search

enarx-archive / sallyport

API for the hypervisor-microkernel boundary
Apache License 2.0
7 stars 6 forks source link

fix: separate memory validation from Handler #112

Closed haraldh closed 2 years ago

haraldh commented 2 years ago

Previously the validate_* methods were giving out objects with an unbound lifetime.

To ensure lifetimes don't outlive the real syscall, the caller of Handler::syscall now has to pass a Platform object, which binds the lifetimes of all objects generated by its validate_* methods to itsself.

Also the sally() method is now part of the Handler trait to decouple it from the Platform object, because it needs a mutable self.

The implementation of the Platform object has to use internal mutablity to be able to hand out multiple mutable references.

To be feature complete, the Platform trait would have to have drop methods for its internal bookkeeping. But doing so is a out of scope for this project for now.

Signed-off-by: Harald Hoyer harald@profian.com

rvolosatovs commented 2 years ago

Also, how about we add a platform() getter on Handler rather than passing it as argument?

haraldh commented 2 years ago

Also, how about we add a platform() getter on Handler rather than passing it as argument?

@rvolosatovs sadly, this won't work, because of Handler immutable self borrow and later for sally() a mutable borrow.

rvolosatovs commented 2 years ago

Please rebase before merging