Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Network Stack Reset limitations #31

Open
1 of 4 tasks
hlef opened this issue Aug 13, 2024 · 2 comments
Open
1 of 4 tasks

Network Stack Reset limitations #31

hlef opened this issue Aug 13, 2024 · 2 comments
Assignees

Comments

@hlef
Copy link
Collaborator

hlef commented Aug 13, 2024

We recently merged the network stack reset as part of #27.

Let us use this issue to keep track of the limitations of the reset:

  • The TCP/IP stack cannot currently recover from a crash due to a stack overflow in the TCP/IP compartment.
    This is due to a limitation of the implementation of the switcher, which cannot trigger the error handler on stack overflow. We should make it possible for the error handler to run on stack overflow.
  • A small set of globals called reset-critical outlive resets and/or are necessary for the reset.
    We assume that this data has not been corrupted. This data is correspondingly annotated in the source code. We should address this with an inner compartment.
  • We assume that the control-flow of threads in the compartment has not been altered.
    Given that we have spatial and temporal memory safety, this should be a relatively sane assumption? We can revisit later - for now there is no plan to address this.
  • Upon reset, we do not close TCP connections.
    This leads remote servers to send us retransmissions which, in the case of several consecutive resets, can result in flooding. Ideally we should enable the reset code to send TCP RST packets to close outstanding TCP connections during the network stack reset.
@davidchisnall
Copy link
Contributor

The TCP/IP stack cannot currently recover from a crash due to a stack overflow in the TCP/IP compartment.

This can now be fixed. CHERIoT-Platform/cheriot-rtos#301 made it possible to run error handler code up the stack.

@hlef
Copy link
Collaborator Author

hlef commented Nov 1, 2024

The TCP/IP stack cannot currently recover from a crash due to a stack overflow in the TCP/IP compartment.

This can now be fixed. CHERIoT-Platform/cheriot-rtos#301 made it possible to run error handler code up the stack.

Done in #48!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants