Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/mobile: gomobile apps using syscall.Lstat() are blocked by seccomp on Android O and P #27797

Closed
Qheb opened this issue Sep 21, 2018 · 6 comments
Closed

x/mobile: gomobile apps using syscall.Lstat() are blocked by seccomp on Android O and P #27797

Qheb opened this issue Sep 21, 2018 · 6 comments
Labels
FrozenDueToAge mobile Android, iOS, and x/mobile NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@Qheb
Copy link

Qheb commented Sep 21, 2018

What version of Go are you using (go version)?

go version go1.11 linux/amd64

Does this issue reproduce with the latest release?

Yes, reproduced with go1.11 and go1.10.4

What operating system and processor architecture are you using (go env)?

Android emulator API 26 to 28 (Android O and P) arch x86_64. The issue does not seem to occur on real Android devices (arch ARM).

What did you do?

Calling anything using syscall.Lstat() from the Go code.
For example ioutil.ReadDir(), os.Rename, os.RemoveAll, ...

What did you expect to see?

No crash

What did you see instead?

A crash due to Android seccomp filter:

F  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
F  Build fingerprint: 'Android/sdk_gphone_x86_64/generic_x86_64:8.0.0/OSR1.180418.004/4931640:userdebug/dev-keys'
F  Revision: '0'
F  ABI: 'x86_64'
F  pid: 16035, tid: 16061, name: Thread-7
F  signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
F  Cause: seccomp prevented call to disallowed x86_64 system call 0
F      rax 0000000000000006  rbx 0000000000000000  rcx ffffffffffffffff  rdx 0000000000000000
F      rsi 000000c000592038  rdi 000000c0013ac150
F      r8  0000000000000000  r9  0000000000000000  r10 0000000000000000  r11 0000000000000202
F      r12 ffffffffffffffff  r13 0000000000000004  r14 0000000000000003  r15 0000000000000049
F      cs  0000000000000033  ss  000000000000002b
F      rip 00007d075a225be0  rbp 000000c000dd4e00  rsp 000000c000dd4da0  eflags 0000000000000202
F  backtrace:
syscall.Syscall
/usr/local/go/src/syscall/asm_linux_amd64.s:27
os.lstatNolog
/usr/local/go/src/os/stat_unix.go:42
os.Lstat
/usr/local/go/src/os/stat.go:22
os.RemoveAll
/usr/local/go/src/os/path.go:75
[...]

This issue is quite similar to #20409 with lstat(2) instead of select(2):

Therefore, I think a similar fix would be to replace lstat(2) with fstatat(2) in Golang.
This seems to have been already done in https://golang.org/src/syscall/syscall_linux_arm64.go (line 47), this explains why the issue is not reproduced on real Android devices. But the issue still exists on emulators which uses the x86_64 architecture.
@gopherbot gopherbot added this to the Unreleased milestone Sep 21, 2018
@gopherbot gopherbot added the mobile Android, iOS, and x/mobile label Sep 21, 2018
@steeve
Copy link
Contributor

steeve commented Sep 21, 2018
edited

I can reproduce the issue too. It's failing only on x86_64, x86 works.

@steeve
Copy link
Contributor

steeve commented Sep 21, 2018
edited

@Qheb I don't see the change in https://golang.org/src/syscall/syscall_linux_386.go though, and yet it works.

@bcmills
Copy link
Contributor

bcmills commented Sep 22, 2018

CC: @eliasnaur @hyangah

@bcmills bcmills added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 22, 2018
@gopherbot
Copy link

Change https://golang.org/cl/136795 mentions this issue: syscall: replace lstat, lchown, stat to please Android O

@steeve
Copy link
Contributor

steeve commented Sep 22, 2018

that was fast

@Qheb
Copy link
Author

Qheb commented Sep 24, 2018

@Qheb I don't see the change in https://golang.org/src/syscall/syscall_linux_386.go though, and yet it works.

@steeve I didn't notice, but SECCOMP is actually not blocking lstat on x86. I think the important change in https://golang.org/src/syscall/syscall_linux_386.go is at line 66:

//sys	Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64

lstat64 seems to be used instead of lstat. And it turns out that lstat64 is in one of the SECCOMP whitelists for arm, x86 and mips architectures:

int	lstat64:lstat64(const char*, struct stat64*)	arm,x86,mips

Anyway, that was indeed fast, thank you @eliasnaur for this fix.

@golang golang locked and limited conversation to collaborators Sep 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge mobile Android, iOS, and x/mobile NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@steeve @bcmills @gopherbot @Qheb