summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel
diff options
context:
space:
mode:
authorJamie Liu <jamieliu@google.com>2018-08-31 15:43:32 -0700
committerShentubot <shentubot@google.com>2018-08-31 15:44:40 -0700
commitf8ccfbbed4875e65c78c849cd46afa882ba68ee3 (patch)
tree62fd34d0cd96fbdf088dffbc7e2e0c173e55d91f /pkg/sentry/kernel
parent7713e2cb75a5d21c1a9c62ae2f332e76ea536867 (diff)
Document more task-goroutine-owned fields in kernel.Task.
Task.creds can only be changed by the task's own set*id and execve syscalls, and Task namespaces can only be changed by the task's own unshare/setns syscalls. PiperOrigin-RevId: 211156279 Change-Id: I94d57105d34e8739d964400995a8a5d76306b2a0
Diffstat (limited to 'pkg/sentry/kernel')
-rw-r--r--pkg/sentry/kernel/task.go19
1 files changed, 8 insertions, 11 deletions
diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go
index 32db0bf48..ae4fd7817 100644
--- a/pkg/sentry/kernel/task.go
+++ b/pkg/sentry/kernel/task.go
@@ -354,19 +354,19 @@ type Task struct {
// creds is the task's credentials.
//
- // creds is protected by mu, however the value itself is immutable and
- // can only be changed by a copy. After reading the pointer, access
- // will proceed outside the scope of mu.
+ // creds is protected by mu, however the value itself is immutable and can
+ // only be changed by a copy. After reading the pointer, access will
+ // proceed outside the scope of mu. creds is owned by the task goroutine.
creds *auth.Credentials
// utsns is the task's UTS namespace.
//
- // utsns is protected by mu.
+ // utsns is protected by mu. utsns is owned by the task goroutine.
utsns *UTSNamespace
// ipcns is the task's IPC namespace.
//
- // ipcns is protected by mu.
+ // ipcns is protected by mu. ipcns is owned by the task goroutine.
ipcns *IPCNamespace
// abstractSockets tracks abstract sockets that are in use.
@@ -547,6 +547,9 @@ func (t *Task) Kernel() *Kernel {
}
// Value implements context.Context.Value.
+//
+// Preconditions: The caller must be running on the task goroutine (as implied
+// by the requirements of context.Context).
func (t *Task) Value(key interface{}) interface{} {
switch key {
case CtxCanTrace:
@@ -556,18 +559,12 @@ func (t *Task) Value(key interface{}) interface{} {
case CtxPIDNamespace:
return t.tg.pidns
case CtxUTSNamespace:
- t.mu.Lock()
- defer t.mu.Unlock()
return t.utsns
case CtxIPCNamespace:
- t.mu.Lock()
- defer t.mu.Unlock()
return t.ipcns
case CtxTask:
return t
case auth.CtxCredentials:
- t.mu.Lock()
- defer t.mu.Unlock()
return t.creds
case context.CtxThreadGroupID:
return int32(t.ThreadGroup().ID())