48.560  4356  4356 F DEBUG   :     rax 0000000000000015  rbx 0000000000000000  rcx ffffffffffffffff  rdx 0000000000000000
03-15 08:54:48.560  4356  4356 F DEBUG   :     rsi 0000000000000002  rdi 00007b6a1c9b9b90
03-15 08:54:48.560  4356  4356 F DEBUG   :     r8  0000000000000003  r9  00007b6a1c8d78fb  r10 000000c0000621c0  r11 0000000000000206
03-15 08:54:48.560  4356  4356 F DEBUG   :     r12 000000000000000c  r13 00000000000000ff  r14 00007b6a1c8e9b6c  r15 0000000000000000
03-15 08:54:48.560  4356  4356 F DEBUG   :     cs  0000000000000033  ss  000000000000002b
03-15 08:54:48.560  4356  4356 F DEBUG   :     rip 00007b6a1c87cf10  rbp 000000c000024f00  rsp 000000c000024eb8  eflags 0000000000000206
03-15 08:54:48.561  4356  4356 F DEBUG   : 
03-15 08:54:48.561  4356  4356 F DEBUG   : backtrace:
03-15 08:54:48.562  4356  4356 F DEBUG   :     #00 pc 00000000000daf10  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.access+16)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #01 pc 00000000000d445f  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.writeErr+79)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #02 pc 00000000000af5c4  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.gwrite+276)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #03 pc 00000000000afd6c  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.printstring+124)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #04 pc 00000000001309aa  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (main.main.func1+58)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #05 pc 000000000012f58f  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (golang.org/x/mobile/app.mainUI.func1+63)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #06 pc 00000000000d9720  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.goexit)

The same crash happens if a panic() is being printed or if print() is called. It seems the "access" syscall is blocked and have to be replaced (by faccessat?).

The complete list of allowed syscalls is at https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT.

I checked both tests on android/386, android/arm and android/arm64 and they run without problems.

Related to #20409.

CC @aclements

The text was updated successfully, but these errors were encountered:

eliasnaur · 2018-03-15T08:10:57Z

Depending on the fix, this might be 1.10.1 material.

tklauser · 2018-03-15T09:21:01Z

The fstatat and faccessat syscalls were added to Linux in kernel 2.6.16 and Go requires at least 2.6.23, so I think it would be OK to use them (at least from the compatibility perspective). Also, linux/arm64 already uses fstatat to implement syscall.Stat.

/cc @ianlancetaylor @bradfitz

gopherbot · 2018-03-15T09:30:30Z

Change https://golang.org/cl/100877 mentions this issue: runtime: use Android O friendly faccessat syscall on linux/amd64

gopherbot · 2018-03-15T09:47:29Z

Change https://golang.org/cl/100878 mentions this issue: syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64

The Android O seccomp policy disallows the access syscall on amd64, see https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT Use the faccessat syscall with AT_FDCWD instead to achieve the same behavior. Updates #24403 Change-Id: I9db847c1c0f33987a3479b3f96e721fb9588cde2 Reviewed-on: https://go-review.googlesource.com/100877 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

gopherbot · 2018-03-28T15:33:27Z

Change https://golang.org/cl/102975 mentions this issue: [release-branch.go1.9] syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64

gopherbot · 2018-03-28T15:34:44Z

Change https://golang.org/cl/102976 mentions this issue: [release-branch.go1.10] syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64

gopherbot · 2018-03-28T15:44:59Z

Change https://golang.org/cl/102995 mentions this issue: [release-branch.go1.10] runtime: use Android O friendly faccessat syscall on linux/amd64

gopherbot · 2018-03-28T19:42:40Z

Change https://golang.org/cl/103195 mentions this issue: [release-branch.go1.9] runtime: use Android O friendly faccessat syscall on linux/amd64

…call on linux/amd64 The Android O seccomp policy disallows the access syscall on amd64, see https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT Use the faccessat syscall with AT_FDCWD instead to achieve the same behavior. Updates #24403 Change-Id: I9db847c1c0f33987a3479b3f96e721fb9588cde2 Reviewed-on: https://go-review.googlesource.com/100877 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-on: https://go-review.googlesource.com/102995 Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>

…ll to implement Stat on linux/amd64 The Android O seccomp policy disallows the stat syscall on amd64, see https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT Use the fstatat syscall with AT_FDCWD and zero flags instead to achieve the same behavior. Fixes #24403 Change-Id: I36fc9ec9bc938cd8e9de30f66c0eb9d2e24debf6 Reviewed-on: https://go-review.googlesource.com/100878 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Reviewed-by: Elias Naur <elias.naur@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-on: https://go-review.googlesource.com/102976 Run-TryBot: Andrew Bonventre <andybons@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>

gopherbot added this to the Unreleased milestone Mar 15, 2018

gopherbot added the mobile label Mar 15, 2018

eliasnaur changed the title ~~x/mobile: seccomp filters os.Stat and print/println/panic on Android O~~ x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O Mar 15, 2018

gopherbot closed this in 1073256 Mar 15, 2018

golang locked and limited conversation to collaborators Mar 28, 2019

gopherbot added the FrozenDueToAge label Mar 28, 2019

golang / go

x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403

x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403

eliasnaur commented Mar 15, 2018 •

edited

eliasnaur commented Mar 15, 2018

tklauser commented Mar 15, 2018

gopherbot commented Mar 15, 2018

gopherbot commented Mar 15, 2018

gopherbot commented Mar 28, 2018

gopherbot commented Mar 28, 2018

gopherbot commented Mar 28, 2018

gopherbot commented Mar 28, 2018

golang / go

x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403

x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O #24403

Comments

eliasnaur commented Mar 15, 2018 • edited

What version of Go are you using (go version)?

Does this issue reproduce with the latest release?

What did you do?

eliasnaur commented Mar 15, 2018

tklauser commented Mar 15, 2018

gopherbot commented Mar 15, 2018

gopherbot commented Mar 15, 2018

gopherbot commented Mar 28, 2018

gopherbot commented Mar 28, 2018

gopherbot commented Mar 28, 2018

gopherbot commented Mar 28, 2018

eliasnaur commented Mar 15, 2018 •

edited

What version of Go are you using (`go version`)?