tags:

views:

402

answers:

4
+1  Q: 

Linux IA-32 memory model

Hi, I'm looking on the Linux IA-32 memory model processes see and have a simple question to it. What is there in the grey areas in the picture? Or is it just to show start and end of the memory? So, do text start at 0x0 and stack start at 0xFFFFFFFF?

Best regards, Lasse Espeholt

alt text

+4  A: 

I think the grey areas simply represent regions of undefined size. Program text certainly wouldn't start at 0x0, because most OSes use them as invalid pages so null dereferences can be caught easily. Thread stacks also wouldn't go right up to 0xffffffff because usually the top quarter (or half) has kernel memory mapped into it.

wj32  2010-01-12 09:57:24
the null referrence makes a lot of sense ;) thanks.
lasseespeholt  2010-01-12 10:26:34
+3  A: 

I think this is more accurate: alt text

ssg  2010-01-12 10:02:56
Ahh seems to make sense ;) But according to that graph processes only have ~1GB ram to work with. (0xC0000000 - 0x80480000) but it may increase to the kernel virtual memory?
lasseespeholt  2010-01-12 10:24:17
It's 0x08048000, not 0x80480000. So it's a bit less than 3 GBs.
wj32  2010-01-12 10:31:43
Ahh my bad, thanks :)
lasseespeholt  2010-01-12 10:42:01
A: 

Note that the zero-page area at the bottom of the address space is not actually forbidden to application use under common linux distributions. The kernel used to do this, then ended up farming that decision out to the LSM module (e.g. SELinux, AppArmor). And they didn't enforce the same rule, so it turned out to be possible for processes to map memory at 0x0. This was part of the vulnerability behind the recent "kernel null pointer dereference" exploits.

Andy Ross  2010-01-12 19:26:55
`/proc/sys/vm/mmap_min_addr` is defaulted to non-zero by the vanilla kernel, so this only matters if you have a distribution that changes it or uses LSM. I don't know how common that is; Debian doesn't, Ubuntu doesn't (unless Wine is installed), Gentoo doesn't, ... and that's all the distributions I use.
ephemient  2010-01-12 19:36:06
Fedora and Red Hat ship SELinux enabled by default. Novell/SuSE ships AppArmor, as does Ubuntu in recent versions. LSM is more the rule than the exception in the modern world, and as it happens this resulted in a regression in the null page protection.
Andy Ross  2010-01-12 23:49:59
+2  A: 

Also note that due to address space layout randomization, the starting addresses of some of the sections are randomly offset from the values in the diagrams.

janneb  2010-01-12 19:51:04

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?