> Subject: Dropping code during runtime (was: Re: [PATCH 06/10] Add > libbaremetal) > > On 8/14/20 8:13 PM, Jan Kiszka wrote: > >> > >> If we have a universal binary, there will be a jailhouse disable will > >> be present in the beginning. Once we decide freeze the configuration, > >> drop it. If we make those things compile-time configurable, then it > >> has potential to become a variant hell. > > > > Dropping significant code chunks from a root-less jailhouse.bin would > > be a valuable reason for such a config variant. You do not have to > > argue over things that are provably not there. > > With my approach, things are (provably) not there in the operative phase. It > depends when you want to attest your system. In the same way, you could > also argue that Linux, U-boot, the firmware, whatever has been there before > you made your attest. > > What are the parts you could drop during compile time? > For system partitioning / cell creation, you definitely need to execute the > code > at least once - you can not drop it during compile time.
Is there any use cases currently? Saying you have a safe critical cell and non-critical cell, if non-critical cell crash or hang, there is no chance to resume that cell. Thanks, Peng. > > But after execution, you can drop it. In the same way, you can drop > init_early, ... and others. The only part that you could drop during compile > time would probably be the whole disabling logic. > > > Let me try to show what I had in mind: > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub. > com%2Flfd%2Fjailhouse%2Ftree%2Fdetention%2Frfc&data=02%7C01%7 > Cpeng.fan%40nxp.com%7Ca624847b373041f70cd308d840badf66%7C686ea1 > d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637330518648340844&s > data=HXf52%2FonHPkrqAlEZnU0mCooP0oOz5wVSHn3%2FIJInZ4%3D&r > eserved=0 > > That's a very early hack of what I was thinking about. The idea is as > follows: Simply lock access to the hypercall subsystem, after the new > detention hypercall was issued. With this, we can remove everything, that is > only reachable from the interface. Runs on Qemu. > > For the Intel version of the hypervisor, before that patch, the .text section > contained 48182 bytes, with that patch, 40616 byte remain in .text, the rest > can be dropped. 16% less assembly, and I'm sure we can find way more > routines that can be annotated: init stuff, pagers, ... > > Ah by the way, what I realised during my experiments: The .text section of > Jailhouse is RW mapped. I wondered that I didn't receive an exception when I > tried to overwrite code. Is that intended? > > Ralf -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/DB6PR0402MB2760B89232AA1E85661A252F885F0%40DB6PR0402MB2760.eurprd04.prod.outlook.com.
