oak
oak copied to clipboard
Decide on approach when the trusted runtime receives invalid data from the untrusted launcher
Some examples include:
- Invalid lengths/indices in the used elements of a virtqueue
- Invalid vsock packet lengths
- Invalid lengths for custom framing and object serialisation
We could ignore bad data, send an error, or terminate the VM. We might have different approaches for different types of invalid data.
Also related, we should decide what to do when the communication channel is closed/broken. We could try to re-establish, or just shut down the VM.