diff options
| author | Roland Shoemaker <roland@golang.org> | 2025-12-03 14:19:25 -0800 |
|---|---|---|
| committer | Roland Shoemaker <roland@golang.org> | 2025-12-11 08:21:53 -0800 |
| commit | af14f6791108ece9661590cbf922806492954ea6 (patch) | |
| tree | c52811e75bf6b49231bf55cad85ec114662cdb08 /src/runtime/runtime2.go | |
| parent | 72c83bcc80d0a195269b168423446476808a11e8 (diff) | |
| download | go-af14f6791108ece9661590cbf922806492954ea6.tar.xz | |
runtime: make goroutines inherit DIT state, don't lock to OS thread
When we first implemented DIT (crypto/subtle.WithDataIndependentTiming),
we made it so that enabling DIT on a goroutine would lock that goroutine
to its current OS thread. This was done to ensure that the DIT state
(which is per-thread) would not leak to other goroutines. We also did
not make goroutines inherit the DIT state.
This change makes goroutines inherit the DIT state from their parent
at creation time. It also removes the OS thread locking when enabling
DIT on a goroutine. Instead, we now set the DIT state on the OS thread
in the scheduler whenever we switch to a goroutine that has DIT enabled,
and we unset it when switching to a goroutine that has DIT disabled.
We add a new field to G and M, ditEnabled, to track whether the G wants
DIT enabled, and whether the M currently has DIT enabled, respectively.
When the scheduler executes a goroutine, it checks these fields and
enables/disables DIT on the thread as needed.
Additionally, cgocallbackg is updated to check if DIT is enabled when
being called from C, and sets the G and M fields accordingly. This
ensures that if DIT was enabled/disabled in C, the correct state will be
reflected in the Go runtime.
The behavior as it currently stands is as follows:
- The function passed to crypto/subtle.WithDataIndependentTiming
will have DIT enabled.
- Any goroutine created within that function will inherit DIT enabled
for its lifetime. Any goroutine created from subquent goroutines will
also inherit DIT enabled for their lifetimes.
- Calling into a C function within from a goroutine with DIT enabled
will have DIT enabled.
- If the C code disables DIT, the goroutine will have DIT re-enabled
when returning to Go.
- If the C code enables DIT, the goroutine will have DIT disabled
when returning to Go if it was not previously enabled.
- Calling back into Go code from C will have DIT enabled if it was
enabled when calling into C, or if the C code enabled it.
Change-Id: I8e91e6df13bb88e56e1036e0e0e5f04efd8eebd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/726382
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
Diffstat (limited to 'src/runtime/runtime2.go')
| -rw-r--r-- | src/runtime/runtime2.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/runtime/runtime2.go b/src/runtime/runtime2.go index fde378ff25..be33932b24 100644 --- a/src/runtime/runtime2.go +++ b/src/runtime/runtime2.go @@ -546,6 +546,7 @@ type g struct { lockedm muintptr fipsIndicator uint8 fipsOnlyBypass bool + ditWanted bool // set if g wants to be executed with DIT enabled syncSafePoint bool // set if g is stopped at a synchronous safe point. runningCleanups atomic.Bool sig uint32 @@ -674,6 +675,7 @@ type m struct { lockedExt uint32 // tracking for external LockOSThread lockedInt uint32 // tracking for internal lockOSThread mWaitList mWaitList // list of runtime lock waiters + ditEnabled bool // set if DIT is currently enabled on this M mLockProfile mLockProfile // fields relating to runtime.lock contention profStack []uintptr // used for memory/block/mutex stack traces |