Please preserve the CC list.
On 2015-08-12 15:00, Ralf Ramsauer wrote:
> Hi,
>
> On 08/12/15 14:43, Jan Kiszka wrote:
>> Hi Ralf,
>>
>> On 2015-08-12 13:58, Ralf Ramsauer wrote:
>>> Hi,
>>>
>>> I'm pretty new to jailhouse and I made some bloody mistakes which were
>>> hard for me to debug. I tried to enable jailhouse using a cell
>>> descriptor instead of using the jailhouse_system. Of course, jailhouse
>>> failed. The error message was "Invalid argument" which might mean
>>> anything. I first understood what went wrong after I had a look into the
>>> code.
>>>
>>> I saw that the firmware files of jailhouse contain a signature or call
>>> it magic byte(s) "JAILHOUS". This is important, as loading an arbitrary
>>> file as firmware would probably lead to a kernel panic. Just a guess -
>>> but what do you think about inserting a similar signature inside the
>>> system and cell descriptors? A header might then look like
>>>
>>> struct {
>>> __u64 magic;
>>> struct jailhouse_system header;
>>> ...
>>> } __attribute__((packed)) config = {
>>> .magic = JAILHOUSE_SYSTEM_MAGIC;
>>> .header = {
BTW, magics should become part of the respective jailhouse structures then.
>>> ...
>>>
>>> Only little additional code would be needed and jailhouse could output a
>>> proper error message if it would be able to differentiate between system
>>> and cell descriptors. It's not about sanity checking the configuration,
>>> it's rather preventing users to make bloody mistakes.
>> To differentiate, you would need at least two different magics. I'm not
>> totally opposed to this, specifically as we could filter things out at
>> driver level already.
> Absolutely, so why not using two magics? You could even filter things
> out in userspace before propagating the .cell binary to the jailhouse
> device and just skip the magic. Then there would be no modifications at
> driver level.
Do you want to give some patch a try?
Jan