mirror of
https://github.com/golang/go.git
synced 2025-12-08 06:10:04 +00:00
runtime: don't call cgocallback from signal handler
Calling cgocallback from a signal handler can fail when using the race detector. Calling cgocallback will lead to a call to newextram which will call oneNewExtraM which will call racegostart. The racegostart function will set up some race detector data structures, and doing that will sometimes call the C memory allocator. If we are running the signal handler from a signal that interrupted the C memory allocator, we will crash or hang. Instead, change the signal handler code to call needm and dropm. The needm function will grab allocated m and g structures and initialize the g to use the current stack--the signal stack. That is all we need to safely call code that allocates memory and checks whether it needs to split the stack. This may temporarily leave us with no m available to run a cgo callback, but that is OK in this case since the code we call will quickly either crash or call dropm to return the m. Implementing this required changing some of the setSignalstackSP functions to avoid a write barrier. These functions never need a write barrier but in some cases generated one anyhow because on some systems the ss_sp field is a pointer. Change-Id: I3893f47c3a66278f85eab7f94c1ab11d4f3be133 Reviewed-on: https://go-review.googlesource.com/30218 Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
This commit is contained in:
Ian Lance Taylor
parent
7faf702396
commit
6c13a1db2e
6 changed files with 143 additions and 10 deletions
|
|
@ -221,12 +221,16 @@ func sigtrampgo(sig uint32, info *siginfo, ctx unsafe.Pointer) {
|
|||
sigaltstack(nil, &st)
|
||||
if st.ss_flags&_SS_DISABLE != 0 {
|
||||
setg(nil)
|
||||
cgocallback(unsafe.Pointer(funcPC(noSignalStack)), noescape(unsafe.Pointer(&sig)), unsafe.Sizeof(sig), 0)
|
||||
needm(0)
|
||||
noSignalStack(sig)
|
||||
dropm()
|
||||
}
|
||||
stsp := uintptr(unsafe.Pointer(st.ss_sp))
|
||||
if sp < stsp || sp >= stsp+st.ss_size {
|
||||
setg(nil)
|
||||
cgocallback(unsafe.Pointer(funcPC(sigNotOnStack)), noescape(unsafe.Pointer(&sig)), unsafe.Sizeof(sig), 0)
|
||||
needm(0)
|
||||
sigNotOnStack(sig)
|
||||
dropm()
|
||||
}
|
||||
setGsignalStack(&st)
|
||||
g.m.gsignal.stktopsp = getcallersp(unsafe.Pointer(&sig))
|
||||
|
|
@ -422,7 +426,7 @@ func ensureSigM() {
|
|||
|
||||
// This is called when we receive a signal when there is no signal stack.
|
||||
// This can only happen if non-Go code calls sigaltstack to disable the
|
||||
// signal stack. This is called via cgocallback to establish a stack.
|
||||
// signal stack.
|
||||
func noSignalStack(sig uint32) {
|
||||
println("signal", sig, "received on thread with no signal stack")
|
||||
throw("non-Go code disabled sigaltstack")
|
||||
|
|
@ -441,15 +445,13 @@ func sigNotOnStack(sig uint32) {
|
|||
//go:norace
|
||||
//go:nowritebarrierrec
|
||||
func badsignal(sig uintptr, c *sigctxt) {
|
||||
cgocallback(unsafe.Pointer(funcPC(badsignalgo)), noescape(unsafe.Pointer(&sig)), unsafe.Sizeof(sig)+unsafe.Sizeof(c), 0)
|
||||
}
|
||||
|
||||
func badsignalgo(sig uintptr, c *sigctxt) {
|
||||
needm(0)
|
||||
if !sigsend(uint32(sig)) {
|
||||
// A foreign thread received the signal sig, and the
|
||||
// Go code does not want to handle it.
|
||||
raisebadsignal(uint32(sig), c)
|
||||
}
|
||||
dropm()
|
||||
}
|
||||
|
||||
//go:noescape
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue