• Austin Clements's avatar
    runtime: run libc SIGSETXID and SIGCANCEL handlers on signal stack · 675eb72c
    Austin Clements authored
    These signals are used by glibc to broadcast setuid/setgid to all
    threads and to send pthread cancellations.  Unlike other signals, the
    Go runtime does not intercept these because they must invoke the libc
    handlers (see issues #3871 and #6997).  However, because 1) these
    signals may be issued asynchronously by a thread running C code to
    another thread running Go code and 2) glibc does not set SA_ONSTACK
    for its handlers, glibc's signal handler may be run on a Go stack.
    Signal frames range from 1.5K on amd64 to many kilobytes on ppc64, so
    this may overflow the Go stack and corrupt heap (or other stack) data.
    
    Fix this by ensuring that these signal handlers have the SA_ONSTACK
    flag (but not otherwise taking over the handler).
    
    This has been a problem since Go 1.1, but it's likely that people
    haven't encountered it because it only affects setuid/setgid and
    pthread_cancel.
    
    Fixes #9600.
    
    Change-Id: I6cf5f5c2d3aa48998d632f61f1ddc2778dcfd300
    Reviewed-on: https://go-review.googlesource.com/1887Reviewed-by: 's avatarIan Lance Taylor <iant@golang.org>
    675eb72c
runtime2.go 18.7 KB