Fuchsia Inside

Published:

Memory Management

Kernel page table is: arm64_kernel_translation_table

User page table for a process is: ArmArchVmAspace->tt_phys_

The page table allocation is in ArmArchVmAspace->Init.

The context switch code is: ContextSwitch where the tt_phys_ value is written to the ttbr0_el1.

Process Create

Zircon provides zx_process_create syscall, which is implemented in sys_process_create, which calls

ProcessDispatcher::Create, which calls

VmAspace::Create, which calls

VmAspace::Init, which calls

ArmArchVmAspace->Init to setup page tables.

Zircon Handles

Zircon Handles allows user space programs to reference kernel objects.

  • Sharable Resource: Zircon maintains a global struct call HandleTableArena gHandleTableArena for allocating all Handles.

  • Limit: The arena has a limit for all live handles, specified by kMaxHandleCount, whose value is 256 * 1024. gHandleTableArena contains a member of fbl::GPArena<Handle::PreserveSize, sizeof(Handle)> arena_, whose Init allocates kMaxHandleCount * handle_size memory. If the number of live handles goes beyond the limit, Alloc will return nullptr.

  • Abstract Resource Attack: The attacker can consume handles to exhaust all handles in gHandleTableArena. 1) Handles are frequently-used in Zircon. Any events, processes, or threads are consuming new handles. 2) Currently we did not find any per-user limits on handles. 3) If handles are exhausted, the users cannot send events or creates any processes or threads.

  • Count: GPArena maintains a count_, which increments in Alloc.

Zircon Rights

Zircon supports 21 rights list.

The right data structure zx_rights_t is defined in zircon/system/public/zircon/rights.h as a uint32_t. The code is typedef uint32_t zx_rights_t.

For rights, the basic check function is the handle->HasRights. Such as in system calls zx_handle_duplicate, the basic check is used in handle_dup_replace.

The right checking has wrappers, such as GetDispatcherWithRights, which in turn calls HasRights.

Zircon Syscalls

Zircon supports about 150 system calls full list.

The system calls will list the rights it required.