runtime: fix infinite loop in lockextra on linux/arm

nyuichi · nyuichi · commit 6640ea9478af · 2019-10-11T02:24:04.000-07:00
This commit fixes issue golang#34391, which is due to an incorrect patch merged in golang#34030. sigtrampgo is modified to record incoming signals in a globally shared atomic bitmask during when the G register is clobbered. When the execution exits from vdso it checks if there is a pending signal it re-raises them to its own process.
diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go
@@ -274,19 +274,37 @@ func sigpipe() {
 	dieFromSignal(_SIGPIPE)
 }
 
-// sigFetchG fetches the value of G safely when running in a signal handler.
 // On some architectures, the g value may be clobbered when running in a VDSO.
 // See issue #32912.
 //
 //go:nosplit
-func sigFetchG(c *sigctxt) *g {
+func sigClobbered(c *sigctxt) bool {
 	switch GOARCH {
 	case "arm", "arm64":
-		if inVDSOPage(c.sigpc()) {
-			return nil
-		}
+		return inVDSOPage(c.sigpc());
+	}
+	return false
+}
+
+// sigpending stores signals during the Go signal handler when the g value is clobbered.
+// See issue #34391.
+var sigpending [(_NSIG + 31) / 32]uint32
+
+func sigAddPending(s uint32) {
+	p := sigpending[s/32]
+	p |= 1 << (s & 31)
+	atomic.Store(&sigpending[s/32], p)
+}
+
+// sigClearPending is called from outside the signal handler context.
+// It is called just after the clobbered G value is restored.
+func sigClearPending() {
+	for s := 0; s < _NSIG; s++ {
+		p := sigpending[s/32]
+		p &^= 1 << (s & 31)
+		atomic.Store(&sigpending[s/32], p)
+		raise(uint32(s))
 	}
-	return getg()
 }
 
 // sigtrampgo is called from the signal handler function, sigtramp,
@@ -305,7 +323,16 @@ func sigtrampgo(sig uint32, info *siginfo, ctx unsafe.Pointer) {
 		return
 	}
 	c := &sigctxt{info, ctx}
-	g := sigFetchG(c)
+	if sigClobbered(c) {
+		if sig == _SIGPROF {
+			sigprofNonGoPC(c.sigpc())
+			return
+		}
+		// at this point iscgo must be true
+		sigAddPending(sig)
+		return
+	}
+	g := getg()
 	if g == nil {
 		if sig == _SIGPROF {
 			sigprofNonGoPC(c.sigpc())
@@ -670,13 +697,19 @@ func sigfwdgo(sig uint32, info *siginfo, ctx unsafe.Pointer) bool {
 	if (c.sigcode() == _SI_USER || flags&_SigPanic == 0) && sig != _SIGPIPE {
 		return false
 	}
-	// Determine if the signal occurred inside Go code. We test that:
-	//   (1) we weren't in VDSO page,
-	//   (2) we were in a goroutine (i.e., m.curg != nil), and
-	//   (3) we weren't in CGO.
-	g := sigFetchG(c)
-	if g != nil && g.m != nil && g.m.curg != nil && !g.m.incgo {
-		return false
+	if sigClobbered(c) {
+		// There is no handler to be forwarded to.
+		if !iscgo {
+			return false
+		}
+	} else {
+		// Determine if the signal occurred inside Go code. We test that:
+		//   (1) we were in a goroutine (i.e., m.curg != nil), and
+		//   (2) we weren't in CGO.
+		g := getg()
+		if g != nil && g.m != nil && g.m.curg != nil && !g.m.incgo {
+			return false
+		}
 	}
 
 	// Signal not handled by Go, forward it.
diff --git a/src/runtime/sys_linux_arm.s b/src/runtime/sys_linux_arm.s
@@ -247,6 +247,8 @@ noswitch:
 	B.EQ	fallback
 
 	BL	(R11)
+
+	BL	runtime·sigClearPending(SB)
 	JMP	finish
 
 fallback:
@@ -298,6 +300,8 @@ noswitch:
 	B.EQ	fallback
 
 	BL	(R11)
+
+	BL	runtime·sigClearPending(SB)
 	JMP	finish
 
 fallback:
diff --git a/src/runtime/sys_linux_arm64.s b/src/runtime/sys_linux_arm64.s
@@ -208,6 +208,7 @@ noswitch:
 	MOVD	runtime·vdsoClockgettimeSym(SB), R2
 	CBZ	R2, fallback
 	BL	(R2)
+	BL	runtime·sigClearPending(SB)
 	B	finish
 
 fallback:
@@ -251,6 +252,7 @@ noswitch:
 	MOVD	runtime·vdsoClockgettimeSym(SB), R2
 	CBZ	R2, fallback
 	BL	(R2)
+	BL	runtime·sigClearPending(SB)
 	B	finish
 
 fallback:
