commit	eba83169038d614b1299ec342a8e4619a2af368e	[log] [tgz]
author	Pierre-Clément Tosi <ptosi@google.com>	Sat Nov 02 12:11:48 2024 +0000
committer	Pierre-Clément Tosi <ptosi@google.com>	Wed Dec 04 21:22:54 2024 +0000
tree	3a0e3b2fea8282d8bf1710a6d4b1139693d1d906
parent	d2c5472066b5e7d68e827b31fc408ff089c31f89 [diff]

vmbase: Default to largest stack size possible

Remove the need for clients to decide how many pages the stack should
use, which was originally added to pvmfw to reduce its boot times (as it
must zero its stack) but was ported to the other clients, where it does
not make sense. Instead, map all the available pages at the bottom of
the writable_data region by default. Note that the linker script still
reserves one page that remains unmapped, to catch stack overflows.

For pvmfw, provide a macro to define its desired stack size.

As a result, vmbase can expose a layout::stack_range() without argument
that matches the client. This will enable moving dynamic PT creation
into the library, which is needed to enter clients with the dynamic PTs
enabled.

As I wasn't sure about the linker trick being used, this change was
validated by checking the disassembled clients:

pvmfw:

  000000007fc1e454 <pvmfw::entry::main_wrapper>:
      [...]
      7fc1e5bc:   94005422        bl      7fc33644 <vmbase_stack_limit_client>
      [...]
  000000007fc33644 <vmbase_stack_limit_client>:
      7fc33644:   a9bf7bfd        stp     x29, x30, [sp, #-16]!
      7fc33648:   910003fd        mov     x29, sp
      7fc3364c:   52800020        mov     w0, #0x1                        // #1
      7fc33650:   52980001        mov     w1, #0xc000                     // #49152
      7fc33654:   a8c17bfd        ldp     x29, x30, [sp], #16
      7fc33658:   d65f03c0        ret
      [...]
  000000007fc3be48 <vmbase::layout::stack_range>:
      [...]
      7fc3be64:   97ffddf8        bl      7fc33644 <vmbase_stack_limit_client>

Rialto:

  0000000080012e20 <rialto::main>:
      [...]
      80013028:   940028e7        bl      8001d3c4 <vmbase_stack_limit_default>
      [...]
  000000008001d3c4 <vmbase_stack_limit_default>:
      8001d3c4:   a9bf7bfd        stp     x29, x30, [sp, #-16]!
      8001d3c8:   910003fd        mov     x29, sp
      8001d3cc:   aa1f03e0        mov     x0, xzr
      8001d3d0:   a8c17bfd        ldp     x29, x30, [sp], #16
      8001d3d4:   d65f03c0        ret

vmbase_example:

  000000008020861c <vmbase_example::main>:
      [...]
      80208e48:   94002b7e        bl      80213c40 <vmbase_stack_limit_default>
      [...]
      80209268:   94002a76        bl      80213c40 <vmbase_stack_limit_default>
  000000008001d3c4 <vmbase_stack_limit_default>:
      [...]
      80213c50:   d65f03c0        ret

which all WAI.

Bug: 377276983
Test: m {pvmfw,rialto,vmbase_example_{bios,kernel}}_bin
Test: atest rialto_test vmbase_example.integration_test
Change-Id: I8df6762954b3633b737d75f6221a75b8f9bea015

10 files changed

tree: 3a0e3b2fea8282d8bf1710a6d4b1139693d1d906

README.md

Android Virtualization Framework (AVF)

Android Virtualization Framework (AVF) provides secure and private execution environments for executing code. AVF is ideal for security-oriented use cases that require stronger isolation assurances over those offered by Android’s app sandbox.

Visit our public doc site to learn more about what AVF is, what it is for, and how it is structured. This repository contains source code for userspace components of AVF.

If you want a quick start, see the getting started guideline and follow the steps there.

For in-depth explanations about individual topics and components, visit the following links.

AVF components:

AVF APIs:

How-Tos: