diff options
author | Michael Pratt <mpratt@google.com> | 2019-04-25 17:45:56 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2019-04-25 17:47:05 -0700 |
commit | f17cfa4d53742923b5c91b149b82a05bcda3ea20 (patch) | |
tree | 3f945f2f0db9b1f87e5173e832498998047fbd65 /pkg/sentry/kernel | |
parent | 6b76c172b48ecb2c342882c0fe6474b2b973dad0 (diff) |
Perform explicit CPUID and FP state compatibility checks on restore
PiperOrigin-RevId: 245341004
Change-Id: Ic4d581039d034a8ae944b43e45e84eb2c3973657
Diffstat (limited to 'pkg/sentry/kernel')
-rw-r--r-- | pkg/sentry/kernel/kernel.go | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go index ee6334509..a1b2d7161 100644 --- a/pkg/sentry/kernel/kernel.go +++ b/pkg/sentry/kernel/kernel.go @@ -337,6 +337,17 @@ func (k *Kernel) SaveTo(w io.Writer) error { return fmt.Errorf("failed to invalidate unsavable mappings: %v", err) } + // Save the CPUID FeatureSet before the rest of the kernel so we can + // verify its compatibility on restore before attempting to restore the + // entire kernel, which may fail on an incompatible machine. + // + // N.B. This will also be saved along with the full kernel save below. + cpuidStart := time.Now() + if err := state.Save(w, k.FeatureSet(), nil); err != nil { + return err + } + log.Infof("CPUID save took [%s].", time.Since(cpuidStart)) + // Save the kernel state. kernelStart := time.Now() var stats state.Stats @@ -469,6 +480,25 @@ func (k *Kernel) LoadFrom(r io.Reader, net inet.Stack) error { initAppCores := k.applicationCores + // Load the pre-saved CPUID FeatureSet. + // + // N.B. This was also saved along with the full kernel below, so we + // don't need to explicitly install it in the Kernel. + cpuidStart := time.Now() + var features cpuid.FeatureSet + if err := state.Load(r, &features, nil); err != nil { + return err + } + log.Infof("CPUID load took [%s].", time.Since(cpuidStart)) + + // Verify that the FeatureSet is usable on this host. We do this before + // Kernel load so that the explicit CPUID mismatch error has priority + // over floating point state restore errors that may occur on load on + // an incompatible machine. + if err := features.CheckHostCompatible(); err != nil { + return err + } + // Load the kernel state. kernelStart := time.Now() var stats state.Stats |