Kernel page table is:
User page table for a process is:
The page table allocation is in
The context switch code is:
ContextSwitch where the
tt_phys_ value is written to the
zx_process_create syscall, which is implemented in
sys_process_create, which calls
ProcessDispatcher::Create, which calls
VmAspace::Create, which calls
VmAspace::Init, which calls
ArmArchVmAspace->Init to setup page tables.
Zircon Handles allows user space programs to reference kernel objects.
Sharable Resource: Zircon maintains a global struct call
HandleTableArena gHandleTableArenafor allocating all Handles.
Limit: The arena has a limit for all live handles, specified by
kMaxHandleCount, whose value is 256 * 1024.
gHandleTableArenacontains a member of
fbl::GPArena<Handle::PreserveSize, sizeof(Handle)> arena_, whose
kMaxHandleCount * handle_sizememory. If the number of live handles goes beyond the limit,
Allocwill return nullptr.
Abstract Resource Attack: The attacker can consume handles to exhaust all handles in gHandleTableArena. 1) Handles are frequently-used in Zircon. Any events, processes, or threads are consuming new handles. 2) Currently we did not find any per-user limits on handles. 3) If handles are exhausted, the users cannot send events or creates any processes or threads.
Count: GPArena maintains a
count_, which increments in
Zircon supports 21 rights list.
The right data structure
zx_rights_t is defined in zircon/system/public/zircon/rights.h as a uint32_t. The code is
typedef uint32_t zx_rights_t.
For rights, the basic check function is the
handle->HasRights. Such as in system calls
zx_handle_duplicate, the basic check is used in
The right checking has wrappers, such as
GetDispatcherWithRights, which in turn calls
Zircon supports about 150 system calls full list.
The system calls will list the rights it required.