Chapter 4: Virtual Process Memory
How the text segment is mapped into the virtual address space is determined by the ELF standard (see
Chapter E for more information about this binary format). A specific starting address is specified for
each architecture: IA-32 systems start at0x08048000, leaving a gap of roughly 128 MiB between the
lowest possible address and the start of the text mapping that is used to catchNULLpointers. Other
architectures keep a similar hole: UltraSparc machines use0x100000000as the starting point of the text
segment, while AMD64 uses0x0000000000400000. The heap starts directly above the text segment and
grows upward.
The stack starts atSTACK_TOP, but the value is decremented by a small random amount ifPF_RANDOMIZE
is set.STACK_TOPmust be defined by each architecture, and most set it toTASK_SIZE— the stack starts at
the highest possible address of the user address space. The argument list and environment of a process
are stored as initial stack elements.
The region for memory mappings starts atmm_struct->mmapbase, which is usually set toTASK
UNMAPPED_BASE, needing to be defined by every architecture. In nearly all cases,TASK_SIZE/3is
chosen. Note that the start of the mmap region is not randomized if the default kernel approach
is used.
Using the described address space layout works very well on machines that provide a large virtual
address space. However, problems can arise on 32-bit machines. Consider the situation on IA-32: The
virtual address space ranges from 0 to0xC0000000, so 3 GiB are available for each user process.TASK_
UNMAPPED_BASEstarts at0x4000000, that is, at 1 GiB. Unfortunately, this implies that the heap can only
consume roughly 1 GiB before it crashes right into the mmap area, which is clearly not a desirable
situation.
The problem is caused by the memory mapping region that is located in the middle of the virtual address
space. This is why a new virtual address space layout for IA-32 machines (in addition to the classical
one, which can still be used) was introduced during the development of kernel 2.6.7. It is illustrated in
Figure 4-2.
Gap
already used
Text
0 ×0804 80000
0
MMAP
Heap
Stack
TASK_SIZE
Random offset
mm->mmap_base
STACK_TOP-randomized_variable
Layout of the Process Address Space
machines when the mmap region is expanded from
top to bottom.