gvisor: lockless read access for task credentials

Credentials are immutable and even before these changes we could read them without locks, but we needed to take a task lock to get a credential object from a task object. It is possible to avoid this lock, if we will guarantee that a credential object will not be changed after setting it on a task. PiperOrigin-RevId: 254989492
author: Andrei Vagin <avagin@google.com> 2019-06-25 09:51:36 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-06-25 09:52:49 -0700
commit: 03ae91c662869a37ba71dd2577d4e218a3aa4669 (patch)
tree: c6447126fde6710b1e1cff7ea3bed1214795999e /pkg/sentry/kernel/task_start.go
parent: fd16a329ce0c9fa1e7dd4c0fc1edc201f4c19571 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/kernel/task_start.go b/pkg/sentry/kernel/task_start.go
index 9458f5c2a..72caae537 100644
--- a/pkg/sentry/kernel/task_start.go
+++ b/pkg/sentry/kernel/task_start.go
@@ -119,7 +119,6 @@ func (ts *TaskSet) newTask(cfg *TaskConfig) (*Task, error) {
 		ptraceTracees:   make(map[*Task]struct{}),
 		allowedCPUMask:  cfg.AllowedCPUMask.Copy(),
 		ioUsage:         &usage.IO{},
-		creds:           cfg.Credentials,
 		niceness:        cfg.Niceness,
 		netns:           cfg.NetworkNamespaced,
 		utsns:           cfg.UTSNamespace,
@@ -129,6 +128,7 @@ func (ts *TaskSet) newTask(cfg *TaskConfig) (*Task, error) {
 		futexWaiter:     futex.NewWaiter(),
 		containerID:     cfg.ContainerID,
 	}
+	t.creds.Store(cfg.Credentials)
 	t.endStopCond.L = &t.tg.signalHandlers.mu
 	t.ptraceTracer.Store((*Task)(nil))
 	// We don't construct t.blockingTimer until Task.run(); see that function
author	Andrei Vagin <avagin@google.com>	2019-06-25 09:51:36 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-06-25 09:52:49 -0700
commit	03ae91c662869a37ba71dd2577d4e218a3aa4669 (patch)
tree	c6447126fde6710b1e1cff7ea3bed1214795999e /pkg/sentry/kernel/task_start.go
parent	fd16a329ce0c9fa1e7dd4c0fc1edc201f4c19571 (diff)