| // Copyright 2017 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package main |
| |
| import ( |
| "os" |
| "runtime" |
| "time" |
| ) |
| |
| var mainTID int |
| |
| func init() { |
| registerInit("LockOSThreadMain", func() { |
| // init is guaranteed to run on the main thread. |
| mainTID = gettid() |
| }) |
| register("LockOSThreadMain", LockOSThreadMain) |
| |
| registerInit("LockOSThreadAlt", func() { |
| // Lock the OS thread now so main runs on the main thread. |
| runtime.LockOSThread() |
| }) |
| register("LockOSThreadAlt", LockOSThreadAlt) |
| |
| registerInit("LockOSThreadAvoidsStatePropagation", func() { |
| // Lock the OS thread now so main runs on the main thread. |
| runtime.LockOSThread() |
| }) |
| register("LockOSThreadAvoidsStatePropagation", LockOSThreadAvoidsStatePropagation) |
| } |
| |
| func LockOSThreadMain() { |
| // gettid only works on Linux, so on other platforms this just |
| // checks that the runtime doesn't do anything terrible. |
| |
| // This requires GOMAXPROCS=1 from the beginning to reliably |
| // start a goroutine on the main thread. |
| if runtime.GOMAXPROCS(-1) != 1 { |
| println("requires GOMAXPROCS=1") |
| os.Exit(1) |
| } |
| |
| ready := make(chan bool, 1) |
| go func() { |
| // Because GOMAXPROCS=1, this *should* be on the main |
| // thread. Stay there. |
| runtime.LockOSThread() |
| if mainTID != 0 && gettid() != mainTID { |
| println("failed to start goroutine on main thread") |
| os.Exit(1) |
| } |
| // Exit with the thread locked, which should exit the |
| // main thread. |
| ready <- true |
| }() |
| <-ready |
| time.Sleep(1 * time.Millisecond) |
| // Check that this goroutine is still running on a different |
| // thread. |
| if mainTID != 0 && gettid() == mainTID { |
| println("goroutine migrated to locked thread") |
| os.Exit(1) |
| } |
| println("OK") |
| } |
| |
| func LockOSThreadAlt() { |
| // This is running locked to the main OS thread. |
| |
| var subTID int |
| ready := make(chan bool, 1) |
| go func() { |
| // This goroutine must be running on a new thread. |
| runtime.LockOSThread() |
| subTID = gettid() |
| ready <- true |
| // Exit with the thread locked. |
| }() |
| <-ready |
| runtime.UnlockOSThread() |
| for i := 0; i < 100; i++ { |
| time.Sleep(1 * time.Millisecond) |
| // Check that this goroutine is running on a different thread. |
| if subTID != 0 && gettid() == subTID { |
| println("locked thread reused") |
| os.Exit(1) |
| } |
| exists, supported := tidExists(subTID) |
| if !supported || !exists { |
| goto ok |
| } |
| } |
| println("sub thread", subTID, "still running") |
| return |
| ok: |
| println("OK") |
| } |
| |
| func LockOSThreadAvoidsStatePropagation() { |
| // This test is similar to LockOSThreadAlt in that it will detect if a thread |
| // which should have died is still running. However, rather than do this with |
| // thread IDs, it does this by unsharing state on that thread. This way, it |
| // also detects whether new threads were cloned from the dead thread, and not |
| // from a clean thread. Cloning from a locked thread is undesirable since |
| // cloned threads will inherit potentially unwanted OS state. |
| // |
| // unshareFs, getcwd, and chdir("/tmp") are only guaranteed to work on |
| // Linux, so on other platforms this just checks that the runtime doesn't |
| // do anything terrible. |
| // |
| // This is running locked to the main OS thread. |
| |
| // GOMAXPROCS=1 makes this fail much more reliably if a tainted thread is |
| // cloned from. |
| if runtime.GOMAXPROCS(-1) != 1 { |
| println("requires GOMAXPROCS=1") |
| os.Exit(1) |
| } |
| |
| if err := chdir("/"); err != nil { |
| println("failed to chdir:", err.Error()) |
| os.Exit(1) |
| } |
| // On systems other than Linux, cwd == "". |
| cwd, err := getcwd() |
| if err != nil { |
| println("failed to get cwd:", err.Error()) |
| os.Exit(1) |
| } |
| if cwd != "" && cwd != "/" { |
| println("unexpected cwd", cwd, " wanted /") |
| os.Exit(1) |
| } |
| |
| ready := make(chan bool, 1) |
| go func() { |
| // This goroutine must be running on a new thread. |
| runtime.LockOSThread() |
| |
| // Unshare details about the FS, like the CWD, with |
| // the rest of the process on this thread. |
| // On systems other than Linux, this is a no-op. |
| if err := unshareFs(); err != nil { |
| if err == errNotPermitted { |
| println("unshare not permitted") |
| os.Exit(0) |
| } |
| println("failed to unshare fs:", err.Error()) |
| os.Exit(1) |
| } |
| // Chdir to somewhere else on this thread. |
| // On systems other than Linux, this is a no-op. |
| if err := chdir("/tmp"); err != nil { |
| println("failed to chdir:", err.Error()) |
| os.Exit(1) |
| } |
| |
| // The state on this thread is now considered "tainted", but it |
| // should no longer be observable in any other context. |
| |
| ready <- true |
| // Exit with the thread locked. |
| }() |
| <-ready |
| |
| // Spawn yet another goroutine and lock it. Since GOMAXPROCS=1, if |
| // for some reason state from the (hopefully dead) locked thread above |
| // propagated into a newly created thread (via clone), or that thread |
| // is actually being re-used, then we should get scheduled on such a |
| // thread with high likelihood. |
| done := make(chan bool) |
| go func() { |
| runtime.LockOSThread() |
| |
| // Get the CWD and check if this is the same as the main thread's |
| // CWD. Every thread should share the same CWD. |
| // On systems other than Linux, wd == "". |
| wd, err := getcwd() |
| if err != nil { |
| println("failed to get cwd:", err.Error()) |
| os.Exit(1) |
| } |
| if wd != cwd { |
| println("bad state from old thread propagated after it should have died") |
| os.Exit(1) |
| } |
| <-done |
| |
| runtime.UnlockOSThread() |
| }() |
| done <- true |
| runtime.UnlockOSThread() |
| println("OK") |
| } |
