x/mobile: seccomp filters os.Stat and print/println/panic on amd64 Android O

[eliasnaur]

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?

go version devel +672729ebbd Thu Mar 15 04:18:11 2018 +0000 linux/amd64

Does this issue reproduce with the latest release?

Yes.

What did you do?

Unpack seccomp.zip, start a 64 bit Android O emulator and then

$ cd seccomp
$ GOPATH=`pwd`:$GOPATH gomobile install -target=android/amd64 osstat
$ GOPATH=`pwd`:$GOPATH gomobile install -target=android/amd64 println

(the -target argument is to make sure the amd64 version is executed)

You may need to run go get -u golang.org/x/mobile/cmd/... and then gomobile init first.

The "osstat" app crashes with the following:

03-15 08:52:22.951  4070  4095 F libc    : Fatal signal 31 (SIGSYS), code 1 in tid 4095 (ng.todo.seccomp)
03-15 08:52:22.982  4099  4099 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-15 08:52:22.982  4099  4099 F DEBUG   : Build fingerprint: 'Android/sdk_gphone_x86_64/generic_x86_64:8.0.0/OSR1.170901.056/4497355:userdebug/dev-keys'
03-15 08:52:22.982  4099  4099 F DEBUG   : Revision: '0'
03-15 08:52:22.982  4099  4099 F DEBUG   : ABI: 'x86_64'
03-15 08:52:22.982  4099  4099 F DEBUG   : pid: 4070, tid: 4095, name: ng.todo.seccomp  >>> org.golang.todo.seccomp <<<
03-15 08:52:22.982  4099  4099 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
03-15 08:52:22.982  4099  4099 F DEBUG   : Cause: seccomp prevented call to disallowed x86_64 system call 0
03-15 08:52:22.982  4099  4099 F DEBUG   :     rax 0000000000000004  rbx 0000000000000000  rcx ffffffffffffffff  rdx 0000000000000000
03-15 08:52:22.982  4099  4099 F DEBUG   :     rsi 000000c00009e108  rdi 000000c0000a005c
03-15 08:52:22.982  4099  4099 F DEBUG   :     r8  0000000000000000  r9  0000000000000000  r10 0000000000000000  r11 0000000000000206
03-15 08:52:22.982  4099  4099 F DEBUG   :     r12 000000000000001a  r13 0000000000000011  r14 00007b6a1c7f0aeb  r15 0000000000000000
03-15 08:52:22.982  4099  4099 F DEBUG   :     cs  0000000000000033  ss  000000000000002b
03-15 08:52:22.982  4099  4099 F DEBUG   :     rip 00007b6a1c793090  rbp 000000c000029eb8  rsp 000000c000029e50  eflags 0000000000000206
03-15 08:52:22.983  4099  4099 F DEBUG   : 
03-15 08:52:22.983  4099  4099 F DEBUG   : backtrace:
03-15 08:52:22.983  4099  4099 F DEBUG   :     #00 pc 00000000000ec090  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (syscall.Syscall+48)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #01 pc 00000000000ebb86  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (syscall.Stat+150)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #02 pc 00000000000f579b  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (os.statNolog+91)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #03 pc 00000000000f54dc  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (os.Stat+76)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #04 pc 00000000001327d9  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (main.main.func1+57)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #05 pc 00000000001313bf  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (golang.org/x/mobile/app.mainUI.func1+63)
03-15 08:52:22.983  4099  4099 F DEBUG   :     #06 pc 00000000000da8a0  /data/app/org.golang.todo.seccomp-bXscMVTWmS_d-V0kAMIB7Q==/lib/x86_64/libseccomp.so (runtime.goexit)

It seems to me the "stat" syscall is blocked and have to be replaced (with fstatat?)

The "println" app crashes with:

03-15 08:54:48.531  4330  4353 F libc    : Fatal signal 31 (SIGSYS), code 1 in tid 4353 (ng.todo.println)
03-15 08:54:48.560  4356  4356 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-15 08:54:48.560  4356  4356 F DEBUG   : Build fingerprint: 'Android/sdk_gphone_x86_64/generic_x86_64:8.0.0/OSR1.170901.056/4497355:userdebug/dev-keys'
03-15 08:54:48.560  4356  4356 F DEBUG   : Revision: '0'
03-15 08:54:48.560  4356  4356 F DEBUG   : ABI: 'x86_64'
03-15 08:54:48.560  4356  4356 F DEBUG   : pid: 4330, tid: 4353, name: ng.todo.println  >>> org.golang.todo.println <<<
03-15 08:54:48.560  4356  4356 F DEBUG   : signal 31 (SIGSYS), code 1 (SYS_SECCOMP), fault addr --------
03-15 08:54:48.560  4356  4356 F DEBUG   : Cause: seccomp prevented call to disallowed x86_64 system call 0
03-15 08:54:48.560  4356  4356 F DEBUG   :     rax 0000000000000015  rbx 0000000000000000  rcx ffffffffffffffff  rdx 0000000000000000
03-15 08:54:48.560  4356  4356 F DEBUG   :     rsi 0000000000000002  rdi 00007b6a1c9b9b90
03-15 08:54:48.560  4356  4356 F DEBUG   :     r8  0000000000000003  r9  00007b6a1c8d78fb  r10 000000c0000621c0  r11 0000000000000206
03-15 08:54:48.560  4356  4356 F DEBUG   :     r12 000000000000000c  r13 00000000000000ff  r14 00007b6a1c8e9b6c  r15 0000000000000000
03-15 08:54:48.560  4356  4356 F DEBUG   :     cs  0000000000000033  ss  000000000000002b
03-15 08:54:48.560  4356  4356 F DEBUG   :     rip 00007b6a1c87cf10  rbp 000000c000024f00  rsp 000000c000024eb8  eflags 0000000000000206
03-15 08:54:48.561  4356  4356 F DEBUG   : 
03-15 08:54:48.561  4356  4356 F DEBUG   : backtrace:
03-15 08:54:48.562  4356  4356 F DEBUG   :     #00 pc 00000000000daf10  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.access+16)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #01 pc 00000000000d445f  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.writeErr+79)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #02 pc 00000000000af5c4  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.gwrite+276)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #03 pc 00000000000afd6c  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.printstring+124)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #04 pc 00000000001309aa  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (main.main.func1+58)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #05 pc 000000000012f58f  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (golang.org/x/mobile/app.mainUI.func1+63)
03-15 08:54:48.562  4356  4356 F DEBUG   :     #06 pc 00000000000d9720  /data/app/org.golang.todo.println-qgxvQhBbMBMVxtJvR8JWKQ==/lib/x86_64/libprintln.so (runtime.goexit)

The same crash happens if a panic() is being printed or if print() is called. It seems the "access" syscall is blocked and have to be replaced (by faccessat?).

The complete list of allowed syscalls is at https://android.googlesource.com/platform/bionic/+/android-4.2.2_r1.2/libc/SYSCALLS.TXT.

I checked both tests on android/386, android/arm and android/arm64 and they run without problems.

Related to #20409.

CC @aclements

[eliasnaur]

Depending on the fix, this might be 1.10.1 material.

[tklauser]

The fstatat and faccessat syscalls were added to Linux in kernel 2.6.16 and Go requires at least 2.6.23, so I think it would be OK to use them (at least from the compatibility perspective). Also, linux/arm64 already uses fstatat to implement syscall.Stat.

/cc @ianlancetaylor @bradfitz

[gopherbot]

Change https://golang.org/cl/100877 mentions this issue: runtime: use Android O friendly faccessat syscall on linux/amd64

[gopherbot]

Change https://golang.org/cl/100878 mentions this issue: syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64

[gopherbot]

Change https://golang.org/cl/102975 mentions this issue: [release-branch.go1.9] syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64

[gopherbot]

Change https://golang.org/cl/102976 mentions this issue: [release-branch.go1.10] syscall: use Android O friendly fstatat syscall to implement Stat on linux/amd64

[gopherbot]

Change https://golang.org/cl/102995 mentions this issue: [release-branch.go1.10] runtime: use Android O friendly faccessat syscall on linux/amd64

[gopherbot]

Change https://golang.org/cl/103195 mentions this issue: [release-branch.go1.9] runtime: use Android O friendly faccessat syscall on linux/amd64