runtime: use tgkill for raise

raise uses tkill to send a signal to the current thread. For this use,
tgkill is functionally equivalent to tkill expect that it also takes the
pid as the first argument.

Using tgkill makes it simpler to run a Go program in a strict sandbox.
With kill and tgkill, the sandbox policy (e.g., seccomp) can prevent the
program from sending signals to other processes by checking that the
first argument == getpid().

With tkill, the policy must whitelist all tids in the process, which is
effectively impossible given Go's dynamic thread creation.

Fixes #27548

Change-Id: I8ed282ef1f7215b02ef46de144493e36454029ea
Reviewed-on: https://go-review.googlesource.com/133975
Run-TryBot: Michael Pratt <mpratt@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>

1 files changed, 7 insertions, 4 deletions

diff --git a/src/runtime/sys_linux_386.s b/src/runtime/sys_linux_386.s
index 8d5a4ff977..4e914f3e60 100644
--- a/src/runtime/sys_linux_386.s
+++ b/src/runtime/sys_linux_386.s
@@ -48,7 +48,6 @@
 #define SYS_mincore		218
 #define SYS_madvise		219
 #define SYS_gettid		224
-#define SYS_tkill		238
 #define SYS_futex		240
 #define SYS_sched_getaffinity	242
 #define SYS_set_thread_area	243
@@ -57,6 +56,7 @@
 #define SYS_epoll_ctl		255
 #define SYS_epoll_wait		256
 #define SYS_clock_gettime	265
+#define SYS_tgkill		270
 #define SYS_epoll_create1	329
 
 TEXT runtime·exit(SB),NOSPLIT,$0
@@ -155,11 +155,14 @@ TEXT runtime·gettid(SB),NOSPLIT,$0-4
 	RET
 
 TEXT runtime·raise(SB),NOSPLIT,$12
+	MOVL	$SYS_getpid, AX
+	INVOKE_SYSCALL
+	MOVL	AX, BX	// arg 1 pid
 	MOVL	$SYS_gettid, AX
 	INVOKE_SYSCALL
-	MOVL	AX, BX	// arg 1 tid
-	MOVL	sig+0(FP), CX	// arg 2 signal
-	MOVL	$SYS_tkill, AX
+	MOVL	AX, CX	// arg 2 tid
+	MOVL	sig+0(FP), DX	// arg 3 signal
+	MOVL	$SYS_tgkill, AX
 	INVOKE_SYSCALL
 	RET