1 // Copyright 2012 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris 6 // +build aix darwin dragonfly freebsd linux netbsd openbsd solaris 7 8 package runtime 9 10 import ( 11 "runtime/internal/atomic" 12 "unsafe" 13 ) 14 15 // sigTabT is the type of an entry in the global sigtable array. 16 // sigtable is inherently system dependent, and appears in OS-specific files, 17 // but sigTabT is the same for all Unixy systems. 18 // The sigtable array is indexed by a system signal number to get the flags 19 // and printable name of each signal. 20 type sigTabT struct { 21 flags int32 22 name string 23 } 24 25 //go:linkname os_sigpipe os.sigpipe 26 func os_sigpipe() { 27 systemstack(sigpipe) 28 } 29 30 func signame(sig uint32) string { 31 if sig >= uint32(len(sigtable)) { 32 return "" 33 } 34 return sigtable[sig].name 35 } 36 37 const ( 38 _SIG_DFL uintptr = 0 39 _SIG_IGN uintptr = 1 40 ) 41 42 // sigPreempt is the signal used for non-cooperative preemption. 43 // 44 // There's no good way to choose this signal, but there are some 45 // heuristics: 46 // 47 // 1. It should be a signal that's passed-through by debuggers by 48 // default. On Linux, this is SIGALRM, SIGURG, SIGCHLD, SIGIO, 49 // SIGVTALRM, SIGPROF, and SIGWINCH, plus some glibc-internal signals. 50 // 51 // 2. It shouldn't be used internally by libc in mixed Go/C binaries 52 // because libc may assume it's the only thing that can handle these 53 // signals. For example SIGCANCEL or SIGSETXID. 54 // 55 // 3. It should be a signal that can happen spuriously without 56 // consequences. For example, SIGALRM is a bad choice because the 57 // signal handler can't tell if it was caused by the real process 58 // alarm or not (arguably this means the signal is broken, but I 59 // digress). SIGUSR1 and SIGUSR2 are also bad because those are often 60 // used in meaningful ways by applications. 61 // 62 // 4. We need to deal with platforms without real-time signals (like 63 // macOS), so those are out. 64 // 65 // We use SIGURG because it meets all of these criteria, is extremely 66 // unlikely to be used by an application for its "real" meaning (both 67 // because out-of-band data is basically unused and because SIGURG 68 // doesn't report which socket has the condition, making it pretty 69 // useless), and even if it is, the application has to be ready for 70 // spurious SIGURG. SIGIO wouldn't be a bad choice either, but is more 71 // likely to be used for real. 72 const sigPreempt = _SIGURG 73 74 // Stores the signal handlers registered before Go installed its own. 75 // These signal handlers will be invoked in cases where Go doesn't want to 76 // handle a particular signal (e.g., signal occurred on a non-Go thread). 77 // See sigfwdgo for more information on when the signals are forwarded. 78 // 79 // This is read by the signal handler; accesses should use 80 // atomic.Loaduintptr and atomic.Storeuintptr. 81 var fwdSig [_NSIG]uintptr 82 83 // handlingSig is indexed by signal number and is non-zero if we are 84 // currently handling the signal. Or, to put it another way, whether 85 // the signal handler is currently set to the Go signal handler or not. 86 // This is uint32 rather than bool so that we can use atomic instructions. 87 var handlingSig [_NSIG]uint32 88 89 // channels for synchronizing signal mask updates with the signal mask 90 // thread 91 var ( 92 disableSigChan chan uint32 93 enableSigChan chan uint32 94 maskUpdatedChan chan struct{} 95 ) 96 97 func init() { 98 // _NSIG is the number of signals on this operating system. 99 // sigtable should describe what to do for all the possible signals. 100 if len(sigtable) != _NSIG { 101 print("runtime: len(sigtable)=", len(sigtable), " _NSIG=", _NSIG, "\n") 102 throw("bad sigtable len") 103 } 104 } 105 106 var signalsOK bool 107 108 // Initialize signals. 109 // Called by libpreinit so runtime may not be initialized. 110 //go:nosplit 111 //go:nowritebarrierrec 112 func initsig(preinit bool) { 113 if !preinit { 114 // It's now OK for signal handlers to run. 115 signalsOK = true 116 } 117 118 // For c-archive/c-shared this is called by libpreinit with 119 // preinit == true. 120 if (isarchive || islibrary) && !preinit { 121 return 122 } 123 124 for i := uint32(0); i < _NSIG; i++ { 125 t := &sigtable[i] 126 if t.flags == 0 || t.flags&_SigDefault != 0 { 127 continue 128 } 129 130 // We don't need to use atomic operations here because 131 // there shouldn't be any other goroutines running yet. 132 fwdSig[i] = getsig(i) 133 134 if !sigInstallGoHandler(i) { 135 // Even if we are not installing a signal handler, 136 // set SA_ONSTACK if necessary. 137 if fwdSig[i] != _SIG_DFL && fwdSig[i] != _SIG_IGN { 138 setsigstack(i) 139 } else if fwdSig[i] == _SIG_IGN { 140 sigInitIgnored(i) 141 } 142 continue 143 } 144 145 handlingSig[i] = 1 146 setsig(i, funcPC(sighandler)) 147 } 148 } 149 150 //go:nosplit 151 //go:nowritebarrierrec 152 func sigInstallGoHandler(sig uint32) bool { 153 // For some signals, we respect an inherited SIG_IGN handler 154 // rather than insist on installing our own default handler. 155 // Even these signals can be fetched using the os/signal package. 156 switch sig { 157 case _SIGHUP, _SIGINT: 158 if atomic.Loaduintptr(&fwdSig[sig]) == _SIG_IGN { 159 return false 160 } 161 } 162 163 t := &sigtable[sig] 164 if t.flags&_SigSetStack != 0 { 165 return false 166 } 167 168 // When built using c-archive or c-shared, only install signal 169 // handlers for synchronous signals and SIGPIPE. 170 if (isarchive || islibrary) && t.flags&_SigPanic == 0 && sig != _SIGPIPE { 171 return false 172 } 173 174 return true 175 } 176 177 // sigenable enables the Go signal handler to catch the signal sig. 178 // It is only called while holding the os/signal.handlers lock, 179 // via os/signal.enableSignal and signal_enable. 180 func sigenable(sig uint32) { 181 if sig >= uint32(len(sigtable)) { 182 return 183 } 184 185 // SIGPROF is handled specially for profiling. 186 if sig == _SIGPROF { 187 return 188 } 189 190 t := &sigtable[sig] 191 if t.flags&_SigNotify != 0 { 192 ensureSigM() 193 enableSigChan <- sig 194 <-maskUpdatedChan 195 if atomic.Cas(&handlingSig[sig], 0, 1) { 196 atomic.Storeuintptr(&fwdSig[sig], getsig(sig)) 197 setsig(sig, funcPC(sighandler)) 198 } 199 } 200 } 201 202 // sigdisable disables the Go signal handler for the signal sig. 203 // It is only called while holding the os/signal.handlers lock, 204 // via os/signal.disableSignal and signal_disable. 205 func sigdisable(sig uint32) { 206 if sig >= uint32(len(sigtable)) { 207 return 208 } 209 210 // SIGPROF is handled specially for profiling. 211 if sig == _SIGPROF { 212 return 213 } 214 215 t := &sigtable[sig] 216 if t.flags&_SigNotify != 0 { 217 ensureSigM() 218 disableSigChan <- sig 219 <-maskUpdatedChan 220 221 // If initsig does not install a signal handler for a 222 // signal, then to go back to the state before Notify 223 // we should remove the one we installed. 224 if !sigInstallGoHandler(sig) { 225 atomic.Store(&handlingSig[sig], 0) 226 setsig(sig, atomic.Loaduintptr(&fwdSig[sig])) 227 } 228 } 229 } 230 231 // sigignore ignores the signal sig. 232 // It is only called while holding the os/signal.handlers lock, 233 // via os/signal.ignoreSignal and signal_ignore. 234 func sigignore(sig uint32) { 235 if sig >= uint32(len(sigtable)) { 236 return 237 } 238 239 // SIGPROF is handled specially for profiling. 240 if sig == _SIGPROF { 241 return 242 } 243 244 t := &sigtable[sig] 245 if t.flags&_SigNotify != 0 { 246 atomic.Store(&handlingSig[sig], 0) 247 setsig(sig, _SIG_IGN) 248 } 249 } 250 251 // clearSignalHandlers clears all signal handlers that are not ignored 252 // back to the default. This is called by the child after a fork, so that 253 // we can enable the signal mask for the exec without worrying about 254 // running a signal handler in the child. 255 //go:nosplit 256 //go:nowritebarrierrec 257 func clearSignalHandlers() { 258 for i := uint32(0); i < _NSIG; i++ { 259 if atomic.Load(&handlingSig[i]) != 0 { 260 setsig(i, _SIG_DFL) 261 } 262 } 263 } 264 265 // setProcessCPUProfiler is called when the profiling timer changes. 266 // It is called with prof.lock held. hz is the new timer, and is 0 if 267 // profiling is being disabled. Enable or disable the signal as 268 // required for -buildmode=c-archive. 269 func setProcessCPUProfiler(hz int32) { 270 if hz != 0 { 271 // Enable the Go signal handler if not enabled. 272 if atomic.Cas(&handlingSig[_SIGPROF], 0, 1) { 273 atomic.Storeuintptr(&fwdSig[_SIGPROF], getsig(_SIGPROF)) 274 setsig(_SIGPROF, funcPC(sighandler)) 275 } 276 277 var it itimerval 278 it.it_interval.tv_sec = 0 279 it.it_interval.set_usec(1000000 / hz) 280 it.it_value = it.it_interval 281 setitimer(_ITIMER_PROF, &it, nil) 282 } else { 283 setitimer(_ITIMER_PROF, &itimerval{}, nil) 284 285 // If the Go signal handler should be disabled by default, 286 // switch back to the signal handler that was installed 287 // when we enabled profiling. We don't try to handle the case 288 // of a program that changes the SIGPROF handler while Go 289 // profiling is enabled. 290 // 291 // If no signal handler was installed before, then start 292 // ignoring SIGPROF signals. We do this, rather than change 293 // to SIG_DFL, because there may be a pending SIGPROF 294 // signal that has not yet been delivered to some other thread. 295 // If we change to SIG_DFL here, the program will crash 296 // when that SIGPROF is delivered. We assume that programs 297 // that use profiling don't want to crash on a stray SIGPROF. 298 // See issue 19320. 299 if !sigInstallGoHandler(_SIGPROF) { 300 if atomic.Cas(&handlingSig[_SIGPROF], 1, 0) { 301 h := atomic.Loaduintptr(&fwdSig[_SIGPROF]) 302 if h == _SIG_DFL { 303 h = _SIG_IGN 304 } 305 setsig(_SIGPROF, h) 306 } 307 } 308 } 309 } 310 311 // setThreadCPUProfiler makes any thread-specific changes required to 312 // implement profiling at a rate of hz. 313 // No changes required on Unix systems. 314 func setThreadCPUProfiler(hz int32) { 315 getg().m.profilehz = hz 316 } 317 318 func sigpipe() { 319 if signal_ignored(_SIGPIPE) || sigsend(_SIGPIPE) { 320 return 321 } 322 dieFromSignal(_SIGPIPE) 323 } 324 325 // doSigPreempt handles a preemption signal on gp. 326 func doSigPreempt(gp *g, ctxt *sigctxt) { 327 // Check if this G wants to be preempted and is safe to 328 // preempt. 329 if wantAsyncPreempt(gp) { 330 if ok, newpc := isAsyncSafePoint(gp, ctxt.sigpc(), ctxt.sigsp(), ctxt.siglr()); ok { 331 // Adjust the PC and inject a call to asyncPreempt. 332 ctxt.pushCall(funcPC(asyncPreempt), newpc) 333 } 334 } 335 336 // Acknowledge the preemption. 337 atomic.Xadd(&gp.m.preemptGen, 1) 338 atomic.Store(&gp.m.signalPending, 0) 339 340 if GOOS == "darwin" || GOOS == "ios" { 341 atomic.Xadd(&pendingPreemptSignals, -1) 342 } 343 } 344 345 const preemptMSupported = true 346 347 // preemptM sends a preemption request to mp. This request may be 348 // handled asynchronously and may be coalesced with other requests to 349 // the M. When the request is received, if the running G or P are 350 // marked for preemption and the goroutine is at an asynchronous 351 // safe-point, it will preempt the goroutine. It always atomically 352 // increments mp.preemptGen after handling a preemption request. 353 func preemptM(mp *m) { 354 // On Darwin, don't try to preempt threads during exec. 355 // Issue #41702. 356 if GOOS == "darwin" || GOOS == "ios" { 357 execLock.rlock() 358 } 359 360 if atomic.Cas(&mp.signalPending, 0, 1) { 361 if GOOS == "darwin" || GOOS == "ios" { 362 atomic.Xadd(&pendingPreemptSignals, 1) 363 } 364 365 // If multiple threads are preempting the same M, it may send many 366 // signals to the same M such that it hardly make progress, causing 367 // live-lock problem. Apparently this could happen on darwin. See 368 // issue #37741. 369 // Only send a signal if there isn't already one pending. 370 signalM(mp, sigPreempt) 371 } 372 373 if GOOS == "darwin" || GOOS == "ios" { 374 execLock.runlock() 375 } 376 } 377 378 // sigFetchG fetches the value of G safely when running in a signal handler. 379 // On some architectures, the g value may be clobbered when running in a VDSO. 380 // See issue #32912. 381 // 382 //go:nosplit 383 func sigFetchG(c *sigctxt) *g { 384 switch GOARCH { 385 case "arm", "arm64", "ppc64", "ppc64le": 386 if !iscgo && inVDSOPage(c.sigpc()) { 387 // When using cgo, we save the g on TLS and load it from there 388 // in sigtramp. Just use that. 389 // Otherwise, before making a VDSO call we save the g to the 390 // bottom of the signal stack. Fetch from there. 391 // TODO: in efence mode, stack is sysAlloc'd, so this wouldn't 392 // work. 393 sp := getcallersp() 394 s := spanOf(sp) 395 if s != nil && s.state.get() == mSpanManual && s.base() < sp && sp < s.limit { 396 gp := *(**g)(unsafe.Pointer(s.base())) 397 return gp 398 } 399 return nil 400 } 401 } 402 return getg() 403 } 404 405 // sigtrampgo is called from the signal handler function, sigtramp, 406 // written in assembly code. 407 // This is called by the signal handler, and the world may be stopped. 408 // 409 // It must be nosplit because getg() is still the G that was running 410 // (if any) when the signal was delivered, but it's (usually) called 411 // on the gsignal stack. Until this switches the G to gsignal, the 412 // stack bounds check won't work. 413 // 414 //go:nosplit 415 //go:nowritebarrierrec 416 func sigtrampgo(sig uint32, info *siginfo, ctx unsafe.Pointer) { 417 if sigfwdgo(sig, info, ctx) { 418 return 419 } 420 c := &sigctxt{info, ctx} 421 g := sigFetchG(c) 422 setg(g) 423 if g == nil { 424 if sig == _SIGPROF { 425 sigprofNonGoPC(c.sigpc()) 426 return 427 } 428 if sig == sigPreempt && preemptMSupported && debug.asyncpreemptoff == 0 { 429 // This is probably a signal from preemptM sent 430 // while executing Go code but received while 431 // executing non-Go code. 432 // We got past sigfwdgo, so we know that there is 433 // no non-Go signal handler for sigPreempt. 434 // The default behavior for sigPreempt is to ignore 435 // the signal, so badsignal will be a no-op anyway. 436 if GOOS == "darwin" || GOOS == "ios" { 437 atomic.Xadd(&pendingPreemptSignals, -1) 438 } 439 return 440 } 441 c.fixsigcode(sig) 442 badsignal(uintptr(sig), c) 443 return 444 } 445 446 setg(g.m.gsignal) 447 448 // If some non-Go code called sigaltstack, adjust. 449 var gsignalStack gsignalStack 450 setStack := adjustSignalStack(sig, g.m, &gsignalStack) 451 if setStack { 452 g.m.gsignal.stktopsp = getcallersp() 453 } 454 455 if g.stackguard0 == stackFork { 456 signalDuringFork(sig) 457 } 458 459 c.fixsigcode(sig) 460 sighandler(sig, info, ctx, g) 461 setg(g) 462 if setStack { 463 restoreGsignalStack(&gsignalStack) 464 } 465 } 466 467 // adjustSignalStack adjusts the current stack guard based on the 468 // stack pointer that is actually in use while handling a signal. 469 // We do this in case some non-Go code called sigaltstack. 470 // This reports whether the stack was adjusted, and if so stores the old 471 // signal stack in *gsigstack. 472 //go:nosplit 473 func adjustSignalStack(sig uint32, mp *m, gsigStack *gsignalStack) bool { 474 sp := uintptr(unsafe.Pointer(&sig)) 475 if sp >= mp.gsignal.stack.lo && sp < mp.gsignal.stack.hi { 476 return false 477 } 478 479 var st stackt 480 sigaltstack(nil, &st) 481 stsp := uintptr(unsafe.Pointer(st.ss_sp)) 482 if st.ss_flags&_SS_DISABLE == 0 && sp >= stsp && sp < stsp+st.ss_size { 483 setGsignalStack(&st, gsigStack) 484 return true 485 } 486 487 if sp >= mp.g0.stack.lo && sp < mp.g0.stack.hi { 488 // The signal was delivered on the g0 stack. 489 // This can happen when linked with C code 490 // using the thread sanitizer, which collects 491 // signals then delivers them itself by calling 492 // the signal handler directly when C code, 493 // including C code called via cgo, calls a 494 // TSAN-intercepted function such as malloc. 495 // 496 // We check this condition last as g0.stack.lo 497 // may be not very accurate (see mstart). 498 st := stackt{ss_size: mp.g0.stack.hi - mp.g0.stack.lo} 499 setSignalstackSP(&st, mp.g0.stack.lo) 500 setGsignalStack(&st, gsigStack) 501 return true 502 } 503 504 // sp is not within gsignal stack, g0 stack, or sigaltstack. Bad. 505 setg(nil) 506 needm() 507 if st.ss_flags&_SS_DISABLE != 0 { 508 noSignalStack(sig) 509 } else { 510 sigNotOnStack(sig) 511 } 512 dropm() 513 return false 514 } 515 516 // crashing is the number of m's we have waited for when implementing 517 // GOTRACEBACK=crash when a signal is received. 518 var crashing int32 519 520 // testSigtrap and testSigusr1 are used by the runtime tests. If 521 // non-nil, it is called on SIGTRAP/SIGUSR1. If it returns true, the 522 // normal behavior on this signal is suppressed. 523 var testSigtrap func(info *siginfo, ctxt *sigctxt, gp *g) bool 524 var testSigusr1 func(gp *g) bool 525 526 // sighandler is invoked when a signal occurs. The global g will be 527 // set to a gsignal goroutine and we will be running on the alternate 528 // signal stack. The parameter g will be the value of the global g 529 // when the signal occurred. The sig, info, and ctxt parameters are 530 // from the system signal handler: they are the parameters passed when 531 // the SA is passed to the sigaction system call. 532 // 533 // The garbage collector may have stopped the world, so write barriers 534 // are not allowed. 535 // 536 //go:nowritebarrierrec 537 func sighandler(sig uint32, info *siginfo, ctxt unsafe.Pointer, gp *g) { 538 _g_ := getg() 539 c := &sigctxt{info, ctxt} 540 541 if sig == _SIGPROF { 542 sigprof(c.sigpc(), c.sigsp(), c.siglr(), gp, _g_.m) 543 return 544 } 545 546 if sig == _SIGTRAP && testSigtrap != nil && testSigtrap(info, (*sigctxt)(noescape(unsafe.Pointer(c))), gp) { 547 return 548 } 549 550 if sig == _SIGUSR1 && testSigusr1 != nil && testSigusr1(gp) { 551 return 552 } 553 554 if sig == sigPreempt && debug.asyncpreemptoff == 0 { 555 // Might be a preemption signal. 556 doSigPreempt(gp, c) 557 // Even if this was definitely a preemption signal, it 558 // may have been coalesced with another signal, so we 559 // still let it through to the application. 560 } 561 562 flags := int32(_SigThrow) 563 if sig < uint32(len(sigtable)) { 564 flags = sigtable[sig].flags 565 } 566 if c.sigcode() != _SI_USER && flags&_SigPanic != 0 && gp.throwsplit { 567 // We can't safely sigpanic because it may grow the 568 // stack. Abort in the signal handler instead. 569 flags = _SigThrow 570 } 571 if isAbortPC(c.sigpc()) { 572 // On many architectures, the abort function just 573 // causes a memory fault. Don't turn that into a panic. 574 flags = _SigThrow 575 } 576 if c.sigcode() != _SI_USER && flags&_SigPanic != 0 { 577 // The signal is going to cause a panic. 578 // Arrange the stack so that it looks like the point 579 // where the signal occurred made a call to the 580 // function sigpanic. Then set the PC to sigpanic. 581 582 // Have to pass arguments out of band since 583 // augmenting the stack frame would break 584 // the unwinding code. 585 gp.sig = sig 586 gp.sigcode0 = uintptr(c.sigcode()) 587 gp.sigcode1 = uintptr(c.fault()) 588 gp.sigpc = c.sigpc() 589 590 c.preparePanic(sig, gp) 591 return 592 } 593 594 if c.sigcode() == _SI_USER || flags&_SigNotify != 0 { 595 if sigsend(sig) { 596 return 597 } 598 } 599 600 if c.sigcode() == _SI_USER && signal_ignored(sig) { 601 return 602 } 603 604 if flags&_SigKill != 0 { 605 dieFromSignal(sig) 606 } 607 608 // _SigThrow means that we should exit now. 609 // If we get here with _SigPanic, it means that the signal 610 // was sent to us by a program (c.sigcode() == _SI_USER); 611 // in that case, if we didn't handle it in sigsend, we exit now. 612 if flags&(_SigThrow|_SigPanic) == 0 { 613 return 614 } 615 616 _g_.m.throwing = 1 617 _g_.m.caughtsig.set(gp) 618 619 if crashing == 0 { 620 startpanic_m() 621 } 622 623 if sig < uint32(len(sigtable)) { 624 print(sigtable[sig].name, "\n") 625 } else { 626 print("Signal ", sig, "\n") 627 } 628 629 print("PC=", hex(c.sigpc()), " m=", _g_.m.id, " sigcode=", c.sigcode(), "\n") 630 if _g_.m.lockedg != 0 && _g_.m.ncgo > 0 && gp == _g_.m.g0 { 631 print("signal arrived during cgo execution\n") 632 gp = _g_.m.lockedg.ptr() 633 } 634 if sig == _SIGILL || sig == _SIGFPE { 635 // It would be nice to know how long the instruction is. 636 // Unfortunately, that's complicated to do in general (mostly for x86 637 // and s930x, but other archs have non-standard instruction lengths also). 638 // Opt to print 16 bytes, which covers most instructions. 639 const maxN = 16 640 n := uintptr(maxN) 641 // We have to be careful, though. If we're near the end of 642 // a page and the following page isn't mapped, we could 643 // segfault. So make sure we don't straddle a page (even though 644 // that could lead to printing an incomplete instruction). 645 // We're assuming here we can read at least the page containing the PC. 646 // I suppose it is possible that the page is mapped executable but not readable? 647 pc := c.sigpc() 648 if n > physPageSize-pc%physPageSize { 649 n = physPageSize - pc%physPageSize 650 } 651 print("instruction bytes:") 652 b := (*[maxN]byte)(unsafe.Pointer(pc)) 653 for i := uintptr(0); i < n; i++ { 654 print(" ", hex(b[i])) 655 } 656 println() 657 } 658 print("\n") 659 660 level, _, docrash := gotraceback() 661 if level > 0 { 662 goroutineheader(gp) 663 tracebacktrap(c.sigpc(), c.sigsp(), c.siglr(), gp) 664 if crashing > 0 && gp != _g_.m.curg && _g_.m.curg != nil && readgstatus(_g_.m.curg)&^_Gscan == _Grunning { 665 // tracebackothers on original m skipped this one; trace it now. 666 goroutineheader(_g_.m.curg) 667 traceback(^uintptr(0), ^uintptr(0), 0, _g_.m.curg) 668 } else if crashing == 0 { 669 tracebackothers(gp) 670 print("\n") 671 } 672 dumpregs(c) 673 } 674 675 if docrash { 676 crashing++ 677 if crashing < mcount()-int32(extraMCount) { 678 // There are other m's that need to dump their stacks. 679 // Relay SIGQUIT to the next m by sending it to the current process. 680 // All m's that have already received SIGQUIT have signal masks blocking 681 // receipt of any signals, so the SIGQUIT will go to an m that hasn't seen it yet. 682 // When the last m receives the SIGQUIT, it will fall through to the call to 683 // crash below. Just in case the relaying gets botched, each m involved in 684 // the relay sleeps for 5 seconds and then does the crash/exit itself. 685 // In expected operation, the last m has received the SIGQUIT and run 686 // crash/exit and the process is gone, all long before any of the 687 // 5-second sleeps have finished. 688 print("\n-----\n\n") 689 raiseproc(_SIGQUIT) 690 usleep(5 * 1000 * 1000) 691 } 692 crash() 693 } 694 695 printDebugLog() 696 697 exit(2) 698 } 699 700 // sigpanic turns a synchronous signal into a run-time panic. 701 // If the signal handler sees a synchronous panic, it arranges the 702 // stack to look like the function where the signal occurred called 703 // sigpanic, sets the signal's PC value to sigpanic, and returns from 704 // the signal handler. The effect is that the program will act as 705 // though the function that got the signal simply called sigpanic 706 // instead. 707 // 708 // This must NOT be nosplit because the linker doesn't know where 709 // sigpanic calls can be injected. 710 // 711 // The signal handler must not inject a call to sigpanic if 712 // getg().throwsplit, since sigpanic may need to grow the stack. 713 // 714 // This is exported via linkname to assembly in runtime/cgo. 715 //go:linkname sigpanic 716 func sigpanic() { 717 g := getg() 718 if !canpanic(g) { 719 throw("unexpected signal during runtime execution") 720 } 721 722 switch g.sig { 723 case _SIGBUS: 724 if g.sigcode0 == _BUS_ADRERR && g.sigcode1 < 0x1000 { 725 panicmem() 726 } 727 // Support runtime/debug.SetPanicOnFault. 728 if g.paniconfault { 729 panicmemAddr(g.sigcode1) 730 } 731 print("unexpected fault address ", hex(g.sigcode1), "\n") 732 throw("fault") 733 case _SIGSEGV: 734 if (g.sigcode0 == 0 || g.sigcode0 == _SEGV_MAPERR || g.sigcode0 == _SEGV_ACCERR) && g.sigcode1 < 0x1000 { 735 panicmem() 736 } 737 // Support runtime/debug.SetPanicOnFault. 738 if g.paniconfault { 739 panicmemAddr(g.sigcode1) 740 } 741 print("unexpected fault address ", hex(g.sigcode1), "\n") 742 throw("fault") 743 case _SIGFPE: 744 switch g.sigcode0 { 745 case _FPE_INTDIV: 746 panicdivide() 747 case _FPE_INTOVF: 748 panicoverflow() 749 } 750 panicfloat() 751 } 752 753 if g.sig >= uint32(len(sigtable)) { 754 // can't happen: we looked up g.sig in sigtable to decide to call sigpanic 755 throw("unexpected signal value") 756 } 757 panic(errorString(sigtable[g.sig].name)) 758 } 759 760 // dieFromSignal kills the program with a signal. 761 // This provides the expected exit status for the shell. 762 // This is only called with fatal signals expected to kill the process. 763 //go:nosplit 764 //go:nowritebarrierrec 765 func dieFromSignal(sig uint32) { 766 unblocksig(sig) 767 // Mark the signal as unhandled to ensure it is forwarded. 768 atomic.Store(&handlingSig[sig], 0) 769 raise(sig) 770 771 // That should have killed us. On some systems, though, raise 772 // sends the signal to the whole process rather than to just 773 // the current thread, which means that the signal may not yet 774 // have been delivered. Give other threads a chance to run and 775 // pick up the signal. 776 osyield() 777 osyield() 778 osyield() 779 780 // If that didn't work, try _SIG_DFL. 781 setsig(sig, _SIG_DFL) 782 raise(sig) 783 784 osyield() 785 osyield() 786 osyield() 787 788 // If we are still somehow running, just exit with the wrong status. 789 exit(2) 790 } 791 792 // raisebadsignal is called when a signal is received on a non-Go 793 // thread, and the Go program does not want to handle it (that is, the 794 // program has not called os/signal.Notify for the signal). 795 func raisebadsignal(sig uint32, c *sigctxt) { 796 if sig == _SIGPROF { 797 // Ignore profiling signals that arrive on non-Go threads. 798 return 799 } 800 801 var handler uintptr 802 if sig >= _NSIG { 803 handler = _SIG_DFL 804 } else { 805 handler = atomic.Loaduintptr(&fwdSig[sig]) 806 } 807 808 // Reset the signal handler and raise the signal. 809 // We are currently running inside a signal handler, so the 810 // signal is blocked. We need to unblock it before raising the 811 // signal, or the signal we raise will be ignored until we return 812 // from the signal handler. We know that the signal was unblocked 813 // before entering the handler, or else we would not have received 814 // it. That means that we don't have to worry about blocking it 815 // again. 816 unblocksig(sig) 817 setsig(sig, handler) 818 819 // If we're linked into a non-Go program we want to try to 820 // avoid modifying the original context in which the signal 821 // was raised. If the handler is the default, we know it 822 // is non-recoverable, so we don't have to worry about 823 // re-installing sighandler. At this point we can just 824 // return and the signal will be re-raised and caught by 825 // the default handler with the correct context. 826 // 827 // On FreeBSD, the libthr sigaction code prevents 828 // this from working so we fall through to raise. 829 if GOOS != "freebsd" && (isarchive || islibrary) && handler == _SIG_DFL && c.sigcode() != _SI_USER { 830 return 831 } 832 833 raise(sig) 834 835 // Give the signal a chance to be delivered. 836 // In almost all real cases the program is about to crash, 837 // so sleeping here is not a waste of time. 838 usleep(1000) 839 840 // If the signal didn't cause the program to exit, restore the 841 // Go signal handler and carry on. 842 // 843 // We may receive another instance of the signal before we 844 // restore the Go handler, but that is not so bad: we know 845 // that the Go program has been ignoring the signal. 846 setsig(sig, funcPC(sighandler)) 847 } 848 849 //go:nosplit 850 func crash() { 851 // OS X core dumps are linear dumps of the mapped memory, 852 // from the first virtual byte to the last, with zeros in the gaps. 853 // Because of the way we arrange the address space on 64-bit systems, 854 // this means the OS X core file will be >128 GB and even on a zippy 855 // workstation can take OS X well over an hour to write (uninterruptible). 856 // Save users from making that mistake. 857 if GOOS == "darwin" && GOARCH == "amd64" { 858 return 859 } 860 861 dieFromSignal(_SIGABRT) 862 } 863 864 // ensureSigM starts one global, sleeping thread to make sure at least one thread 865 // is available to catch signals enabled for os/signal. 866 func ensureSigM() { 867 if maskUpdatedChan != nil { 868 return 869 } 870 maskUpdatedChan = make(chan struct{}) 871 disableSigChan = make(chan uint32) 872 enableSigChan = make(chan uint32) 873 go func() { 874 // Signal masks are per-thread, so make sure this goroutine stays on one 875 // thread. 876 LockOSThread() 877 defer UnlockOSThread() 878 // The sigBlocked mask contains the signals not active for os/signal, 879 // initially all signals except the essential. When signal.Notify()/Stop is called, 880 // sigenable/sigdisable in turn notify this thread to update its signal 881 // mask accordingly. 882 sigBlocked := sigset_all 883 for i := range sigtable { 884 if !blockableSig(uint32(i)) { 885 sigdelset(&sigBlocked, i) 886 } 887 } 888 sigprocmask(_SIG_SETMASK, &sigBlocked, nil) 889 for { 890 select { 891 case sig := <-enableSigChan: 892 if sig > 0 { 893 sigdelset(&sigBlocked, int(sig)) 894 } 895 case sig := <-disableSigChan: 896 if sig > 0 && blockableSig(sig) { 897 sigaddset(&sigBlocked, int(sig)) 898 } 899 } 900 sigprocmask(_SIG_SETMASK, &sigBlocked, nil) 901 maskUpdatedChan <- struct{}{} 902 } 903 }() 904 } 905 906 // This is called when we receive a signal when there is no signal stack. 907 // This can only happen if non-Go code calls sigaltstack to disable the 908 // signal stack. 909 func noSignalStack(sig uint32) { 910 println("signal", sig, "received on thread with no signal stack") 911 throw("non-Go code disabled sigaltstack") 912 } 913 914 // This is called if we receive a signal when there is a signal stack 915 // but we are not on it. This can only happen if non-Go code called 916 // sigaction without setting the SS_ONSTACK flag. 917 func sigNotOnStack(sig uint32) { 918 println("signal", sig, "received but handler not on signal stack") 919 throw("non-Go code set up signal handler without SA_ONSTACK flag") 920 } 921 922 // signalDuringFork is called if we receive a signal while doing a fork. 923 // We do not want signals at that time, as a signal sent to the process 924 // group may be delivered to the child process, causing confusion. 925 // This should never be called, because we block signals across the fork; 926 // this function is just a safety check. See issue 18600 for background. 927 func signalDuringFork(sig uint32) { 928 println("signal", sig, "received during fork") 929 throw("signal received during fork") 930 } 931 932 var badginsignalMsg = "fatal: bad g in signal handler\n" 933 934 // This runs on a foreign stack, without an m or a g. No stack split. 935 //go:nosplit 936 //go:norace 937 //go:nowritebarrierrec 938 func badsignal(sig uintptr, c *sigctxt) { 939 if !iscgo && !cgoHasExtraM { 940 // There is no extra M. needm will not be able to grab 941 // an M. Instead of hanging, just crash. 942 // Cannot call split-stack function as there is no G. 943 s := stringStructOf(&badginsignalMsg) 944 write(2, s.str, int32(s.len)) 945 exit(2) 946 *(*uintptr)(unsafe.Pointer(uintptr(123))) = 2 947 } 948 needm() 949 if !sigsend(uint32(sig)) { 950 // A foreign thread received the signal sig, and the 951 // Go code does not want to handle it. 952 raisebadsignal(uint32(sig), c) 953 } 954 dropm() 955 } 956 957 //go:noescape 958 func sigfwd(fn uintptr, sig uint32, info *siginfo, ctx unsafe.Pointer) 959 960 // Determines if the signal should be handled by Go and if not, forwards the 961 // signal to the handler that was installed before Go's. Returns whether the 962 // signal was forwarded. 963 // This is called by the signal handler, and the world may be stopped. 964 //go:nosplit 965 //go:nowritebarrierrec 966 func sigfwdgo(sig uint32, info *siginfo, ctx unsafe.Pointer) bool { 967 if sig >= uint32(len(sigtable)) { 968 return false 969 } 970 fwdFn := atomic.Loaduintptr(&fwdSig[sig]) 971 flags := sigtable[sig].flags 972 973 // If we aren't handling the signal, forward it. 974 if atomic.Load(&handlingSig[sig]) == 0 || !signalsOK { 975 // If the signal is ignored, doing nothing is the same as forwarding. 976 if fwdFn == _SIG_IGN || (fwdFn == _SIG_DFL && flags&_SigIgn != 0) { 977 return true 978 } 979 // We are not handling the signal and there is no other handler to forward to. 980 // Crash with the default behavior. 981 if fwdFn == _SIG_DFL { 982 setsig(sig, _SIG_DFL) 983 dieFromSignal(sig) 984 return false 985 } 986 987 sigfwd(fwdFn, sig, info, ctx) 988 return true 989 } 990 991 // This function and its caller sigtrampgo assumes SIGPIPE is delivered on the 992 // originating thread. This property does not hold on macOS (golang.org/issue/33384), 993 // so we have no choice but to ignore SIGPIPE. 994 if (GOOS == "darwin" || GOOS == "ios") && sig == _SIGPIPE { 995 return true 996 } 997 998 // If there is no handler to forward to, no need to forward. 999 if fwdFn == _SIG_DFL { 1000 return false 1001 } 1002 1003 c := &sigctxt{info, ctx} 1004 // Only forward synchronous signals and SIGPIPE. 1005 // Unfortunately, user generated SIGPIPEs will also be forwarded, because si_code 1006 // is set to _SI_USER even for a SIGPIPE raised from a write to a closed socket 1007 // or pipe. 1008 if (c.sigcode() == _SI_USER || flags&_SigPanic == 0) && sig != _SIGPIPE { 1009 return false 1010 } 1011 // Determine if the signal occurred inside Go code. We test that: 1012 // (1) we weren't in VDSO page, 1013 // (2) we were in a goroutine (i.e., m.curg != nil), and 1014 // (3) we weren't in CGO. 1015 g := sigFetchG(c) 1016 if g != nil && g.m != nil && g.m.curg != nil && !g.m.incgo { 1017 return false 1018 } 1019 1020 // Signal not handled by Go, forward it. 1021 if fwdFn != _SIG_IGN { 1022 sigfwd(fwdFn, sig, info, ctx) 1023 } 1024 1025 return true 1026 } 1027 1028 // sigsave saves the current thread's signal mask into *p. 1029 // This is used to preserve the non-Go signal mask when a non-Go 1030 // thread calls a Go function. 1031 // This is nosplit and nowritebarrierrec because it is called by needm 1032 // which may be called on a non-Go thread with no g available. 1033 //go:nosplit 1034 //go:nowritebarrierrec 1035 func sigsave(p *sigset) { 1036 sigprocmask(_SIG_SETMASK, nil, p) 1037 } 1038 1039 // msigrestore sets the current thread's signal mask to sigmask. 1040 // This is used to restore the non-Go signal mask when a non-Go thread 1041 // calls a Go function. 1042 // This is nosplit and nowritebarrierrec because it is called by dropm 1043 // after g has been cleared. 1044 //go:nosplit 1045 //go:nowritebarrierrec 1046 func msigrestore(sigmask sigset) { 1047 sigprocmask(_SIG_SETMASK, &sigmask, nil) 1048 } 1049 1050 // sigsetAllExiting is used by sigblock(true) when a thread is 1051 // exiting. sigset_all is defined in OS specific code, and per GOOS 1052 // behavior may override this default for sigsetAllExiting: see 1053 // osinit(). 1054 var sigsetAllExiting = sigset_all 1055 1056 // sigblock blocks signals in the current thread's signal mask. 1057 // This is used to block signals while setting up and tearing down g 1058 // when a non-Go thread calls a Go function. When a thread is exiting 1059 // we use the sigsetAllExiting value, otherwise the OS specific 1060 // definition of sigset_all is used. 1061 // This is nosplit and nowritebarrierrec because it is called by needm 1062 // which may be called on a non-Go thread with no g available. 1063 //go:nosplit 1064 //go:nowritebarrierrec 1065 func sigblock(exiting bool) { 1066 if exiting { 1067 sigprocmask(_SIG_SETMASK, &sigsetAllExiting, nil) 1068 return 1069 } 1070 sigprocmask(_SIG_SETMASK, &sigset_all, nil) 1071 } 1072 1073 // unblocksig removes sig from the current thread's signal mask. 1074 // This is nosplit and nowritebarrierrec because it is called from 1075 // dieFromSignal, which can be called by sigfwdgo while running in the 1076 // signal handler, on the signal stack, with no g available. 1077 //go:nosplit 1078 //go:nowritebarrierrec 1079 func unblocksig(sig uint32) { 1080 var set sigset 1081 sigaddset(&set, int(sig)) 1082 sigprocmask(_SIG_UNBLOCK, &set, nil) 1083 } 1084 1085 // minitSignals is called when initializing a new m to set the 1086 // thread's alternate signal stack and signal mask. 1087 func minitSignals() { 1088 minitSignalStack() 1089 minitSignalMask() 1090 } 1091 1092 // minitSignalStack is called when initializing a new m to set the 1093 // alternate signal stack. If the alternate signal stack is not set 1094 // for the thread (the normal case) then set the alternate signal 1095 // stack to the gsignal stack. If the alternate signal stack is set 1096 // for the thread (the case when a non-Go thread sets the alternate 1097 // signal stack and then calls a Go function) then set the gsignal 1098 // stack to the alternate signal stack. We also set the alternate 1099 // signal stack to the gsignal stack if cgo is not used (regardless 1100 // of whether it is already set). Record which choice was made in 1101 // newSigstack, so that it can be undone in unminit. 1102 func minitSignalStack() { 1103 _g_ := getg() 1104 var st stackt 1105 sigaltstack(nil, &st) 1106 if st.ss_flags&_SS_DISABLE != 0 || !iscgo { 1107 signalstack(&_g_.m.gsignal.stack) 1108 _g_.m.newSigstack = true 1109 } else { 1110 setGsignalStack(&st, &_g_.m.goSigStack) 1111 _g_.m.newSigstack = false 1112 } 1113 } 1114 1115 // minitSignalMask is called when initializing a new m to set the 1116 // thread's signal mask. When this is called all signals have been 1117 // blocked for the thread. This starts with m.sigmask, which was set 1118 // either from initSigmask for a newly created thread or by calling 1119 // sigsave if this is a non-Go thread calling a Go function. It 1120 // removes all essential signals from the mask, thus causing those 1121 // signals to not be blocked. Then it sets the thread's signal mask. 1122 // After this is called the thread can receive signals. 1123 func minitSignalMask() { 1124 nmask := getg().m.sigmask 1125 for i := range sigtable { 1126 if !blockableSig(uint32(i)) { 1127 sigdelset(&nmask, i) 1128 } 1129 } 1130 sigprocmask(_SIG_SETMASK, &nmask, nil) 1131 } 1132 1133 // unminitSignals is called from dropm, via unminit, to undo the 1134 // effect of calling minit on a non-Go thread. 1135 //go:nosplit 1136 func unminitSignals() { 1137 if getg().m.newSigstack { 1138 st := stackt{ss_flags: _SS_DISABLE} 1139 sigaltstack(&st, nil) 1140 } else { 1141 // We got the signal stack from someone else. Restore 1142 // the Go-allocated stack in case this M gets reused 1143 // for another thread (e.g., it's an extram). Also, on 1144 // Android, libc allocates a signal stack for all 1145 // threads, so it's important to restore the Go stack 1146 // even on Go-created threads so we can free it. 1147 restoreGsignalStack(&getg().m.goSigStack) 1148 } 1149 } 1150 1151 // blockableSig reports whether sig may be blocked by the signal mask. 1152 // We never want to block the signals marked _SigUnblock; 1153 // these are the synchronous signals that turn into a Go panic. 1154 // We never want to block the preemption signal if it is being used. 1155 // In a Go program--not a c-archive/c-shared--we never want to block 1156 // the signals marked _SigKill or _SigThrow, as otherwise it's possible 1157 // for all running threads to block them and delay their delivery until 1158 // we start a new thread. When linked into a C program we let the C code 1159 // decide on the disposition of those signals. 1160 func blockableSig(sig uint32) bool { 1161 flags := sigtable[sig].flags 1162 if flags&_SigUnblock != 0 { 1163 return false 1164 } 1165 if sig == sigPreempt && preemptMSupported && debug.asyncpreemptoff == 0 { 1166 return false 1167 } 1168 if isarchive || islibrary { 1169 return true 1170 } 1171 return flags&(_SigKill|_SigThrow) == 0 1172 } 1173 1174 // gsignalStack saves the fields of the gsignal stack changed by 1175 // setGsignalStack. 1176 type gsignalStack struct { 1177 stack stack 1178 stackguard0 uintptr 1179 stackguard1 uintptr 1180 stktopsp uintptr 1181 } 1182 1183 // setGsignalStack sets the gsignal stack of the current m to an 1184 // alternate signal stack returned from the sigaltstack system call. 1185 // It saves the old values in *old for use by restoreGsignalStack. 1186 // This is used when handling a signal if non-Go code has set the 1187 // alternate signal stack. 1188 //go:nosplit 1189 //go:nowritebarrierrec 1190 func setGsignalStack(st *stackt, old *gsignalStack) { 1191 g := getg() 1192 if old != nil { 1193 old.stack = g.m.gsignal.stack 1194 old.stackguard0 = g.m.gsignal.stackguard0 1195 old.stackguard1 = g.m.gsignal.stackguard1 1196 old.stktopsp = g.m.gsignal.stktopsp 1197 } 1198 stsp := uintptr(unsafe.Pointer(st.ss_sp)) 1199 g.m.gsignal.stack.lo = stsp 1200 g.m.gsignal.stack.hi = stsp + st.ss_size 1201 g.m.gsignal.stackguard0 = stsp + _StackGuard 1202 g.m.gsignal.stackguard1 = stsp + _StackGuard 1203 } 1204 1205 // restoreGsignalStack restores the gsignal stack to the value it had 1206 // before entering the signal handler. 1207 //go:nosplit 1208 //go:nowritebarrierrec 1209 func restoreGsignalStack(st *gsignalStack) { 1210 gp := getg().m.gsignal 1211 gp.stack = st.stack 1212 gp.stackguard0 = st.stackguard0 1213 gp.stackguard1 = st.stackguard1 1214 gp.stktopsp = st.stktopsp 1215 } 1216 1217 // signalstack sets the current thread's alternate signal stack to s. 1218 //go:nosplit 1219 func signalstack(s *stack) { 1220 st := stackt{ss_size: s.hi - s.lo} 1221 setSignalstackSP(&st, s.lo) 1222 sigaltstack(&st, nil) 1223 } 1224 1225 // setsigsegv is used on darwin/arm64 to fake a segmentation fault. 1226 // 1227 // This is exported via linkname to assembly in runtime/cgo. 1228 // 1229 //go:nosplit 1230 //go:linkname setsigsegv 1231 func setsigsegv(pc uintptr) { 1232 g := getg() 1233 g.sig = _SIGSEGV 1234 g.sigpc = pc 1235 g.sigcode0 = _SEGV_MAPERR 1236 g.sigcode1 = 0 // TODO: emulate si_addr 1237 } 1238