All geek questions in one place

Linux IA-32 memory model

I am looking at the Linux IA-32 process memory model, and I have a simple question. What do the gray areas in the image contain? Are they turned on only to display the beginning and end of the memory? So, start the text with 0x0 and start with 0xFFFFFFFF?

Resumed: Hi, in the OS course I visit this question, it becomes relevant again. In particular, I need to know what the gray areas contain. Based on the answers so far, I see that it contains the kernel code at the top and the null pointer dereference page at the bottom. But what is kernel code? I do not assume that this is the entire operating system, but can it be a built-in scheduler, calls to the kernel library, or?

Regards, Lasse Espeholt

alt text http://img403.imageshack.us/img403/3156/capturecj.png

+5
source share
5 answers

I think this is more accurate: alt text

+9
source

I think the gray areas simply represent areas of undefined size. The program text, of course, would not start with 0x0, because most operating systems use them as invalid pages, so zero differences can easily be caught. Thread stacks will also not go to 0xffffffff, because usually the top quarter (or half) has a kernel map displayed in it.

+5
source

Also note that due to the randomization of the location of the address space, the starting addresses of some sections are randomly shifted from the values ​​in the diagrams.

+5
source

No one seems to have mentioned that not all memory in available space is necessarily mapped (and this almost never happens).

+3
source

Please note that the zero page area at the bottom of the address space is actually not prohibited for using the application in general Linux distributions. The kernel used this, then ended up making this decision in the LSM module (e.g. SELinux, AppArmor). And they did not apply the same rule, so it turned out that processes can map memory to 0x0. This was part of a recent exploit of the kernel-downscatter disaggregation.

+2
source

Source: https://habr.com/ru/post/896286/

More articles:


All Articles