#[repr(C)]pub struct BootInfo {
pub magic: u64,
pub directory_va: u64,
pub directory_type_id: u64,
pub guest_va_base: u64,
pub _reserved: [u64; 12],
}Expand description
Boot-time info published by the guest at a known location (linker
section .boot_info). The host reads it after the sandbox boots
to learn the VA of the guest’s cap directory, then dereferences
the directory directly from host code (the kernel half is mapped
at the same VA via the shallow-PML4-copy mechanism, so a
directory-VA pointer is valid both in guest kernel mode and via
the host’s mmap shadow of the kernel image).
magic is checked first as a sanity guard against reading a
stale or wrong-binary boot region. directory_va is the address
of the inner HashMap (not the wrapping Mutex), so the host
reader can take the directory lock and then index by CapHash.
directory_type_id lets future protocol upgrades reject a
mismatched layout (today: hash of the type signature Mutex< HashMap<CapHash, Box<Cap>, FixedState, Global>> — bumped when
any field is added or its type changes).
Fields§
§magic: u64BootInfo::MAGIC (“JAR_BOOT” in ASCII, little-endian). Host
reader rejects a region whose first 8 bytes don’t match.
directory_va: u64VA of the cap directory’s inner HashMap (NOT the wrapping
Mutex). Resolved by nub-arch-x86 at boot via
init_directory_va.
directory_type_id: u64Hash of the directory’s type signature. Bumped when the wire layout of the directory changes. Today: opaque sentinel, the host just compares for equality.
guest_va_base: u64Base of the per-process GUEST_VA reservation. Mirrors the host-side constant; reproduced here so the host can sanity- check the guest agrees on the layout.
_reserved: [u64; 12]Reserved space for future fields. Zero-initialised; host readers should not depend on the contents.