0

I have disabled swapping altogether on my OS X 10.8.2 (which runs x86 LP64 kernel) box for experimental reasons, I know this is a bad idea.

When I do a system call from any app what does the address space layout look like ? I.e. Now as entire address space is wired down ( no swapping ) can I deterministically access any valid user address from kernel and assume that page containing that address is resident in memory ?

My understanding is yes but I am a bit confused after reading that no matter whether user space is 64 bit or 32 bit OS X kernel always runs in 32 bit mode and entire process adress space get switched out and entire 4G is taken by kernel. Is this applicable for 10.8.2 ? If this is the case then I will not be able to access any valid user space address from kernel space, right?

user2628063
  • 21
  • 2

2 Answers2

1

Even in 64-bit mode, wherein kernel space is reserved at the top of the address space (i.e. 0xffffff8000xxxxxx), and even when there's no swapping, you can't access user space memory, unless you are in kernel mode acting on behalf of that user space process. The reason is because the addresses are all virtual, and you are relying on CR3 (a control register) to tell the MMU which physical pages belong to which process. So although in principle you have access to all memory in kernel mode, without CR3 you will not be able to figure out which pages belong to which process.

Thus, inside a system call, you can move data in and out of user mode memory (there's copyin/copyout for that, similar to Linux's copy_[from/to]_user) - and those also handle page faults, in case pages are actually swapped, as is the normal case. But that is only for the active user space memory - i.e. the active process. Sure, there are hacks to access other processes' CR3, but those are quite discouraged (unless you're authoring quality malware).

Technologeeks
  • 7,674
  • 25
  • 36
0

First, the 32-bit kernel/64-bit userspace arrangement was the case prior to 10.7 (on clients) or 10.6 (on servers). 10.5 and earlier came with only 32-bit kernels, 10.6 and 10.7 shipped with both 32-bit and 64-bit kernels (default depending on hardware), and 10.8 and newer only have 64-bit kernels.

Second, with 64-bit kernels, OSX does use a split kernel/user virtual address layout. You are correct that the 32-bit ones swap out almost the entire 4GB when switching between user space and kernel.

As for dereferencing userspace pointers directly - that's a bad idea even with swap disabled, and I'd never ship code like that. If you're only messing around, you should be fine though. (one reason this is really bad is that memory mappings can be changed from another thread)

pmdj
  • 22,018
  • 3
  • 52
  • 103
  • Thanks for the great answers, clears my doubts. I am not able to figure out how to accept answers and close the question ! – user2628063 Oct 03 '13 at 15:00
  • There's a little tickbox outline under the score (0) and up/down arrows for the answer. – pmdj Oct 06 '13 at 15:14