summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--pkg/seccomp/seccomp_unsafe.go4
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_amd64.go1
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_linux.go11
-rw-r--r--pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go1
4 files changed, 17 insertions, 0 deletions
diff --git a/pkg/seccomp/seccomp_unsafe.go b/pkg/seccomp/seccomp_unsafe.go
index 061cd26ab..6701b5542 100644
--- a/pkg/seccomp/seccomp_unsafe.go
+++ b/pkg/seccomp/seccomp_unsafe.go
@@ -68,6 +68,10 @@ func SetFilter(instrs []linux.BPFInstruction) error {
// - Since fork()ed child processes cannot perform heap allocation, it returns
// a unix.Errno rather than an error.
//
+// - The race instrumentation has to be disabled for all functions that are
+// called in a forked child.
+//
+//go:norace
//go:nosplit
func SetFilterInChild(instrs []linux.BPFInstruction) unix.Errno {
if _, _, errno := unix.RawSyscall6(unix.SYS_PRCTL, linux.PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0, 0); errno != 0 {
diff --git a/pkg/sentry/platform/ptrace/subprocess_amd64.go b/pkg/sentry/platform/ptrace/subprocess_amd64.go
index 90b1ead56..32a70f4d5 100644
--- a/pkg/sentry/platform/ptrace/subprocess_amd64.go
+++ b/pkg/sentry/platform/ptrace/subprocess_amd64.go
@@ -176,6 +176,7 @@ func patchSignalInfo(regs *arch.Registers, signalInfo *linux.SignalInfo) {
//
// This is safe to call in an afterFork context.
//
+//go:norace
//go:nosplit
func enableCpuidFault() {
unix.RawSyscall6(unix.SYS_ARCH_PRCTL, linux.ARCH_SET_CPUID, 0, 0, 0, 0, 0)
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux.go b/pkg/sentry/platform/ptrace/subprocess_linux.go
index 06a3bd340..7e8a31802 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux.go
@@ -120,6 +120,17 @@ func attachedThread(flags uintptr, defaultAction linux.BPFAction) (*thread, erro
return nil, err
}
+ return forkStub(flags, instrs)
+}
+
+// In the child, this function must not acquire any locks, because they might
+// have been locked at the time of the fork. This means no rescheduling, no
+// malloc calls, and no new stack segments. For the same reason compiler does
+// not race instrument it.
+//
+//
+//go:norace
+func forkStub(flags uintptr, instrs []linux.BPFInstruction) (*thread, error) {
// Declare all variables up front in order to ensure that there's no
// need for allocations between beforeFork & afterFork.
var (
diff --git a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
index 9c342c59b..0835e1d1c 100644
--- a/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
+++ b/pkg/sentry/platform/ptrace/subprocess_linux_unsafe.go
@@ -26,6 +26,7 @@ import (
// unmaskAllSignals unmasks all signals on the current thread.
//
+//go:norace
//go:nosplit
func unmaskAllSignals() unix.Errno {
var set linux.SignalSet