Linux IA-32 memory model

2019-03-29 12:06发布

I'm looking at the Linux IA-32 memory model of a process and I have a simple question to it. What do the grey areas in the picture contain? Are they only included to show the beginning and end of the memory? So, do text start at 0x0 and stack start at 0xFFFFFFFF?

Reopened: Hi, in an OS course I'm attending this question becomes relevant again. Specifically, I need to know what the grey areas contain. Based on the answers so far, I can see it contains kernel code in the top and a null-pointer dereference page in the bottom. But what is the kernel code? I don't assume it is the whole operating system itself, but could it be embedded scheduler, kernel library calls or?

Best regards, Lasse Espeholt

alt text http://img403.imageshack.us/img403/3156/capturecj.png

5条回答
Root(大扎)
2楼-- · 2019-03-29 12:21

Also note that due to address space layout randomization, the starting addresses of some of the sections are randomly offset from the values in the diagrams.

查看更多
【Aperson】
3楼-- · 2019-03-29 12:22

I think the grey areas simply represent regions of undefined size. Program text certainly wouldn't start at 0x0, because most OSes use them as invalid pages so null dereferences can be caught easily. Thread stacks also wouldn't go right up to 0xffffffff because usually the top quarter (or half) has kernel memory mapped into it.

查看更多
叛逆
4楼-- · 2019-03-29 12:33

I think this is more accurate: alt text

查看更多
啃猪蹄的小仙女
5楼-- · 2019-03-29 12:36

Note that the zero-page area at the bottom of the address space is not actually forbidden to application use under common linux distributions. The kernel used to do this, then ended up farming that decision out to the LSM module (e.g. SELinux, AppArmor). And they didn't enforce the same rule, so it turned out to be possible for processes to map memory at 0x0. This was part of the vulnerability behind the recent "kernel null pointer dereference" exploits.

查看更多
一纸荒年 Trace。
6楼-- · 2019-03-29 12:37

Nobody seems to have mentioned that not all memory in the available space is necessarily mapped (and it almost never is).

查看更多
登录 后发表回答