Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/mobile: gomobile apps using syscall.Lstat() are blocked by seccomp on Android O and P #27797

Closed
Qheb opened this issue Sep 21, 2018 · 6 comments

Comments

Projects
None yet
4 participants
@Qheb
Copy link

commented Sep 21, 2018

What version of Go are you using (go version)?

go version go1.11 linux/amd64

Does this issue reproduce with the latest release?

Yes, reproduced with go1.11 and go1.10.4

What operating system and processor architecture are you using (go env)?

Android emulator API 26 to 28 (Android O and P) arch x86_64. The issue does not seem to occur on real Android devices (arch ARM).

What did you do?

Calling anything using syscall.Lstat() from the Go code.
For example ioutil.ReadDir(), os.Rename, os.RemoveAll, ...

What did you expect to see?

No crash

What did you see instead?

A crash due to Android seccomp filter:

F  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
F  Build fingerprint: 'Android/sdk_gphone_x86_64/generic_x86_64:8.0.0/OSR1.180418.004/4931640:userdebug/dev-keys'
F  Revision: '0'
F  ABI: 'x86_64'
F  pid: 16035, tid: 16061, name: Thread-7
F  signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
F  Cause: seccomp prevented call to disallowed x86_64 system call 0
F      rax 0000000000000006  rbx 0000000000000000  rcx ffffffffffffffff  rdx 0000000000000000
F      rsi 000000c000592038  rdi 000000c0013ac150
F      r8  0000000000000000  r9  0000000000000000  r10 0000000000000000  r11 0000000000000202
F      r12 ffffffffffffffff  r13 0000000000000004  r14 0000000000000003  r15 0000000000000049
F      cs  0000000000000033  ss  000000000000002b
F      rip 00007d075a225be0  rbp 000000c000dd4e00  rsp 000000c000dd4da0  eflags 0000000000000202
F  backtrace:
syscall.Syscall
/usr/local/go/src/syscall/asm_linux_amd64.s:27
os.lstatNolog
/usr/local/go/src/os/stat_unix.go:42
os.Lstat
/usr/local/go/src/os/stat.go:22
os.RemoveAll
/usr/local/go/src/os/path.go:75
[...]

This issue is quite similar to #20409 with lstat(2) instead of select(2):

Therefore, I think a similar fix would be to replace lstat(2) with fstatat(2) in Golang.
This seems to have been already done in https://golang.org/src/syscall/syscall_linux_arm64.go (line 47), this explains why the issue is not reproduced on real Android devices. But the issue still exists on emulators which uses the x86_64 architecture.

@gopherbot gopherbot added this to the Unreleased milestone Sep 21, 2018

@gopherbot gopherbot added the mobile label Sep 21, 2018

@steeve

This comment has been minimized.

Copy link
Contributor

commented Sep 21, 2018

I can reproduce the issue too. It's failing only on x86_64, x86 works.

@steeve

This comment has been minimized.

Copy link
Contributor

commented Sep 21, 2018

@Qheb I don't see the change in https://golang.org/src/syscall/syscall_linux_386.go though, and yet it works.

@bcmills

This comment has been minimized.

Copy link
Member

commented Sep 22, 2018

@gopherbot

This comment has been minimized.

Copy link

commented Sep 22, 2018

Change https://golang.org/cl/136795 mentions this issue: syscall: replace lstat, lchown, stat to please Android O

@steeve

This comment has been minimized.

Copy link
Contributor

commented Sep 22, 2018

that was fast

steeve added a commit to znly/go that referenced this issue Sep 22, 2018

syscall: replace lstat, lchown, stat to please Android O
Implement Lstat with fstatat and Lchown with Fchownat on
linux/amd64, linux/arm and linux/386. Furthermore, implement Stat
with fstatat on linux/arm and linux/386. Linux/arm64 already had
similar replacements.

The fstatat and fchownat system calls were added in kernel 2.6.16,
which is before the Go minimum, 2.6.23.

The three syscalls then match the android bionic implementation
and avoids the Android O seccomp filter.

Fixes golang#27797

Change-Id: I07fd5506955d454a1a660fef5af0e1ac1ecb0959
@Qheb

This comment has been minimized.

Copy link
Author

commented Sep 24, 2018

@Qheb I don't see the change in https://golang.org/src/syscall/syscall_linux_386.go though, and yet it works.

@steeve I didn't notice, but SECCOMP is actually not blocking lstat on x86. I think the important change in https://golang.org/src/syscall/syscall_linux_386.go is at line 66:

//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64

lstat64 seems to be used instead of lstat. And it turns out that lstat64 is in one of the SECCOMP whitelists for arm, x86 and mips architectures:

int	lstat64:lstat64(const char*, struct stat64*)	arm,x86,mips

Anyway, that was indeed fast, thank you @eliasnaur for this fix.

@gopherbot gopherbot closed this in f25656d Sep 24, 2018

steeve added a commit to znly/go that referenced this issue Sep 24, 2018

syscall: replace lstat, lchown, stat to please Android O
Implement Lstat with fstatat and Lchown with Fchownat on
linux/amd64, linux/arm and linux/386. Furthermore, implement Stat
with fstatat on linux/arm and linux/386. Linux/arm64 already had
similar replacements.

The fstatat and fchownat system calls were added in kernel 2.6.16,
which is before the Go minimum, 2.6.23.

The three syscalls then match the android bionic implementation
and avoids the Android O seccomp filter.

Fixes golang#27797

Change-Id: I07fd5506955d454a1a660fef5af0e1ac1ecb0959
Reviewed-on: https://go-review.googlesource.com/136795
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

steeve added a commit to znly/go that referenced this issue Oct 2, 2018

syscall: replace lstat, lchown, stat to please Android O
Implement Lstat with fstatat and Lchown with Fchownat on
linux/amd64, linux/arm and linux/386. Furthermore, implement Stat
with fstatat on linux/arm and linux/386. Linux/arm64 already had
similar replacements.

The fstatat and fchownat system calls were added in kernel 2.6.16,
which is before the Go minimum, 2.6.23.

The three syscalls then match the android bionic implementation
and avoids the Android O seccomp filter.

Fixes golang#27797

Change-Id: I07fd5506955d454a1a660fef5af0e1ac1ecb0959
Reviewed-on: https://go-review.googlesource.com/136795
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

steeve added a commit to znly/go that referenced this issue Nov 5, 2018

syscall: replace lstat, lchown, stat to please Android O
Implement Lstat with fstatat and Lchown with Fchownat on
linux/amd64, linux/arm and linux/386. Furthermore, implement Stat
with fstatat on linux/arm and linux/386. Linux/arm64 already had
similar replacements.

The fstatat and fchownat system calls were added in kernel 2.6.16,
which is before the Go minimum, 2.6.23.

The three syscalls then match the android bionic implementation
and avoids the Android O seccomp filter.

Fixes golang#27797

Change-Id: I07fd5506955d454a1a660fef5af0e1ac1ecb0959
Reviewed-on: https://go-review.googlesource.com/136795
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.