mirror of
https://github.com/ruvnet/RuVector.git
synced 2026-05-24 13:54:31 +00:00
25749d0bfd
Complete security audit remediation across all 14 RVM hypervisor crates: Security (87 findings fixed — 11 critical, 23 high, 30 medium, 23 low): - HAL: SPSR_EL2 sanitization before ERET, per-partition VMID with TLB flush, 2MB mapping alignment enforcement, UART TX timeout - Proof: Real P3 verification replacing stubs (Hash/Witness/ZK tiers), SecurityGate self-verifies P3 (no caller-trusted boolean) - Witness: SHA-256 chain hashing (ADR-142), strict signing default, NullSigner test-gated, XOR-fold hash truncation - IPC: Kernel-enforced sender identity, channel authorization - Cap: GRANT_ONCE consumption, delegation depth overflow protection, owner verification, derivation tree slot leak rollback - Types: PartitionId validation (reject 0/hypervisor, >4096) - WASM: Target/length validation on send(), module size limit, quota dedup - Scheduler: Binary heap run queue, epoch wrapping_add, SMP cpu_count enforcement - All integer overflow paths use wrapping_add/saturating_add/checked_add TEE implementation (ADR-142, all 4 phases): - Phase 1: SHA-256 replaces FNV-1a in witness chain, attestation, measured boot - Phase 2: WitnessSigner trait with SignatureError enum, HmacSha256WitnessSigner, Ed25519WitnessSigner (verify_strict), DualHmacSigner, constant_time.rs - Phase 3: SoftwareTeeProvider/Verifier, TeeWitnessSigner<P,V> pipeline - Phase 4: SignedSecurityGate, WitnessLog::signed_append, CryptoSignerAdapter, ProofEngine::verify_p3_signed, KeyBundle derivation infrastructure - subtle crate integration for ConstantTimeEq Performance (26 optimizations): - O(1) lookups: IPC channel, partition, coherence node, nonce replay - Binary max-heap scheduler queue (O(log n) enqueue/dequeue) - Coherence adjacency matrix + cached per-node weights - BuddyAllocator trailing_zeros bitmap scan + precomputed bit_offset LUT - Cache-line aligned SwitchContext (hot fields first) and PerCpuScheduler - DerivationTree O(1) parent_index, combined region overlap+free scan - #[inline] on 11+ hot-path functions, FNV-1a 8x loop unroll - CapSlot packing (generation sentinel), RunQueueEntry sentinel, MessageQueue bitmask Documentation: - ADR-142: TEE-Backed Cryptographic Verification (with 6 reviewer amendments) - ADR-135 addendum: P3 no longer deferred - ADR-132 addendum: DC-3 deferral resolved - ADR-134 addendum: SHA-256 + HMAC signatures 752 tests, 0 failures across 11 library crates + integration suite. Co-Authored-By: claude-flow <ruv@ruv.net> |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||
| README.md | ||
rvm-tests
Cross-crate integration tests for the RVM microhypervisor.
This crate exercises the public APIs of all 13 RVM subsystem crates in
combination. It is not published and exists solely for cargo test
validation of the workspace.
What is Tested
PartitionIdround-trip and VMID extractionCoherenceScoreclamping and threshold checksWitnessHashzero detectionWitnessRecordsize assertion (must be exactly 64 bytes)CapTokenrights checking (single and combined rights)GuestPhysAddr/PhysAddrpage alignment helpersBootTrackersequential phase completion and out-of-order rejectionWasmModuleInfoheader validation (magic, version, truncated input)GateRequestsecurity enforcement (type match and mismatch)WitnessLogappend and length trackingWitnessEmitterrecord construction with action kind and actorEmaFilterinitial sample pass-through and EMA computationPartitionManagercreate and lookuprvm-kernelversion and crate count constantsActionKindsubsystem discriminantfnv1a_64determinism
Running
cargo test -p rvm-tests
Workspace Dependencies
All 13 RVM crates (rvm-types through rvm-kernel).