summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorLai Jiangshan <jiangshan.ljs@antfin.com>2020-03-26 02:57:25 +0000
committerLai Jiangshan <laijs@linux.alibaba.com>2020-08-05 17:21:17 +0800
commitd17425082d24109f79f5235dd6d1ced36ac2dd67 (patch)
tree33dee057f48711982661ca1f49f118dc0ee95221
parentc4d364c7cea23e29befa5b708d14a7912f47ce37 (diff)
amd64: don't check vcpu in bluepill()
m.Get() has guaranteed that if any OS thread TID is in guest, m.vCPUs[TID] points to the vCPU in which the OS thread TID is running. So if m.Get() returns with the corrent context in guest, the vCPU of it must be the same as what Get() returns. So bluepill() doesn't need to check if the vCPU is matched or not. The check need to access to %gs register which will not points to vCPU later when KPTI for gvisor is enabled. We can still fetch the vCPU pointer from %gs later (when %gs points to kernelEntry), but it needs the ENTRY_CPU_SELF which is generated by ring0/offset_amd64.go. So we just simply remove the check. Signed-off-by: Lai Jiangshan <jiangshan.ljs@antfin.com> Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
-rw-r--r--pkg/sentry/platform/kvm/bluepill_amd64.s20
-rw-r--r--pkg/sentry/platform/kvm/machine.go5
2 files changed, 5 insertions, 20 deletions
diff --git a/pkg/sentry/platform/kvm/bluepill_amd64.s b/pkg/sentry/platform/kvm/bluepill_amd64.s
index 2bc34a435..13b58d2c4 100644
--- a/pkg/sentry/platform/kvm/bluepill_amd64.s
+++ b/pkg/sentry/platform/kvm/bluepill_amd64.s
@@ -14,16 +14,6 @@
#include "textflag.h"
-// VCPU_CPU is the location of the CPU in the vCPU struct.
-//
-// This is guaranteed to be zero.
-#define VCPU_CPU 0x0
-
-// CPU_SELF is the self reference in ring0's percpu.
-//
-// This is guaranteed to be zero.
-#define CPU_SELF 0x0
-
// Context offsets.
//
// Only limited use of the context is done in the assembly stub below, most is
@@ -39,18 +29,8 @@
// See bluepill.go.
TEXT ·bluepill(SB),NOSPLIT,$0
-begin:
MOVQ vcpu+0(FP), AX
- LEAQ VCPU_CPU(AX), BX
BYTE CLI;
-check_vcpu:
- MOVQ CPU_SELF(GS), CX
- CMPQ BX, CX
- JE right_vCPU
-wrong_vcpu:
- CALL ·redpill(SB)
- JMP begin
-right_vCPU:
RET
// sighandler: see bluepill.go for documentation.
diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
index 6c54712d1..1c8a1dd6f 100644
--- a/pkg/sentry/platform/kvm/machine.go
+++ b/pkg/sentry/platform/kvm/machine.go
@@ -339,6 +339,11 @@ func (m *machine) Destroy() {
// Get gets an available vCPU.
//
// This will return with the OS thread locked.
+//
+// It is guaranteed that if any OS thread TID is in guest, m.vCPUs[TID] points
+// to the vCPU in which the OS thread TID is running. So if Get() returns with
+// the corrent context in guest, the vCPU of it must be the same as what
+// Get() returns.
func (m *machine) Get() *vCPU {
m.mu.RLock()
runtime.LockOSThread()