runtime: don't call libc sigaction function in forked child

If we are using vfork, and if something (such as TSAN) is intercepting the sigaction function, then we must call the system call, not the libc function. Otherwise the intercepted sigaction call in the child may trash the data structures in the parent. Change-Id: Id9588bfeaa934f32c920bf829c5839be5cacf243 Reviewed-on: https://go-review.googlesource.com/50251Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com> Reviewed-by: Austin Clements <austin@google.com>

runtime: don't call libc sigaction function in forked child
If we are using vfork, and if something (such as TSAN) is intercepting the sigaction function, then we must call the system call, not the libc function. Otherwise the intercepted sigaction call in the child may trash the data structures in the parent. Change-Id: Id9588bfeaa934f32c920bf829c5839be5cacf243 Reviewed-on: https://go-review.googlesource.com/50251Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com> Reviewed-by: Austin Clements <austin@google.com>
28f650a2 · Ian Lance Taylor · 5125a967 · 28f650a2 · 28f650a2
Commit 28f650a2 authored Jul 20, 2017 by Ian Lance Taylor
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 1 deletion

cgo_sigaction.go src/runtime/cgo_sigaction.go +1 -1

proc.go src/runtime/proc.go +17 -0

No files found.
--- a/src/runtime/cgo_sigaction.go
+++ b/src/runtime/cgo_sigaction.go
@@ -30,7 +30,7 @@ func rt_sigaction(sig uintptr, new, old *sigactiont, size uintptr) int32 {

 	var ret int32

-	if _cgo_sigaction == nil {
+	if _cgo_sigaction == nil || inForkedChild {
 		ret = sysSigaction(sig, new, old, size)
 	} else {
 		// We need to call _cgo_sigaction, which means we need a big enough stack

--- a/src/runtime/proc.go
+++ b/src/runtime/proc.go
@@ -2851,18 +2851,35 @@ func syscall_runtime_AfterFork() {
 	systemstack(afterfork)
 }

+// inForkedChild is true while manipulating signals in the child process.
+// This is used to avoid calling libc functions in case we are using vfork.
+var inForkedChild bool
+
 // Called from syscall package after fork in child.
 // It resets non-sigignored signals to the default handler, and
 // restores the signal mask in preparation for the exec.
+//
+// Because this might be called during a vfork, and therefore may be
+// temporarily sharing address space with the parent process, this must
+// not change any global variables or calling into C code that may do so.
+//
 //go:linkname syscall_runtime_AfterForkInChild syscall.runtime_AfterForkInChild
 //go:nosplit
 //go:nowritebarrierrec
 func syscall_runtime_AfterForkInChild() {
+	// It's OK to change the global variable inForkedChild here
+	// because we are going to change it back. There is no race here,
+	// because if we are sharing address space with the parent process,
+	// then the parent process can not be running concurrently.
+	inForkedChild = true
+
 	clearSignalHandlers()

 	// When we are the child we are the only thread running,
 	// so we know that nothing else has changed gp.m.sigmask.
 	msigrestore(getg().m.sigmask)
+
+	inForkedChild = false
 }

 // Called from syscall package before Exec.