1 files changed, 116 insertions, 0 deletions
diff --git a/pkg/sentry/sighandling/sighandling.go b/pkg/sentry/sighandling/sighandling.go
new file mode 100644
index 000000000..1a94b535b
--- /dev/null
+++ b/pkg/sentry/sighandling/sighandling.go
@@ -0,0 +1,116 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package sighandling contains helpers for handling signals to applications.
+package sighandling
+
+import (
+	"os"
+	"os/signal"
+	"reflect"
+	"syscall"
+
+	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
+)
+
+// numSignals is the number of normal (non-realtime) signals on Linux.
+const numSignals = 32
+
+// forwardSignals listens for incoming signals and delivers them to k. It stops
+// when the stop channel is closed.
+func forwardSignals(k *kernel.Kernel, sigchans []chan os.Signal, stop chan struct{}) {
+	// Build a select case.
+	sc := []reflect.SelectCase{{Dir: reflect.SelectRecv, Chan: reflect.ValueOf(stop)}}
+	for _, sigchan := range sigchans {
+		sc = append(sc, reflect.SelectCase{Dir: reflect.SelectRecv, Chan: reflect.ValueOf(sigchan)})
+	}
+
+	for {
+		// Wait for a notification.
+		index, _, ok := reflect.Select(sc)
+
+		// Was it the stop channel?
+		if index == 0 {
+			if !ok {
+				break
+			}
+			continue
+		}
+
+		// How about a different close?
+		if !ok {
+			panic("signal channel closed unexpectedly")
+		}
+
+		// Otherwise, it was a signal on channel N. Index 0 represents the stop
+		// channel, so index N represents the channel for signal N.
+		if !k.SendExternalSignal(&arch.SignalInfo{Signo: int32(index)}, "sentry") {
+			// Kernel is not ready to receive signals.
+			//
+			// Kill ourselves if this signal would have killed the
+			// process before StartForwarding was called. i.e., all
+			// _SigKill signals; see Go
+			// src/runtime/sigtab_linux_generic.go.
+			//
+			// Otherwise ignore the signal.
+			//
+			// TODO: Convert Go's runtime.raise from
+			// tkill to tgkill so StartForwarding doesn't need to
+			// be called until after filter installation.
+			switch linux.Signal(index) {
+			case linux.SIGHUP, linux.SIGINT, linux.SIGTERM:
+				dieFromSignal(linux.Signal(index))
+			}
+		}
+	}
+
+	// Close all individual channels.
+	for _, sigchan := range sigchans {
+		signal.Stop(sigchan)
+		close(sigchan)
+	}
+}
+
+// StartForwarding ensures that synchronous signals are forwarded to k and
+// returns a callback that stops signal forwarding.
+func StartForwarding(k *kernel.Kernel) func() {
+	stop := make(chan struct{})
+
+	// Register individual channels. One channel per standard signal is
+	// required as os.Notify() is non-blocking and may drop signals. To avoid
+	// this, standard signals have to be queued separately. Channel size 1 is
+	// enough for standard signals as their semantics allow de-duplication.
+	//
+	// External real-time signals are not supported. We rely on the go-runtime
+	// for their handling.
+	var sigchans []chan os.Signal
+	for sig := 1; sig <= numSignals+1; sig++ {
+		sigchan := make(chan os.Signal, 1)
+		sigchans = append(sigchans, sigchan)
+
+		// SignalPanic is handled by Run.
+		if linux.Signal(sig) == kernel.SignalPanic {
+			continue
+		}
+
+		signal.Notify(sigchan, syscall.Signal(sig))
+	}
+	// Start up our listener.
+	go forwardSignals(k, sigchans, stop) // S/R-SAFE: synchronized by Kernel.extMu
+
+	// ... shouldn't this wait until the forwardSignals goroutine returns?
+	return func() { close(stop) }
+}