]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 72c83bc) | patch
runtime: make goroutines inherit DIT state, don't lock to OS thread
authorRoland Shoemaker <roland@golang.org>
Wed, 3 Dec 2025 22:19:25 +0000 (14:19 -0800)
committerRoland Shoemaker <roland@golang.org>
Thu, 11 Dec 2025 16:21:53 +0000 (08:21 -0800)
commitaf14f6791108ece9661590cbf922806492954ea6
treec52811e75bf6b49231bf55cad85ec114662cdb08tree
parent72c83bcc80d0a195269b168423446476808a11e8commit | diff
runtime: make goroutines inherit DIT state, don't lock to OS thread

When we first implemented DIT (crypto/subtle.WithDataIndependentTiming),
we made it so that enabling DIT on a goroutine would lock that goroutine
to its current OS thread. This was done to ensure that the DIT state
(which is per-thread) would not leak to other goroutines. We also did
not make goroutines inherit the DIT state.

This change makes goroutines inherit the DIT state from their parent
at creation time. It also removes the OS thread locking when enabling
DIT on a goroutine. Instead, we now set the DIT state on the OS thread
in the scheduler whenever we switch to a goroutine that has DIT enabled,
and we unset it when switching to a goroutine that has DIT disabled.

We add a new field to G and M, ditEnabled, to track whether the G wants
DIT enabled, and whether the M currently has DIT enabled, respectively.
When the scheduler executes a goroutine, it checks these fields and
enables/disables DIT on the thread as needed.

Additionally, cgocallbackg is updated to check if DIT is enabled when
being called from C, and sets the G and M fields accordingly. This
ensures that if DIT was enabled/disabled in C, the correct state will be
reflected in the Go runtime.

The behavior as it currently stands is as follows:
- The function passed to crypto/subtle.WithDataIndependentTiming
  will have DIT enabled.
- Any goroutine created within that function will inherit DIT enabled
  for its lifetime. Any goroutine created from subquent goroutines will
  also inherit DIT enabled for their lifetimes.
- Calling into a C function within from a goroutine with DIT enabled
  will have DIT enabled.
- If the C code disables DIT, the goroutine will have DIT re-enabled
  when returning to Go.
- If the C code enables DIT, the goroutine will have DIT disabled
  when returning to Go if it was not previously enabled.
- Calling back into Go code from C will have DIT enabled if it was
  enabled when calling into C, or if the C code enabled it.

Change-Id: I8e91e6df13bb88e56e1036e0e0e5f04efd8eebd3
Reviewed-on: https://go-review.googlesource.com/c/go/+/726382
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
src/cmd/cgo/internal/test/cgo_test.go diff | blob | history
src/cmd/cgo/internal/test/test.go diff | blob | history
src/cmd/cgo/internal/test/testx.go diff | blob | history
src/cmd/link/internal/loader/loader.go diff | blob | history
src/crypto/subtle/dit.go diff | blob | history
src/crypto/subtle/dit_test.go diff | blob | history
src/runtime/cgocall.go diff | blob | history
src/runtime/dit.go [new file with mode: 0644] blob
src/runtime/proc.go diff | blob | history
src/runtime/runtime2.go diff | blob | history
src/runtime/sizeof_test.go diff | blob | history
Go GOST TLS 1.3