runtime: use tgkill for raise

raise uses tkill to send a signal to the current thread. For this use,
tgkill is functionally equivalent to tkill expect that it also takes the
pid as the first argument.

Using tgkill makes it simpler to run a Go program in a strict sandbox.
With kill and tgkill, the sandbox policy (e.g., seccomp) can prevent the
program from sending signals to other processes by checking that the
first argument == getpid().

With tkill, the policy must whitelist all tids in the process, which is
effectively impossible given Go's dynamic thread creation.

Fixes #27548

Change-Id: I8ed282ef1f7215b02ef46de144493e36454029ea
Reviewed-on: https://go-review.googlesource.com/133975
Run-TryBot: Michael Pratt <mpratt@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>

1 files changed, 8 insertions, 4 deletions

diff --git a/src/runtime/sys_linux_arm.s b/src/runtime/sys_linux_arm.s
index aa39732cfb..a709c4cbd0 100644
--- a/src/runtime/sys_linux_arm.s
+++ b/src/runtime/sys_linux_arm.s
@@ -36,7 +36,7 @@
 #define SYS_setitimer (SYS_BASE + 104)
 #define SYS_mincore (SYS_BASE + 219)
 #define SYS_gettid (SYS_BASE + 224)
-#define SYS_tkill (SYS_BASE + 238)
+#define SYS_tgkill (SYS_BASE + 268)
 #define SYS_sched_yield (SYS_BASE + 158)
 #define SYS_nanosleep (SYS_BASE + 162)
 #define SYS_sched_getaffinity (SYS_BASE + 242)
@@ -138,11 +138,15 @@ TEXT runtime·gettid(SB),NOSPLIT,$0-4
 	RET
 
 TEXT	runtime·raise(SB),NOSPLIT|NOFRAME,$0
+	MOVW	$SYS_getpid, R7
+	SWI	$0
+	MOVW	R0, R4
 	MOVW	$SYS_gettid, R7
 	SWI	$0
-	// arg 1 tid already in R0 from gettid
-	MOVW	sig+0(FP), R1	// arg 2 - signal
-	MOVW	$SYS_tkill, R7
+	MOVW	R0, R1	// arg 2 tid
+	MOVW	R4, R0	// arg 1 pid
+	MOVW	sig+0(FP), R2	// arg 3
+	MOVW	$SYS_tgkill, R7
 	SWI	$0
 	RET