Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: crashes on Android O #23750

Closed
zx2c4 opened this issue Feb 8, 2018 · 8 comments
Closed

runtime: crashes on Android O #23750

zx2c4 opened this issue Feb 8, 2018 · 8 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone

Comments

@zx2c4
Copy link
Contributor

zx2c4 commented Feb 8, 2018

Android O has a seccomp filter.

Unfortunately it disallows use of open and epoll_wait, which are used by the Go runtime. Fortunately, it allows for openat and epoll_pwait, which map directly to the former ones by passing them the right arguments.

So far as I can see, these support open and epoll_wait:

So far as I can see, these support openat and epoll_pwait:

In other words, 64-bit architectures are affected. ARM64 was already fixed. This CL fixes the remaining two architectures: https://go-review.googlesource.com/c/go/+/92895

@ianlancetaylor ianlancetaylor added the NeedsFix The path to resolution is known, but the work has not been done. label Feb 8, 2018
@ianlancetaylor ianlancetaylor added this to the Go1.9.5 milestone Feb 8, 2018
@ianlancetaylor
Copy link
Contributor

Marking for 1.9.5, but note that this is also not fixed in 1.10. We need some way to get a sense of whether the patches will work on a range of systems; likely they will but some experience is needed. Probably best to commit them after 1.10 branches, and then consider backports to 1.10.1 and 1.9.5.

@gopherbot
Copy link

Change https://golang.org/cl/92895 mentions this issue: runtime: use Android O friendly syscalls on 64-bit machines

@zx2c4
Copy link
Contributor Author

zx2c4 commented Feb 13, 2018

@ianlancetaylor This should probably be reopened until 04e6ae6 is backported to 1.9 and 1.10 branches.

@andybons
Copy link
Member

andybons commented Mar 27, 2018

CL 102792 OK for Go 1.10.1
CL 103035 OK for Go 1.10.1
CL 102995 OK for Go 1.10.1
CL 100878 OK for Go 1.10.1

@andybons andybons added CherryPickApproved Used during the release process for point releases and removed NeedsFix The path to resolution is known, but the work has not been done. labels Mar 27, 2018
@gopherbot
Copy link

Change https://golang.org/cl/102791 mentions this issue: [release-branch.go1.9] runtime: use Android O friendly syscalls on 64-bit machines

@gopherbot
Copy link

Change https://golang.org/cl/102792 mentions this issue: [release-branch.go1.10] runtime: use Android O friendly syscalls on 64-bit machines

@ianlancetaylor
Copy link
Contributor

ianlancetaylor commented Mar 28, 2018

Looks like we should also include CL 100877 and 100878 in 1.10.1 and 1.9.5.

@andybons
Copy link
Member

Done.

gopherbot pushed a commit that referenced this issue Mar 29, 2018
…4-bit machines

Android O disallows open on 64-bit, so let's use openat with AT_FDCWD to
achieve the same behavior.

Android O disallows epoll_wait on 64-bit, so let's use epoll_pwait with
the last argument as NULL to achieve the same behavior.

See here:
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/arm64_app_policy.cpp
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/mips64_app_policy.cpp
https://android.googlesource.com/platform/bionic/+/master/libc/seccomp/x86_64_app_policy.cpp

Fixes #23750

Change-Id: If8d5a663357471e5d2c1f516151344a9d05b188a
Reviewed-on: https://go-review.googlesource.com/92895
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/102792
Run-TryBot: Andrew Bonventre <andybons@golang.org>
henryoswald pushed a commit to overleaf/clsi that referenced this issue Jan 24, 2019
Last year golang changed from epoll_wait to epoll_pwait golang/go#23750

This causes golang panic errors on mac when running secomp secure compiles using docker 18.09.1. It may start to become a problem on linux where we are running on 17.03.2-ce in production.
@golang golang locked and limited conversation to collaborators Mar 29, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Development

No branches or pull requests

5 participants