Merge 03ae91c6 (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-06-25 17:00:56 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-06-25 17:00:56 +0000
commit: 47eed32a5f43f9f17420f44d68bf251135f77ce6 (patch)
tree: bf36188dd241f5718f750e1e8ec6915c63a5699c /pkg/sentry/kernel/task.go
parent: 97b3e461d427c10537f58755bc1b307a5548b092 (diff)
parent: 03ae91c662869a37ba71dd2577d4e218a3aa4669 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go
index c297c5973..2e3a39d3b 100644
--- a/pkg/sentry/kernel/task.go
+++ b/pkg/sentry/kernel/task.go
@@ -386,10 +386,11 @@ type Task struct {
 
 	// creds is the task's credentials.
 	//
-	// creds is protected by mu, however the value itself is immutable and can
-	// only be changed by a copy. After reading the pointer, access will
-	// proceed outside the scope of mu. creds is owned by the task goroutine.
-	creds *auth.Credentials
+	// creds.Load() may be called without synchronization. creds.Store() is
+	// serialized by mu. creds is owned by the task goroutine. All
+	// auth.Credentials objects that creds may point to, or have pointed to
+	// in the past, must be treated as immutable.
+	creds auth.AtomicPtrCredentials
 
 	// utsns is the task's UTS namespace.
 	//
@@ -597,7 +598,7 @@ func (t *Task) Value(key interface{}) interface{} {
 	case CtxTask:
 		return t
 	case auth.CtxCredentials:
-		return t.creds
+		return t.Credentials()
 	case context.CtxThreadGroupID:
 		return int32(t.ThreadGroup().ID())
 	case fs.CtxRoot:
author	gVisor bot <gvisor-bot@google.com>	2019-06-25 17:00:56 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-06-25 17:00:56 +0000
commit	47eed32a5f43f9f17420f44d68bf251135f77ce6 (patch)
tree	bf36188dd241f5718f750e1e8ec6915c63a5699c /pkg/sentry/kernel/task.go
parent	97b3e461d427c10537f58755bc1b307a5548b092 (diff)
parent	03ae91c662869a37ba71dd2577d4e218a3aa4669 (diff)