Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent pprof from causing BPF verifier livelocks #805

Merged
merged 5 commits into from Sep 28, 2022
Merged

Prevent pprof from causing BPF verifier livelocks #805

merged 5 commits into from Sep 28, 2022

Commits on Sep 27, 2022

  1. features: fix typo in createProgLoadAttr 

    Signed-off-by: Timo Beckers <timo@isovalent.com>
    @ti-mo
    ti-mo committed Sep 27, 2022
    Copy the full SHA
    fc7b25c View commit details
    Browse the repository at this point in the history

Commits on Sep 28, 2022

  1. x/sys: bump to 220927 for PthreadSigmask 

    Signed-off-by: Timo Beckers <timo@isovalent.com>
    @ti-mo
    ti-mo committed Sep 28, 2022
    Copy the full SHA
    fbfadd7 View commit details
    Browse the repository at this point in the history

  2. sys: implement sigsetAdd 

    This patch implements the sigsetAdd function to add a signal to a signal set.
Care was taken to make this build and run correctly on different GOOS and
GOARCH combinations.

Signed-off-by: Timo Beckers <timo@isovalent.com>
    @ti-mo
    ti-mo committed Sep 28, 2022
    Copy the full SHA
    3310647 View commit details
    Browse the repository at this point in the history

  3. sys: add (un)maskProfilerSignal to disable SIGPROF 

    sys.maskProfilerSignal() locks the calling goroutine to its underlying OS
thread and blocks the SIGPROF signal from interrupting the thread.

sys.unmaskProfilerSignal() reverses the operation and should be used in
tandem to properly restore OS thread state afterwards.

Add a wrapper around unix.PthreadSigmask added in a recent version of x/sys.

Signed-off-by: Timo Beckers <timo@isovalent.com>
    @ti-mo
    ti-mo committed Sep 28, 2022
    Copy the full SHA
    a7c9d44 View commit details
    Browse the repository at this point in the history

  4. sys: mask SIGPROF during BPF_PROG_LOAD to prevent livelocks 

    If a thread receives a signal while blocked in BPF_PROG_LOAD, the verifier
can cooperatively interrupt itself by checking pending signals for the thread
and return -EAGAIN from the syscall to request userspace to retry.

When a Go program is built and run with pprof enabled, threads are routinely
sent a SIGPROF to make them dump profiling information, which can lead to a
runaway reaction if the program takes longer to verify than the interrupt
frequency. To prevent this, mask SIGPROF before calling BPF_PROG_LOAD and
remove it when done.

Signed-off-by: Timo Beckers <timo@isovalent.com>
    @ti-mo
    ti-mo committed Sep 28, 2022
    Copy the full SHA
    ef08703 View commit details
    Browse the repository at this point in the history