[Gllug] Strange memory mapping
Nix
nix at esperi.org.uk
Fri Jun 10 10:24:01 UTC 2005
On Thu, 9 Jun 2005, Richard Jones murmured woefully:
>
> Any idea what this memory mapping is? It appears at the end of all my
> process memory maps:
>
> ffffe000-fffff000 ---p 00000000 00:00 0
ldd will show you e.g.
linux-gate.so.1 => (0xffffe000)
[...]
Recognise it?
It's the vsyscall area, a fake `shared library' exported to all
processes by the kernel and filled with suitable instructions to execute
each syscall, and with suitable DWARF2 exception-unwinding stuff.
It allows applications (in practice, glibc) to call syscalls by means of
an ordinary (cross-shared-object) function call, and the fastest
available method fo the platform the binary is *running* on will be
used, because that `function' is implemented by the kernel.
(This is significant because the 686 and above have a means of calling
syscalls via SYSENTER which is very much faster than the old INT 80
method.)
It's also possible for read-only data which benefits from very high
access speeds to be mapped there, e.g. data used by gettimeofday():
but I'm not aware of anything doing so yet.
See e.g. linux/arch/i386/kernel/vsyscall* for the implementation on
the kernel side.
--
`It's as bizarre an intrusion as, I don't know, the hobbits coming home
to find that the Shire has been taken over by gangsta rappers.'
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list