Move ring0 package.

This allows the package to serve as a general purpose ring0 support package, as
opposed to being bound to specific sentry platforms.

Updates #5039

PiperOrigin-RevId: 355220044

nogo.yaml

@@ -126,10 +126,10 @@ analyzers:
         - ".*_test.go"                                             # Exclude tests.
         - "pkg/flipcall/.*_unsafe.go"                              # Special case.
         - pkg/gohacks/gohacks_unsafe.go                            # Special case.
+        - pkg/ring0/pagetables/allocator_unsafe.go                 # Special case.
         - pkg/sentry/fs/fsutil/host_file_mapper_unsafe.go          # Special case.
         - pkg/sentry/platform/kvm/bluepill_unsafe.go               # Special case.
         - pkg/sentry/platform/kvm/machine_unsafe.go                # Special case.
-        - pkg/sentry/platform/ring0/pagetables/allocator_unsafe.go # Special case.
         - pkg/sentry/platform/safecopy/safecopy_unsafe.go          # Special case.
         - pkg/sentry/vfs/mount_unsafe.go                           # Special case.
         - pkg/state/decode_unsafe.go                               # Special case.

pkg/ring0/BUILD

@@ -43,16 +43,16 @@ arch_genrule(
     name = "entry_impl_amd64",
     srcs = ["entry_amd64.s"],
     outs = ["entry_impl_amd64.s"],
-    cmd = "(echo -e '// build +amd64\\n' && QEMU $(location //pkg/sentry/platform/ring0/gen_offsets) && cat $(location entry_amd64.s)) > $@",
-    tools = ["//pkg/sentry/platform/ring0/gen_offsets"],
+    cmd = "(echo -e '// build +amd64\\n' && QEMU $(location //pkg/ring0/gen_offsets) && cat $(location entry_amd64.s)) > $@",
+    tools = ["//pkg/ring0/gen_offsets"],
 )
 
 arch_genrule(
     name = "entry_impl_arm64",
     srcs = ["entry_arm64.s"],
     outs = ["entry_impl_arm64.s"],
-    cmd = "(echo -e '// build +arm64\\n' && QEMU $(location //pkg/sentry/platform/ring0/gen_offsets) && cat $(location entry_arm64.s)) > $@",
-    tools = ["//pkg/sentry/platform/ring0/gen_offsets"],
+    cmd = "(echo -e '// build +arm64\\n' && QEMU $(location //pkg/ring0/gen_offsets) && cat $(location entry_arm64.s)) > $@",
+    tools = ["//pkg/ring0/gen_offsets"],
 )
 
 go_library(
@@ -77,9 +77,9 @@ go_library(
     visibility = ["//pkg/sentry:internal"],
     deps = [
         "//pkg/cpuid",
+        "//pkg/ring0/pagetables",
         "//pkg/safecopy",
         "//pkg/sentry/arch",
-        "//pkg/sentry/platform/ring0/pagetables",
         "//pkg/usermem",
     ],
 )

pkg/ring0/defs.go

@@ -15,8 +15,8 @@
 package ring0
 
 import (
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 )
 
 // Kernel is a global kernel object.

pkg/ring0/defs_amd64.go

@@ -17,7 +17,6 @@
 package ring0
 
 import (
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/usermem"
 )
 

pkg/ring0/defs_arm64.go

@@ -17,7 +17,6 @@
 package ring0
 
 import (
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/usermem"
 )
 

pkg/ring0/gen_offsets/BUILD

@@ -7,14 +7,14 @@ go_template_instance(
     name = "defs_impl_arm64",
     out = "defs_impl_arm64.go",
     package = "main",
-    template = "//pkg/sentry/platform/ring0:defs_arm64",
+    template = "//pkg/ring0:defs_arm64",
 )
 
 go_template_instance(
     name = "defs_impl_amd64",
     out = "defs_impl_amd64.go",
     package = "main",
-    template = "//pkg/sentry/platform/ring0:defs_amd64",
+    template = "//pkg/ring0:defs_amd64",
 )
 
 go_binary(
@@ -28,13 +28,13 @@ go_binary(
     # pass the sentry deps test.
     system_malloc = True,
     visibility = [
+        "//pkg/ring0:__pkg__",
         "//pkg/sentry/platform/kvm:__pkg__",
-        "//pkg/sentry/platform/ring0:__pkg__",
     ],
     deps = [
         "//pkg/cpuid",
+        "//pkg/ring0/pagetables",
         "//pkg/sentry/arch",
-        "//pkg/sentry/platform/ring0/pagetables",
         "//pkg/usermem",
     ],
 )

pkg/ring0/pagetables/BUILD

@@ -64,8 +64,8 @@ go_library(
         ":walker_unmap_arm64",
     ],
     visibility = [
+        "//pkg/ring0:__subpackages__",
         "//pkg/sentry/platform/kvm:__subpackages__",
-        "//pkg/sentry/platform/ring0:__subpackages__",
     ],
     deps = [
         "//pkg/sync",

pkg/sentry/platform/kvm/BUILD

@@ -45,14 +45,14 @@ go_library(
         "//pkg/cpuid",
         "//pkg/log",
         "//pkg/procid",
+        "//pkg/ring0",
+        "//pkg/ring0/pagetables",
         "//pkg/safecopy",
         "//pkg/seccomp",
         "//pkg/sentry/arch",
         "//pkg/sentry/memmap",
         "//pkg/sentry/platform",
         "//pkg/sentry/platform/interrupt",
-        "//pkg/sentry/platform/ring0",
-        "//pkg/sentry/platform/ring0/pagetables",
         "//pkg/sentry/time",
         "//pkg/sync",
         "//pkg/usermem",
@@ -75,11 +75,11 @@ go_test(
         "requires-kvm",
     ],
     deps = [
+        "//pkg/ring0",
+        "//pkg/ring0/pagetables",
         "//pkg/sentry/arch",
         "//pkg/sentry/platform",
         "//pkg/sentry/platform/kvm/testutil",
-        "//pkg/sentry/platform/ring0",
-        "//pkg/sentry/platform/ring0/pagetables",
         "//pkg/sentry/time",
         "//pkg/usermem",
     ],
@@ -89,6 +89,6 @@ genrule(
     name = "bluepill_impl_amd64",
     srcs = ["bluepill_amd64.s"],
     outs = ["bluepill_impl_amd64.s"],
-    cmd = "(echo -e '// build +amd64\\n' && $(location //pkg/sentry/platform/ring0/gen_offsets) && cat $(SRCS)) > $@",
-    tools = ["//pkg/sentry/platform/ring0/gen_offsets"],
+    cmd = "(echo -e '// build +amd64\\n' && $(location //pkg/ring0/gen_offsets) && cat $(SRCS)) > $@",
+    tools = ["//pkg/ring0/gen_offsets"],
 )

pkg/sentry/platform/kvm/address_space.go

@@ -18,9 +18,9 @@ import (
 	"sync/atomic"
 
 	"gvisor.dev/gvisor/pkg/atomicbitops"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/memmap"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/usermem"
 )

pkg/sentry/platform/kvm/bluepill.go

@@ -19,9 +19,9 @@ import (
 	"reflect"
 	"syscall"
 
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/safecopy"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 )
 
 // bluepill enters guest mode.

pkg/sentry/platform/kvm/bluepill_allocator.go

@@ -17,7 +17,7 @@ package kvm
 import (
 	"fmt"
 
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 )
 
 type allocator struct {

pkg/sentry/platform/kvm/bluepill_amd64.go

@@ -19,8 +19,8 @@ package kvm
 import (
 	"syscall"
 
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 )
 
 var (

pkg/sentry/platform/kvm/bluepill_amd64_unsafe.go

@@ -20,8 +20,8 @@ import (
 	"syscall"
 	"unsafe"
 
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 )
 
 // dieArchSetup initializes the state for dieTrampoline.

pkg/sentry/platform/kvm/bluepill_arm64.go

@@ -19,8 +19,8 @@ package kvm
 import (
 	"syscall"
 
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 )
 
 var (

pkg/sentry/platform/kvm/bluepill_arm64_unsafe.go

@@ -20,8 +20,8 @@ import (
 	"syscall"
 	"unsafe"
 
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 )
 
 // fpsimdPtr returns a fpsimd64 for the given address.

pkg/sentry/platform/kvm/context.go

@@ -18,10 +18,10 @@ import (
 	"sync/atomic"
 
 	pkgcontext "gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/pkg/sentry/platform/interrupt"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 	"gvisor.dev/gvisor/pkg/usermem"
 )
 

pkg/sentry/platform/kvm/kvm.go

@@ -20,9 +20,9 @@ import (
 	"os"
 	"syscall"
 
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/usermem"
 )

pkg/sentry/platform/kvm/kvm_amd64.go

@@ -18,7 +18,7 @@ package kvm
 
 import (
 	"gvisor.dev/gvisor/pkg/cpuid"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
+	"gvisor.dev/gvisor/pkg/ring0"
 )
 
 // userRegs represents KVM user registers.

pkg/sentry/platform/kvm/kvm_amd64_test.go

@@ -19,11 +19,11 @@ package kvm
 import (
 	"testing"
 
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/pkg/sentry/platform/kvm/testutil"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 )
 
 func TestSegments(t *testing.T) {

pkg/sentry/platform/kvm/kvm_arm64.go

@@ -17,8 +17,8 @@
 package kvm
 
 import (
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
 )
 
 type kvmOneReg struct {

pkg/sentry/platform/kvm/kvm_test.go

@@ -22,11 +22,11 @@ import (
 	"testing"
 	"time"
 
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
 	"gvisor.dev/gvisor/pkg/sentry/platform/kvm/testutil"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	ktime "gvisor.dev/gvisor/pkg/sentry/time"
 	"gvisor.dev/gvisor/pkg/usermem"
 )

pkg/sentry/platform/kvm/machine.go

@@ -23,8 +23,8 @@ import (
 	"gvisor.dev/gvisor/pkg/atomicbitops"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/procid"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	ktime "gvisor.dev/gvisor/pkg/sentry/time"
 	"gvisor.dev/gvisor/pkg/sync"
 	"gvisor.dev/gvisor/pkg/usermem"

pkg/sentry/platform/kvm/machine_amd64.go

@@ -24,10 +24,10 @@ import (
 	"syscall"
 
 	"gvisor.dev/gvisor/pkg/cpuid"
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	ktime "gvisor.dev/gvisor/pkg/sentry/time"
 	"gvisor.dev/gvisor/pkg/usermem"
 )

pkg/sentry/platform/kvm/machine_arm64.go

@@ -17,10 +17,10 @@
 package kvm
 
 import (
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/usermem"
 )
 

pkg/sentry/platform/kvm/machine_arm64_unsafe.go

@@ -23,10 +23,10 @@ import (
 	"syscall"
 	"unsafe"
 
+	"gvisor.dev/gvisor/pkg/ring0"
+	"gvisor.dev/gvisor/pkg/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/sentry/arch"
 	"gvisor.dev/gvisor/pkg/sentry/platform"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0/pagetables"
 	"gvisor.dev/gvisor/pkg/usermem"
 )
 

pkg/sentry/platform/kvm/physical_map.go

@@ -20,7 +20,7 @@ import (
 	"syscall"
 
 	"gvisor.dev/gvisor/pkg/log"
-	"gvisor.dev/gvisor/pkg/sentry/platform/ring0"
+	"gvisor.dev/gvisor/pkg/ring0"
 	"gvisor.dev/gvisor/pkg/usermem"
 )