NX / XD on x86_64

[jdub]

Am I on the right track here?

[AdrianDanis]

Mostly the right track. The only complication is that seL4_X86_ExecuteNever becomes orthogonal to the rest of the attributes in seL4_X86_VMAttributes. Probably has to stop being a true enum and become partially an enumeration and partially set a bitwise flags.

[jdub]

Looks like the same is true of armExecuteNever. Is it a case of fine for now, but needs a refactor or needs a refactor before landing more mess?

[AdrianDanis]

Well for some reason ARM defines things in an enum, which is technically incorrect since cacheability, parity and XN are actually a set of flags that should be OR'd together. This is why seL4_ARM_Default_VMAttributes == 3 == seL4_ARM_PageCacheable | seL4_ARM_ParityEnabled. In contrast to X86 where seL4_X86_Default_VMAttributes == 0 == seL4_X86_WriteBack

I suspect we just want to change X86 into something like

#define seL4_X86_WriteBack 0
#define seL4_X86_WriteThrough 1
#define seL4_X86_CacheDisabled 2
#define seL4_X86_Uncacheable 3
#define seL4_X86_WriteCombining 4

#define seL4_X86_Default_VMAttributes seL4_X86_WriteBack

#define seL4_X86_FLAG_ExecuteNever LIBSEL4_BIT(8)

typedef int seL4_X86_VMAttributes;

I don't know if prefixing the name with FLAG is the best way to distinguish it from the other attribute, which are an exclusive choice, but you get the idea.

[jdub]

Heh, it looks like seL4_ARM_ExecuteNever was thrown in pretty quickly, putting the comment out of place:

typedef enum {
    seL4_ARM_PageCacheable = 0x01,
    seL4_ARM_ParityEnabled = 0x02,
    seL4_ARM_Default_VMAttributes = 0x03,
    seL4_ARM_ExecuteNever  = 0x04,
    /* seL4_ARM_PageCacheable | seL4_ARM_ParityEnabled */
    SEL4_FORCE_LONG_ENUM(seL4_ARM_VMAttributes),
} seL4_ARM_VMAttributes;

Seems like this needs a rethink on ARM as well as X86? With MP coming along, ARM may need to support the shared bit too. Unless you're specifically avoiding that. Anyway, now I'm rambling.

Thought: As all of this is exposed to user land as capability permissions, would it be absolutely bananas to abuse the Grant right as Execute?

[AdrianDanis]

Wow that comment is impressively out of place. Yes, shared bit should probably be added once we do a proper ARM multicore implementation.

The grant bit is definitely conveniently placed, but I'm not certain as to whether or not it makes sense. I'll bring up the discussion internally, although those can have a long turn around time.

[emberian]

Any news on this?

[AdrianDanis]

@cmr unfortunately no progress on this, always seems to be something more pressing