LekKit
commented
1 month ago Any kind of crash / denial of service / security issue is considered to be a bug and should be reported & fixed. RVVM is continuously fuzzed and in general code is written to be as bulletproof as possible, but that doesn't preclude theoretical human error and platform-specific issues.
The SIGILL issue in #141 is caused by primarily by buggy hardware, which is not worked around in system libraries RVVM is relying on - I've never seen this before.
My own Samsung S9 phone also has a big.LITTLE CPU Exynos 9810 CPU, but this issue is not happening there because the CPU correctly reports cacheline sizes as defined by the spec.
Securitywise, there is a stop-measure rvvm_isolation feature that isolates the running process/vCPU threads from doing malicious stuff on a kernel level, which basically eliminates the possibility of any theoretical exploit when running standalone rvvm, and most exploits when running librvvm. But yeah, this is a last resort thing, any actual exploits found through fuzzing or reported should be fixed too.
how stable is rvvm in terms of being crash proof in the context of a embedded static/shared library
including illegal instruction in big.LITTLE cpu's with NATIVE_LINKER enabled ( #141 )
for example, in what cases could the rvvm process itself crash (SEGV/SEGILL) which, when embedded as a lib, could bring down the host application that is running rvvm