mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2024-11-24 20:48:55 +00:00
d4b59d8878
The design sending SIGSTOP to the main process and the device processes from the monitor process does not work with sandboxing the monitor process because user namespace without pid namespace is not supported by minijail. This changes the design so that monitor process sends a message to the main process, which is then responsible for guaranteeing that nothing except the monitor process will access guest memory when vmm-swap is being enabled. The main process does this by sending SIGSTOP to device processes and suspending the vCPU threads. Although there are other threads in the main process, none of them currently access guest memory. The vmm-swap feature now does not support `--disable-sandbox`. It would be possible to support it by sending `SIGSTOP` from the monitor process to the main process. However there is no clear use case for vmm-swap with `--disable-sandbox`, so the extra complexity is not worth it. BUG=b:270248453 TEST=manual test Change-Id: Ie24d5a5b5f8e6999d133beb9b4c3562e26427838 Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4293656 Reviewed-by: David Stevens <stevensd@chromium.org> Commit-Queue: Shin Kawamura <kawasin@google.com> |
||
|---|---|---|
| .. | ||
| src | ||
| tests | ||
| Cargo.toml | ||