LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Null pointers, one month later

Null pointers, one month later

Posted Aug 18, 2009 18:20 UTC (Tue) by patrick_g (subscriber, #44470)
In reply to: Null pointers, one month later by xilun
Parent article: Null pointers, one month later

>>> I guess if this "feature" stays there will again be security issues in the future because of that

Is it just for Wine or is there other softwares using the map at adress zero ?

(Log in to post comments)

Null pointers, one month later

Posted Aug 18, 2009 18:41 UTC (Tue) by drag (subscriber, #31333) [Link]

I think that DosBox does also.

Is this something that programmers of emulation machines (yes I know Wine isn't emulation, but in this case it seems want to do emulation-ish things?) typically want to be able to do?

Would it make sense for the kernel to simply lie? Make it so that address zero from the applications VM perspective isn't really address zero from the kernel's or machines's perspective?

(I am struggling to understand everything going on here. It seems like it wouldn't be difficult to do.. I always understood the point to having virtual memory is so that applications can abritrarially get their memory mapped to any section of memory.)

Null pointers, one month later

Posted Aug 18, 2009 19:56 UTC (Tue) by taviso (subscriber, #34037) [Link]

The reason they want to do this is to use an intel hardware feature called v8086 mode, which maps the segmented real address space onto the first megabyte of the linear address space.

You could fake it, but then you wouldn't be using the "hardware acclerated" emulation that makes things like dosemu very fast despite being a relatively complex feat.

Uses of pages near zero

Posted Aug 18, 2009 20:55 UTC (Tue) by jreiser (subscriber, #11027) [Link]

Is it just for Wine or [are] there other softwares using the map at adress zero ?

"All memory is equal, but the memory near address zero is more equal than others." On x86 (protected mode, both 32-bit and 64-bit) and PowerPC (both 32-bit and 64-bit) the hardware itself supports the low 64KiB or 32KiB better than any other region. Some forms of every branch instruction can access low memory always, in addition to the usual region near the program counter. On the PowerPC this is explicit: the AA bit (Absolute Addressing: the bit with positional value (1<<1)) in the instruction. On x86 it is implicit: the 0x66 prefix byte, which performs target_address &= 0xffff; just before branching, and the 0x67 prefix byte, which makes the 0xe9 (and 0xe8) opcodes take a 16-bit displacement instead of a 32-bit displacement. On PowerPC the benefit is a larger set of target addresses, including some targets that are universally accessible regardless of the current value of the program counter. On x86, another benefit also is smaller size: 2, 3, or 4 bytes for a branch instead of 5, or only 5 bytes for some universally-accessible targets on x86_64. Also, do not overlook the advantage of using just 16 bits for storing pointers to an important collection.

Most traditional static compilers such as gcc never use these features. However, there are other compilers, program processors, and runtime re-writers which take advantage of the hardware to offer otherwise-impossible features.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds