kernel: add ThreadGroup.SigsegvLock/Unlock

nixprime · gvisor-bot · commit feddee9574d7 · 2025-10-30T18:57:43.000-07:00
PiperOrigin-RevId: 826271472
diff --git a/pkg/sentry/kernel/task_run.go b/pkg/sentry/kernel/task_run.go
@@ -308,6 +308,17 @@ func (app *runApp) execute(t *Task) taskRunState {
 				}
 			}
 
+			if sig == linux.SIGSEGV && t.tg.sigsegvLockCount.Load() != 0 {
+				t.tg.signalHandlers.mu.Lock()
+				if t.tg.sigsegvLockCount.Load() != 0 {
+					t.Infof("Pausing execution due to SigsegvLock")
+					t.beginInternalStopLocked((*sigsegvLockStop)(nil))
+					t.tg.signalHandlers.mu.Unlock()
+					return (*runApp)(nil)
+				}
+				t.tg.signalHandlers.mu.Unlock()
+			}
+
 			// Faults are common, log only at debug level.
 			t.Debugf("Unhandled user fault: addr=%x ip=%x access=%v sig=%v err=%v", addr, t.Arch().IP(), at, sig, err)
 			t.DebugDumpState()
diff --git a/pkg/sentry/kernel/thread_group.go b/pkg/sentry/kernel/thread_group.go
@@ -286,6 +286,11 @@ type ThreadGroup struct {
 	execveCredsMutexMu      sync.Mutex `state:"nosave"`
 	execveCredsMutexLocked  bool
 	execveCredsMutexWaiters map[*Task]struct{}
+
+	// sigsegvLockCount is the number of times SigsegvLock() has been called
+	// without a matching call to SigsegvUnlock(). Decrementing
+	// sigsegvLockCount to 0 requires that the signal mutex is locked.
+	sigsegvLockCount atomicbitops.Int32
 }
 
 // NewThreadGroup returns a new, empty thread group in PID namespace pidns. The
@@ -674,3 +679,38 @@ func (tg *ThreadGroup) Execed() bool {
 	defer ts.mu.RUnlock()
 	return tg.execed
 }
+
+// SigsegvLock causes page faults that would result in SIGSEGV being sent to
+// tasks in tg to block without sending SIGSEGV. When SigsegvUnlock has been
+// called an equal number of times as SigsegvLock, application execution is
+// restarted, allowing the page fault to send SIGSEGV if it recurs.
+func (tg *ThreadGroup) SigsegvLock() {
+	tg.sigsegvLockCount.Add(1)
+}
+
+// SigsegvUnlock ends the effect of one preceding call to SigsegvLock.
+func (tg *ThreadGroup) SigsegvUnlock() {
+	sh := tg.signalLock()
+	defer sh.mu.Unlock()
+	if count := tg.sigsegvLockCount.Add(-1); count == 0 {
+		for t := tg.tasks.Front(); t != nil; t = t.Next() {
+			if _, ok := t.stop.(*sigsegvLockStop); ok {
+				t.Infof("Resuming execution due to SigsegvUnlock")
+				t.endInternalStopLocked()
+			}
+		}
+	} else if count < 0 {
+		panic("unlock of unlocked ThreadGroup.SigsegvLock")
+	}
+}
+
+// sigsegvLockStop is a TaskStop entered when a task would raise SIGSEGV due to
+// an unhandled page fault, but ThreadGroup.SigsegvLock() is in effect.
+//
+// +stateify savable
+type sigsegvLockStop struct{}
+
+// Killable implements TaskStop.Killable.
+func (*sigsegvLockStop) Killable() bool {
+	return true
+}
