Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 ggr 10/10/85; site bentley.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!bentley!kwh
From: kwh@bentley.UUCP (KW Heuer)
Newsgroups: net.lang.c,net.unix-wizards
Subject: (3b2) functions in data space
Message-ID: <622@bentley.UUCP>
Date: Tue, 11-Mar-86 11:22:56 EST
Article-I.D.: bentley.622
Posted: Tue Mar 11 11:22:56 1986
Date-Received: Thu, 13-Mar-86 07:25:07 EST
References: <728@petsd.UUCP> <1486@devwrl.DEC.COM>
Organization: AT&T Bell Laboratories, Liberty Corner
Lines: 42
Xref: watmath net.lang.c:8126 net.unix-wizards:17160

I've changed the cross-posting from net.unix to net.unix-wizards, as
this is no longer a neophyte question.

In article <728@petsd.UUCP> petsd!law (Steve Law) writes:
>UNIX System V link editor (ld) allows one to put functions in the .data
>section of a COFF file.  All you need to do is to create a ld command
>file (also called ifile).  For example ...

The person who started this discussion was already able to create code
in the .data space; whether it's done by the loader or at run-time by
the program is irrelevant.  The question is whether it's possible to
_execute_ such a function.  On a vax, you can.  On a pdp11 with split
I/D, you can't, because .text and .data addresses are each 16 bits,
so an attempt to call a function from .data space will actually call
the function at the same address in .text space.  (The workaround is
to use ld -N, so you don't have split I/D.)  The remainder of this
discussion focuses on the 3b2, where .text and .data addresses have
separate ranges (.text normally starts at 0x80800000, .data at
0x80880000).

The first thing I tried was "ld -N" as described in ld(1) and a.out(4).
It produced a normal 0410 file, just like a plain "ld" or "ld -n".
Then I tried patching the a.out file to change the magic number from
0410 to 0407; the resulting a.out could not be run (ENOEXEC).  So I
looked at the kernel source.  In the code for sys exec, there was a
comment which stated that 0407 is unimplemented on the 3b2 because of
a hardware restriction; it's apparently just not possible to have a
segment which is simultaneously executable and writable (or readable).

In article <1486@devwrl.DEC.COM> williams@kirk.DEC (John Williams) writes:
>Perhaps a way around it would be to gain access somehow to the memory
>management register, have a function that flips a bit just before
>calling the data code, and cleans up afterwards.

This would allow a block of impure code to be _alternately_ .text
and .data, which is sufficient for some applications.  Certainly this
sort of thing can be done in kernel mode (ptrace() is a good example);
Perhaps sys3b() is the loophole to user mode?  The man page says it's
for the 3b20s -- there's a function of the same name on the 3b2, but
it might have a different set of subcommands.  Subcommand 7 is to
"Modify the System Status Register".  Is this it?  In what way should
the register be modified to transmute a block at a given address?