0

I have two questions related to the Process Address map;

  1. I know in the 32 bit Linux machine, the virtual address of a process is divided into two, 3GB for Userspace and 1 GB for Krnel. Is it the same for x86_64/Linux 64 machine?
  2. The objdump of a linux executable shows the _init starts approximately from the address 0x400000. Why the exe adress starts from around 0x400000?
bash-4.2$ objdump -S a.out
       a.out:     file format elf64-x86-64
       Disassembly of section .init:
       0000000000400390 <_init>:
       400390:       48 83 ec 08             sub    $0x8,%rsp

Below shows the pmap output of the same a.out . Here also the mapping starts at 0000000000400000(i.e 4MB). Where is the virtual memory till 4MB used then?

bash-4.2$ pmap 95297
95297:   ./a.out
0000000000400000      4K r-x-- a.out
0000000000600000      4K r---- a.out
0000000000601000      4K rw--- a.out
00007fdfd0f37000   1800K r-x-- libc-2.17.so
00007fdfd10f9000   2048K ----- libc-2.17.so
00007fdfd12f9000     16K r---- libc-2.17.so
00007fdfd12fd000      8K rw--- libc-2.17.so
00007fdfd12ff000     20K rw---   [ anon ]
00007fdfd1304000    136K r-x-- ld-2.17.so
00007fdfd1506000     12K rw---   [ anon ]
00007fdfd1524000      4K rw---   [ anon ]
00007fdfd1525000      4K r---- ld-2.17.so
00007fdfd1526000      4K rw--- ld-2.17.so
00007fdfd1527000      4K rw---   [ anon ]
00007fff09042000    132K rw---   [ stack ]
00007fff091c3000      8K r-x--   [ anon ]
ffffffffff600000      4K r-x--   [ anon ]
 total             4212K
Franc
  • 319
  • 9
  • 28
  • Learn to use [pmap(1)](http://man7.org/linux/man-pages/man1/pmap.1.html) and [readelf(1)](http://man7.org/linux/man-pages/man1/readelf.1.html). Read a [textbook on operating systems](http://pages.cs.wisc.edu/~remzi/OSTEP/) then ask more on https://kernelnewbies.org/ ; if you compile some C program [with GCC](https://gcc.gnu.org/onlinedocs/gcc/Invoking-GCC.html), consider using `gcc -S -fverbose-asm -O -v` – Basile Starynkevitch Apr 02 '20 at 06:50
  • Re: x86-64 Linux memory map: [Why 4-level paging can only cover 64 TiB of physical address](https://stackoverflow.com/q/72417308). And [x86-64 canonical address?](https://stackoverflow.com/q/25852367) – Peter Cordes Jun 28 '22 at 01:56

1 Answers1

1

On x86_64, the virtual address space is 48 bits (only 64 bit addresses with the top 17 bits all 0s or all 1s are valid), and on linux that is divided in half -- 128TB for user and 128TB for kernel.

In that 128TB of user space, the stack is placed at a randomly chosen high address (so generally something starting with 00007fff) and the executable at a low address. Shared libraries are then generally loaded somewhere below the stack (also somewhat randomized) The precise addresses chosen are randomized to make it harder to exploit security bugs.

Chris Dodd
  • 119,907
  • 13
  • 134
  • 226