From 03ae91c662869a37ba71dd2577d4e218a3aa4669 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Tue, 25 Jun 2019 09:51:36 -0700 Subject: gvisor: lockless read access for task credentials Credentials are immutable and even before these changes we could read them without locks, but we needed to take a task lock to get a credential object from a task object. It is possible to avoid this lock, if we will guarantee that a credential object will not be changed after setting it on a task. PiperOrigin-RevId: 254989492 --- pkg/sentry/kernel/task.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'pkg/sentry/kernel/task.go') diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go index c297c5973..2e3a39d3b 100644 --- a/pkg/sentry/kernel/task.go +++ b/pkg/sentry/kernel/task.go @@ -386,10 +386,11 @@ type Task struct { // creds is the task's credentials. // - // creds is protected by mu, however the value itself is immutable and can - // only be changed by a copy. After reading the pointer, access will - // proceed outside the scope of mu. creds is owned by the task goroutine. - creds *auth.Credentials + // creds.Load() may be called without synchronization. creds.Store() is + // serialized by mu. creds is owned by the task goroutine. All + // auth.Credentials objects that creds may point to, or have pointed to + // in the past, must be treated as immutable. + creds auth.AtomicPtrCredentials // utsns is the task's UTS namespace. // @@ -597,7 +598,7 @@ func (t *Task) Value(key interface{}) interface{} { case CtxTask: return t case auth.CtxCredentials: - return t.creds + return t.Credentials() case context.CtxThreadGroupID: return int32(t.ThreadGroup().ID()) case fs.CtxRoot: -- cgit v1.2.3