github.com/ttpreport/gvisor-ligolo@v0.0.0-20240123134145-a858404967ba/pkg/sentry/platform/systrap/subprocess_linux_unsafe.go (about)

     1  // Copyright 2018 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  //go:build amd64 || linux
    16  // +build amd64 linux
    17  
    18  package systrap
    19  
    20  import (
    21  	"sync"
    22  	"unsafe"
    23  
    24  	"github.com/ttpreport/gvisor-ligolo/pkg/abi/linux"
    25  	"golang.org/x/sys/unix"
    26  )
    27  
    28  // maskPool contains reusable CPU masks for setting affinity. Unfortunately,
    29  // runtime.NumCPU doesn't actually record the number of CPUs on the system, it
    30  // just records the number of CPUs available in the scheduler affinity set at
    31  // startup. This may a) change over time and b) gives a number far lower than
    32  // the maximum indexable CPU. To prevent lots of allocation in the hot path, we
    33  // use a pool to store large masks that we can reuse during bind.
    34  var maskPool = sync.Pool{
    35  	New: func() any {
    36  		const maxCPUs = 1024 // Not a hard limit; see below.
    37  		return make([]uintptr, maxCPUs/64)
    38  	},
    39  }
    40  
    41  // unmaskAllSignals unmasks all signals on the current thread.
    42  //
    43  // It is called in a child process after fork(), so the race instrumentation
    44  // has to be disabled.
    45  //
    46  //go:nosplit
    47  //go:norace
    48  func unmaskAllSignals() unix.Errno {
    49  	var set linux.SignalSet
    50  	_, _, errno := unix.RawSyscall6(unix.SYS_RT_SIGPROCMASK, linux.SIG_SETMASK, uintptr(unsafe.Pointer(&set)), 0, linux.SignalSetSize, 0, 0)
    51  	return errno
    52  }