From 4d16bc39ad1f950e946af8e3b1e5cc61b415e361 Mon Sep 17 00:00:00 2001 From: Jack Bond-Preston Date: Mon, 29 May 2023 13:21:06 +0100 Subject: [PATCH] fix some things in CHERI article --- content/cheri.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/cheri.md b/content/cheri.md index b0d966b..79cc49f 100644 --- a/content/cheri.md +++ b/content/cheri.md @@ -117,13 +117,13 @@ $ ./ptrs_as_numbers *(7fff98640c28)=9999 ``` -yikes! now, when you start messing with pointers like this, you're bound to run into a bunch of undefined behaviour. but C programmers write undefined behaviour all the time (and not always by accident), and my computer executes this program fine without complaining at all. doesn't it feel a bit weird that we can take a pointer to `arr[0]` and modify it to load `secret`? they're not even part of the same array... +yikes! now, when you start messing with pointers like this, you're bound to run into a bunch of undefined behaviour. but C programmers write undefined behaviour all the time (and not always by accident), and my computer executes this program fine without complaining at all. doesn't it feel a bit weird that we can take a pointer to `arr[0]` and modify it to load `magic`? they're not even part of the same array... ## introducting capabilities CHERI introduces capabilities, which can be thought of as an extension to pointers. they still store an address of something we care about, but they have extra information too! in a 64-bit system, a pointer would typically be a 64-bit value (as dicussed previously). the corresponding capability in a CHERI platform is 128 bits (or 129 bits if you look at it a certain way, more about that later). -as you might have guessed, this "extra information" takes up 64 bits of the capability. bits are assigned to three key pieces of metadata: *bounds*, *permissions*, and *object type*. there is also an additional 1-bit _tag_ which is stored out-of-band: it is not a 129-bit value - instead each 128-bit capability can be thought of as being associated with a 1-bit validity tag. the architecture manages this association for us. the diagram below is provided as a rough overview of this. note that it is not to scale. +as you might have guessed, this "extra information" takes up extra bits of the capability (how much is actually a little complicated - we will touch on that). bits are assigned to three key pieces of metadata: *bounds*, *permissions*, and *object type*. there is also an additional 1-bit _tag_ which is stored out-of-band: it is not a 129-bit value - instead each 128-bit capability can be thought of as being associated with a 1-bit validity tag. the architecture manages this association for us. the diagram below is provided as a rough overview of this. note that it is not to scale. int *x (capability)0x0000010000000004addressboundsobject typepermissionstag (out-of-band)