共享库加载内存地址区域是否依赖于体系结构？

Question 1

运行时堆栈的（首选）配置因硬件架构而异。但对于程序本身和共享库，对于动态链接的可执行文件，映射区域的内存位置由链接器确定。一般来说，内核的工作不是决定用户态程序的组件应该位于哪里。 CPU 架构也没有暗示该顺序。在相同的硬件上，甚至在一个正在运行的操作系统（即内核）中，我们可以想象不同的链接器以不同的方式排列它（exec Linux 调用从 ELF 文件中提取链接器的名称；请参阅in 中elf_interpreter的变量）。load_elf_binary()fs/binfmt_elf.c

在Linux中，默认的动态链接器ld-linux是glibc的一部分。它如何尝试映射对象可以在其源代码的_dl_map_object_from_fd()函数中看到。elf/dl-load.c有时，会考虑可执行文件中的首选项（大概取决于创建可执行文件的编译器和链接器），并且在某些情况下，内存映射的配置由内核决定。

有一些关于动态链接器及其架构依赖性的谷歌信息，例如：

https://grugq.github.io/docs/subversiveld.pdf

Answer

运行时堆栈的（首选）配置因硬件架构而异。但对于程序本身和共享库，对于动态链接的可执行文件，映射区域的内存位置由链接器确定。一般来说，内核的工作不是决定用户态程序的组件应该位于哪里。 CPU 架构也没有暗示该顺序。在相同的硬件上，甚至在一个正在运行的操作系统（即内核）中，我们可以想象不同的链接器以不同的方式排列它（exec Linux 调用从 ELF 文件中提取链接器的名称；请参阅in 中elf_interpreter的变量）。load_elf_binary()fs/binfmt_elf.c

在Linux中，默认的动态链接器ld-linux是glibc的一部分。它如何尝试映射对象可以在其源代码的_dl_map_object_from_fd()函数中看到。elf/dl-load.c有时，会考虑可执行文件中的首选项（大概取决于创建可执行文件的编译器和链接器），并且在某些情况下，内存映射的配置由内核决定。

有一些关于动态链接器及其架构依赖性的谷歌信息，例如：

https://grugq.github.io/docs/subversiveld.pdf

Question 2

经过一番挖掘后，我将回答我自己的问题。总之，这是一个依赖arch的东西。 PowerPC32 定义了首选加载地址函数，而大多数其他体系结构（包括 x86）没有定义此函数。

/* The idea here is that to conform to the ABI, we are supposed to try
   to load dynamic objects between 0x10000 (we actually use 0x40000 as
   the lower bound, to increase the chance of a memory reference from
   a null pointer giving a segfault) and the program's load address;
   this may allow us to use a branch instruction in the PLT rather
   than a computed jump.  The address is only used as a preference for
   mmap, so if we get it wrong the worst that happens is that it gets
   mapped somewhere else.  */

ElfW(Addr)
__elf_preferred_address (struct link_map *loader, size_t maplength,
             ElfW(Addr) mapstartpref)
{
  ElfW(Addr) low, high;
  struct link_map *l;
  Lmid_t nsid;

  /* If the object has a preference, load it there!  */
  if (mapstartpref != 0)
    return mapstartpref;

  /* Otherwise, quickly look for a suitable gap between 0x3FFFF and
     0x70000000.  0x3FFFF is so that references off NULL pointers will
     cause a segfault, 0x70000000 is just paranoia (it should always
     be superseded by the program's load address).  */
  low =  0x0003FFFF;
  high = 0x70000000;
  for (nsid = 0; nsid < DL_NNS; ++nsid)
    for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
      {
    ElfW(Addr) mapstart, mapend;
    mapstart = l->l_map_start & ~(GLRO(dl_pagesize) - 1);
    mapend = l->l_map_end | (GLRO(dl_pagesize) - 1);
    assert (mapend > mapstart);

    /* Prefer gaps below the main executable, note that l ==
       _dl_loaded does not work for static binaries loading
       e.g. libnss_*.so.  */
    if ((mapend >= high || l->l_type == lt_executable)
        && high >= mapstart)
      high = mapstart;
    else if (mapend >= low && low >= mapstart)
      low = mapend;
    else if (high >= mapend && mapstart >= low)
      {
        if (high - mapend >= mapstart - low)
          low = mapend;
        else
          high = mapstart;
      }
      }

  high -= 0x10000; /* Allow some room between objects.  */
  maplength = (maplength | (GLRO(dl_pagesize) - 1)) + 1;
  if (high <= low || high - low < maplength )
    return 0;
  return high - maplength;  /* Both high and maplength are page-aligned.  */
}

Answer

经过一番挖掘后，我将回答我自己的问题。总之，这是一个依赖arch的东西。 PowerPC32 定义了首选加载地址函数，而大多数其他体系结构（包括 x86）没有定义此函数。

/* The idea here is that to conform to the ABI, we are supposed to try
   to load dynamic objects between 0x10000 (we actually use 0x40000 as
   the lower bound, to increase the chance of a memory reference from
   a null pointer giving a segfault) and the program's load address;
   this may allow us to use a branch instruction in the PLT rather
   than a computed jump.  The address is only used as a preference for
   mmap, so if we get it wrong the worst that happens is that it gets
   mapped somewhere else.  */

ElfW(Addr)
__elf_preferred_address (struct link_map *loader, size_t maplength,
             ElfW(Addr) mapstartpref)
{
  ElfW(Addr) low, high;
  struct link_map *l;
  Lmid_t nsid;

  /* If the object has a preference, load it there!  */
  if (mapstartpref != 0)
    return mapstartpref;

  /* Otherwise, quickly look for a suitable gap between 0x3FFFF and
     0x70000000.  0x3FFFF is so that references off NULL pointers will
     cause a segfault, 0x70000000 is just paranoia (it should always
     be superseded by the program's load address).  */
  low =  0x0003FFFF;
  high = 0x70000000;
  for (nsid = 0; nsid < DL_NNS; ++nsid)
    for (l = GL(dl_ns)[nsid]._ns_loaded; l; l = l->l_next)
      {
    ElfW(Addr) mapstart, mapend;
    mapstart = l->l_map_start & ~(GLRO(dl_pagesize) - 1);
    mapend = l->l_map_end | (GLRO(dl_pagesize) - 1);
    assert (mapend > mapstart);

    /* Prefer gaps below the main executable, note that l ==
       _dl_loaded does not work for static binaries loading
       e.g. libnss_*.so.  */
    if ((mapend >= high || l->l_type == lt_executable)
        && high >= mapstart)
      high = mapstart;
    else if (mapend >= low && low >= mapstart)
      low = mapend;
    else if (high >= mapend && mapstart >= low)
      {
        if (high - mapend >= mapstart - low)
          low = mapend;
        else
          high = mapstart;
      }
      }

  high -= 0x10000; /* Allow some room between objects.  */
  maplength = (maplength | (GLRO(dl_pagesize) - 1)) + 1;
  if (high <= low || high - low < maplength )
    return 0;
  return high - maplength;  /* Both high and maplength are page-aligned.  */
}

共享库加载内存地址区域是否依赖于体系结构？

答案1

答案2

相关内容