diff options
author | Lai Jiangshan <jiangshan.ljs@antfin.com> | 2020-03-26 02:57:25 +0000 |
---|---|---|
committer | Lai Jiangshan <laijs@linux.alibaba.com> | 2020-08-05 17:21:17 +0800 |
commit | d17425082d24109f79f5235dd6d1ced36ac2dd67 (patch) | |
tree | 33dee057f48711982661ca1f49f118dc0ee95221 | |
parent | c4d364c7cea23e29befa5b708d14a7912f47ce37 (diff) |
amd64: don't check vcpu in bluepill()
m.Get() has guaranteed that if any OS thread TID is in guest,
m.vCPUs[TID] points to the vCPU in which the OS thread TID is running.
So if m.Get() returns with the corrent context in guest,
the vCPU of it must be the same as what Get() returns.
So bluepill() doesn't need to check if the vCPU is matched or not.
The check need to access to %gs register which will not points
to vCPU later when KPTI for gvisor is enabled. We can still
fetch the vCPU pointer from %gs later (when %gs points to kernelEntry),
but it needs the ENTRY_CPU_SELF which is generated by
ring0/offset_amd64.go. So we just simply remove the check.
Signed-off-by: Lai Jiangshan <jiangshan.ljs@antfin.com>
Signed-off-by: Lai Jiangshan <laijs@linux.alibaba.com>
-rw-r--r-- | pkg/sentry/platform/kvm/bluepill_amd64.s | 20 | ||||
-rw-r--r-- | pkg/sentry/platform/kvm/machine.go | 5 |
2 files changed, 5 insertions, 20 deletions
diff --git a/pkg/sentry/platform/kvm/bluepill_amd64.s b/pkg/sentry/platform/kvm/bluepill_amd64.s index 2bc34a435..13b58d2c4 100644 --- a/pkg/sentry/platform/kvm/bluepill_amd64.s +++ b/pkg/sentry/platform/kvm/bluepill_amd64.s @@ -14,16 +14,6 @@ #include "textflag.h" -// VCPU_CPU is the location of the CPU in the vCPU struct. -// -// This is guaranteed to be zero. -#define VCPU_CPU 0x0 - -// CPU_SELF is the self reference in ring0's percpu. -// -// This is guaranteed to be zero. -#define CPU_SELF 0x0 - // Context offsets. // // Only limited use of the context is done in the assembly stub below, most is @@ -39,18 +29,8 @@ // See bluepill.go. TEXT ·bluepill(SB),NOSPLIT,$0 -begin: MOVQ vcpu+0(FP), AX - LEAQ VCPU_CPU(AX), BX BYTE CLI; -check_vcpu: - MOVQ CPU_SELF(GS), CX - CMPQ BX, CX - JE right_vCPU -wrong_vcpu: - CALL ·redpill(SB) - JMP begin -right_vCPU: RET // sighandler: see bluepill.go for documentation. diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go index 6c54712d1..1c8a1dd6f 100644 --- a/pkg/sentry/platform/kvm/machine.go +++ b/pkg/sentry/platform/kvm/machine.go @@ -339,6 +339,11 @@ func (m *machine) Destroy() { // Get gets an available vCPU. // // This will return with the OS thread locked. +// +// It is guaranteed that if any OS thread TID is in guest, m.vCPUs[TID] points +// to the vCPU in which the OS thread TID is running. So if Get() returns with +// the corrent context in guest, the vCPU of it must be the same as what +// Get() returns. func (m *machine) Get() *vCPU { m.mu.RLock() runtime.LockOSThread() |