Chapter 4: Virtual Process Memory
Table 4-3: Standard Functions for Working with Strings in Userspace DataFunction Meaningclear_user(to, n) __clear_user Fills the nextnbytes aftertowith zeros.strlen_user(s) __strlen_user Gets the size of a null-terminated string in userspace (includ-
ing the terminating character).strnlen_user(s, n) __strnlen_user Gets the size of a null-terminated string but restricts the
search to a maximum ofncharacters.As the tables show, there are two versions of most of the functions. In the versionswithoutpreceding
underscores,access_useris also invoked to perform checks on the userspace address; the checks carried
out differ from architecture to architecture. For example, one check ensures that a pointer really points to
a position in the user segment; another invokeshandle_mm_faultif pages are not found in memory to
make sure that data are read in for processing. All functions also apply the fixup mechanism described
above to detect and correct page faults.The functions are implemented mainly in assembler language. They are extremely performance-critical
becausetheyareinvokedsofrequently.Theexception code must also be integrated using complicated
GNU C constructions to embed assembler and linker directives in the code. It is not my intention to
discuss the implementation of the individual functions in detail.A checker tool was added to the compilation process during the development of kernel 2.5. It analyzes the
sources to check whether userspace pointers can be de-referenced directly without the need for the above
functions. The pointers originating from userspace must be labeled with the keyword__userso that the
tool knows which pointers to check. One particular example is thechrootsystem call, which expects a
filename as argument. Many, many more places in the kernel contain similarly marked arguments from
userspace.<fs/open.c>
asmlinkage long sys_chroot(const char __user * filename) {
...
}Address space randomization has been augmented further during the development of kernel 2.6.25. It
is now possible to randomize the address of the heap, traditionally calledbrk address. The randomiza-
tion is, however, only performed if the new configuration optionCOMPAT_BRKis not set because some
ancient propgrams are not compatible with a randomized heap address. On the technical level, brk
randomization works as all other randomization techniques introduced in this chapter.4.14 Summary
You have seen that handling the virtual address space of userland processes is a very important part
of the Linux kernel. I have introduced you to the general structure of address spaces and how they
are managed by the kernel, and you have learned how they are partitioned into regions. These allow
for describing the contents of the virtual memory space of userland processes and form the backbone for