1 files changed, 16 insertions, 9 deletions

diff --git a/pkg/sentry/platform/kvm/kvm.go b/pkg/sentry/platform/kvm/kvm.go
index 2dc3239a5..19bc2d515 100644
--- a/pkg/sentry/platform/kvm/kvm.go
+++ b/pkg/sentry/platform/kvm/kvm.go
@@ -17,6 +17,7 @@ package kvm
 
 import (
 	"fmt"
+	"os"
 	"sync"
 	"syscall"
 
@@ -44,25 +45,29 @@ var (
 	globalErr  error
 )
 
+// OpenDevice opens the KVM device at /dev/kvm and returns the File.
+func OpenDevice() (*os.File, error) {
+	f, err := os.OpenFile("/dev/kvm", syscall.O_RDWR, 0)
+	if err != nil {
+		return nil, fmt.Errorf("error opening /dev/kvm: %v", err)
+	}
+	return f, nil
+}
+
 // New returns a new KVM-based implementation of the platform interface.
-func New() (*KVM, error) {
+func New(deviceFile *os.File) (*KVM, error) {
 	// Allocate physical memory for the vCPUs.
 	fm, err := filemem.New("kvm-memory")
 	if err != nil {
 		return nil, err
 	}
 
-	// Try opening KVM.
-	fd, err := syscall.Open("/dev/kvm", syscall.O_RDWR, 0)
-	if err != nil {
-		return nil, fmt.Errorf("opening /dev/kvm: %v", err)
-	}
-	defer syscall.Close(fd)
+	fd := deviceFile.Fd()
 
 	// Ensure global initialization is done.
 	globalOnce.Do(func() {
 		physicalInit()
-		globalErr = updateSystemValues(fd)
+		globalErr = updateSystemValues(int(fd))
 		ring0.Init(cpuid.HostFeatureSet())
 	})
 	if globalErr != nil {
@@ -70,10 +75,12 @@ func New() (*KVM, error) {
 	}
 
 	// Create a new VM fd.
-	vm, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, uintptr(fd), _KVM_CREATE_VM, 0)
+	vm, _, errno := syscall.RawSyscall(syscall.SYS_IOCTL, fd, _KVM_CREATE_VM, 0)
 	if errno != 0 {
 		return nil, fmt.Errorf("creating VM: %v", errno)
 	}
+	// We are done with the device file.
+	deviceFile.Close()
 
 	// Create a VM context.
 	machine, err := newMachine(int(vm))