From 2ab754cff7b2d45e1d59798562e47317aa480ecf Mon Sep 17 00:00:00 2001
From: Adin Scannell <ascannell@google.com>
Date: Mon, 14 May 2018 21:13:28 -0700
Subject: Make KVM system call first check.

PiperOrigin-RevId: 196613447
Change-Id: Ib76902896798f072c3031b0c5cf7b433718928b7
---
 pkg/sentry/platform/kvm/machine_amd64.go | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/pkg/sentry/platform/kvm/machine_amd64.go b/pkg/sentry/platform/kvm/machine_amd64.go
index dfa691e88..fe4d31702 100644
--- a/pkg/sentry/platform/kvm/machine_amd64.go
+++ b/pkg/sentry/platform/kvm/machine_amd64.go
@@ -111,8 +111,11 @@ func (c *vCPU) SwitchToUser(regs *syscall.PtraceRegs, fpState *byte, pt *pagetab
 	vector = c.CPU.SwitchToUser(regs, fpState, pt, flags)
 	exitsyscall()
 
-	// Free and clear.
 	switch vector {
+	case ring0.Syscall, ring0.SyscallInt80:
+		// Fast path: system call executed.
+		return nil, usermem.NoAccess, nil
+
 	case ring0.Debug, ring0.Breakpoint:
 		info := &arch.SignalInfo{Signo: int32(syscall.SIGTRAP)}
 		return info, usermem.AccessType{}, platform.ErrContextSignal
@@ -158,10 +161,6 @@ func (c *vCPU) SwitchToUser(regs *syscall.PtraceRegs, fpState *byte, pt *pagetab
 		redpill() // Bail and reacqire.
 		return nil, usermem.NoAccess, platform.ErrContextInterrupt
 
-	case ring0.Syscall, ring0.SyscallInt80:
-		// System call executed.
-		return nil, usermem.NoAccess, nil
-
 	default:
 		panic(fmt.Sprintf("unexpected vector: 0x%x", vector))
 	}
-- 
cgit v1.2.3