Developer Guide

  • 04/03/2019
  • Public Content
Contents

Abandoned Sessions

Intel® DAL allows for a limited number of trusted applications and sessions that can be installed or created by the virtual machine (VM). In some cases, client service resources can be occupied and never released due to:
  • Denial of service attack
  • Application entering an infinite loop and therefore not closing or removing the sessions or trusted applications.
  • Application crashing and therefore not closing or removing the sessions or trusted applications.
  • A misuse of the client service API,e.g., not calling the CloseSession API when finishing using a session.
In such cases, the application is preventing other applications from using other sessions, due to the Max Sessions capacity limit. Therefore, the client service tries to detect whether an application has crashed or exited without releasing its resources so that it can perform cleanup, release the session handle and remove the abandoned sessions from the VM if needed.
To enable the client service to do this, it stores the application information [Process ID + Creation Timestamp] when the application is initialized. This allows the identification of crashed applications only and not modules within an application(like a plugin in a browser), unless it runs as a separate process.
Whenever an application calls one of the following APIs, the client service performs an abandoned session cleanup:
  • JHI_Install2
  • JHI_CreateSession
  • JHI_Uninstall
  • JHI_GetAppletProperty
    (in case the trusted application was not loaded in the VM)
Note: Applications should not rely on this cleanup mechanism and must call JHI_CloseSession with each session handle that they have when they are finished with the session handle.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804