github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/platform/systrap/subprocess_pool.go (about) 1 // Copyright 2023 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package systrap 16 17 import ( 18 "sync" 19 ) 20 21 // subprocessPool exists to solve these distinct problems: 22 // 23 // 1) Subprocesses can't always be killed properly (see subprocess.Release). 24 // In general it's helpful to be able to reuse subprocesses, but we must observe 25 // the subprocess lifecycle before we can do so (e.g. should wait for all 26 // contexts to be released). 27 // 28 // 2) Any seccomp filters that have been installed will apply to subprocesses 29 // created here. Therefore we use the intermediary (source), which is created 30 // on initialization of the platform. 31 type subprocessPool struct { 32 mu sync.Mutex 33 source *subprocess 34 // available stores all subprocesses that are available for reuse. 35 // +checklocks:mu 36 available []*subprocess 37 } 38 39 func (p *subprocessPool) markAvailable(s *subprocess) { 40 p.mu.Lock() 41 defer p.mu.Unlock() 42 43 p.available = append(p.available, s) 44 } 45 46 func (p *subprocessPool) fetchAvailable() *subprocess { 47 p.mu.Lock() 48 defer p.mu.Unlock() 49 if len(p.available) > 0 { 50 s := p.available[len(p.available)-1] 51 p.available = p.available[:len(p.available)-1] 52 53 return s 54 } 55 return nil 56 }