views:

402

answers:

4

Hi, I'm looking on the Linux IA-32 memory model processes see and have a simple question to it. What is there in the grey areas in the picture? Or is it just to show start and end of the memory? So, do text start at 0x0 and stack start at 0xFFFFFFFF?

Best regards, Lasse Espeholt

alt text

+4  A: 

I think the grey areas simply represent regions of undefined size. Program text certainly wouldn't start at 0x0, because most OSes use them as invalid pages so null dereferences can be caught easily. Thread stacks also wouldn't go right up to 0xffffffff because usually the top quarter (or half) has kernel memory mapped into it.

wj32
the null referrence makes a lot of sense ;) thanks.
lasseespeholt
+3  A: 

I think this is more accurate: alt text

ssg
Ahh seems to make sense ;) But according to that graph processes only have ~1GB ram to work with. (0xC0000000 - 0x80480000) but it may increase to the kernel virtual memory?
lasseespeholt
It's 0x08048000, not 0x80480000. So it's a bit less than 3 GBs.
wj32
Ahh my bad, thanks :)
lasseespeholt
A: 

Note that the zero-page area at the bottom of the address space is not actually forbidden to application use under common linux distributions. The kernel used to do this, then ended up farming that decision out to the LSM module (e.g. SELinux, AppArmor). And they didn't enforce the same rule, so it turned out to be possible for processes to map memory at 0x0. This was part of the vulnerability behind the recent "kernel null pointer dereference" exploits.

Andy Ross
`/proc/sys/vm/mmap_min_addr` is defaulted to non-zero by the vanilla kernel, so this only matters if you have a distribution that changes it or uses LSM. I don't know how common that is; Debian doesn't, Ubuntu doesn't (unless Wine is installed), Gentoo doesn't, ... and that's all the distributions I use.
ephemient
Fedora and Red Hat ship SELinux enabled by default. Novell/SuSE ships AppArmor, as does Ubuntu in recent versions. LSM is more the rule than the exception in the modern world, and as it happens this resulted in a regression in the null page protection.
Andy Ross
+2  A: 

Also note that due to address space layout randomization, the starting addresses of some of the sections are randomly offset from the values in the diagrams.

janneb