From d1b1145cace8b968307f9311ff611e4bb810710c Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" Date: Mon, 9 Dec 2019 21:50:16 -0800 Subject: syscall: support POSIX semantics for Linux syscalls This change adds two new methods for invoking system calls under Linux: syscall.AllThreadsSyscall() and syscall.AllThreadsSyscall6(). These system call wrappers ensure that all OSThreads mirror a common system call. The wrappers serialize execution of the runtime to ensure no race conditions where any Go code observes a non-atomic OS state change. As such, the syscalls have higher runtime overhead than regular system calls, and only need to be used where such thread (or 'm' in the parlance of the runtime sources) consistency is required. The new support is used to enable these functions under Linux: syscall.Setegid(), syscall.Seteuid(), syscall.Setgroups(), syscall.Setgid(), syscall.Setregid(), syscall.Setreuid(), syscall.Setresgid(), syscall.Setresuid() and syscall.Setuid(). They work identically to their glibc counterparts. Extensive discussion of the background issue addressed in this patch can be found here: https://github.com/golang/go/issues/1435 In the case where cgo is used, the C runtime can launch pthreads that are not managed by the Go runtime. As such, the added syscall.AllThreadsSyscall*() return ENOTSUP when cgo is enabled. However, for the 9 syscall.Set*() functions listed above, when cgo is active, these functions redirect to invoke their C.set*() equivalents in glibc, which wraps the raw system calls with a nptl:setxid fixup mechanism. This achieves POSIX semantics for these functions in the combined Go and C runtime. As a side note, the glibc/nptl:setxid support (2019-11-30) does not extend to all security related system calls under Linux so using native Go (CGO_ENABLED=0) and these AllThreadsSyscall*()s, where needed, will yield more well defined/consistent behavior over all threads of a Go program. That is, using the syscall.AllThreadsSyscall*() wrappers for things like setting state through SYS_PRCTL and SYS_CAPSET etc. Fixes #1435 Change-Id: Ib1a3e16b9180f64223196a32fc0f9dce14d9105c Reviewed-on: https://go-review.googlesource.com/c/go/+/210639 Trust: Emmanuel Odeke Trust: Ian Lance Taylor Trust: Michael Pratt Run-TryBot: Emmanuel Odeke Reviewed-by: Michael Pratt Reviewed-by: Austin Clements --- src/runtime/cgo/linux_syscall.c | 85 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 src/runtime/cgo/linux_syscall.c (limited to 'src/runtime/cgo/linux_syscall.c') diff --git a/src/runtime/cgo/linux_syscall.c b/src/runtime/cgo/linux_syscall.c new file mode 100644 index 0000000000..c8e91918a1 --- /dev/null +++ b/src/runtime/cgo/linux_syscall.c @@ -0,0 +1,85 @@ +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build linux + +#ifndef _GNU_SOURCE // setres[ug]id() API. +#define _GNU_SOURCE +#endif + +#include +#include +#include +#include +#include "libcgo.h" + +/* + * Assumed POSIX compliant libc system call wrappers. For linux, the + * glibc/nptl/setxid mechanism ensures that POSIX semantics are + * honored for all pthreads (by default), and this in turn with cgo + * ensures that all Go threads launched with cgo are kept in sync for + * these function calls. + */ + +// argset_t matches runtime/cgocall.go:argset. +typedef struct { + uintptr_t* args; + uintptr_t retval; +} argset_t; + +// libc backed posix-compliant syscalls. + +#define SET_RETVAL(fn) \ + uintptr_t ret = (uintptr_t) fn ; \ + if (ret == -1) { \ + x->retval = (uintptr_t) errno; \ + } else \ + x->retval = ret + +void +_cgo_libc_setegid(argset_t* x) { + SET_RETVAL(setegid((gid_t) x->args[0])); +} + +void +_cgo_libc_seteuid(argset_t* x) { + SET_RETVAL(seteuid((uid_t) x->args[0])); +} + +void +_cgo_libc_setgid(argset_t* x) { + SET_RETVAL(setgid((gid_t) x->args[0])); +} + +void +_cgo_libc_setgroups(argset_t* x) { + SET_RETVAL(setgroups((size_t) x->args[0], (const gid_t *) x->args[1])); +} + +void +_cgo_libc_setregid(argset_t* x) { + SET_RETVAL(setregid((gid_t) x->args[0], (gid_t) x->args[1])); +} + +void +_cgo_libc_setresgid(argset_t* x) { + SET_RETVAL(setresgid((gid_t) x->args[0], (gid_t) x->args[1], + (gid_t) x->args[2])); +} + +void +_cgo_libc_setresuid(argset_t* x) { + SET_RETVAL(setresuid((uid_t) x->args[0], (uid_t) x->args[1], + (uid_t) x->args[2])); +} + +void +_cgo_libc_setreuid(argset_t* x) { + SET_RETVAL(setreuid((uid_t) x->args[0], (uid_t) x->args[1])); +} + +void +_cgo_libc_setuid(argset_t* x) { + SET_RETVAL(setuid((uid_t) x->args[0])); +} -- cgit v1.3 From 50cdb2d8e9ca8d7b79a05121c88271b46f7c9607 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Sun, 6 Dec 2020 20:13:47 +0000 Subject: runtime/cgo: fix building on musl sys/unistd.h only exists in glibc and not in musl so use the standard location. This is a regression from CL 210639 Change-Id: Idd4c75510d9829316b44300c36c34df6d667cc05 GitHub-Last-Rev: 0fa4162f1c7c460bda7585300285f47d1781985d GitHub-Pull-Request: golang/go#43038 Reviewed-on: https://go-review.googlesource.com/c/go/+/275732 Run-TryBot: Ian Lance Taylor TryBot-Result: Go Bot Reviewed-by: Andrew G. Morgan Reviewed-by: Ian Lance Taylor Trust: Filippo Valsorda --- src/runtime/cgo/linux_syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/runtime/cgo/linux_syscall.c') diff --git a/src/runtime/cgo/linux_syscall.c b/src/runtime/cgo/linux_syscall.c index c8e91918a1..56f3d67d8b 100644 --- a/src/runtime/cgo/linux_syscall.c +++ b/src/runtime/cgo/linux_syscall.c @@ -10,7 +10,7 @@ #include #include -#include +#include #include #include "libcgo.h" -- cgit v1.3