fixes golang#32912

The crash occurs when go runtime calls a VDSO function (say __vdso_clock_gettime) and a signal arrives to that thread. Since VDSO functions temporarily destroy the G register (R10), Go functions asynchronously executed in that thread (i.e. Go's signal handler) can try to load data from the destroyed G, which causes segmentation fault.
nyuichi · Sep 5, 2019 · 3a273a9 · 3a273a9
1 parent 8af02fe
commit 3a273a9
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go
@@ -289,7 +289,10 @@ func sigtrampgo(sig uint32, info *siginfo, ctx unsafe.Pointer) {
 	if sigfwdgo(sig, info, ctx) {
 		return
 	}
-	g := getg()
+	var g *g = nil
+	if !inVDSOPage(uintptr(info.si_addr)) {
+		g = getg()
+	}
 	if g == nil {
 		c := &sigctxt{info, ctx}
 		if sig == _SIGPROF {
@@ -657,8 +660,12 @@ func sigfwdgo(sig uint32, info *siginfo, ctx unsafe.Pointer) bool {
 		return false
 	}
 	// Determine if the signal occurred inside Go code. We test that:
-	//   (1) we were in a goroutine (i.e., m.curg != nil), and
-	//   (2) we weren't in CGO.
+	//   (1) we weren't in VDSO page,
+	//   (2) we were in a goroutine (i.e., m.curg != nil), and
+	//   (3) we weren't in CGO.
+	if inVDSOPage(uintptr(info.si_addr)) {
+		return false
+	}
 	g := getg()
 	if g != nil && g.m != nil && g.m.curg != nil && !g.m.incgo {
 		return false