Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!im4u!ut-sally!seismo!sundc!netxcom!beattie
From: beattie@netxcom.UUCP
Newsgroups: comp.os.minix
Subject: Re: MINIX memory management/protection
Message-ID: <299@netxcom.UUCP>
Date: Fri, 6-Feb-87 10:49:29 EST
Article-I.D.: netxcom.299
Posted: Fri Feb  6 10:49:29 1987
Date-Received: Sun, 8-Feb-87 05:22:25 EST
References: <252@hqda-ai.UUCP> <1169@steinmetz.steinmetz.UUCP> <511@bobkat.UUCP> <888@cartan.Berkeley.EDU>
Reply-To: beattie@netxcom.UUCP (Brian Beattie)
Organization: NetExpress Communications Inc. Vienna, Va.
Lines: 52
Keywords: shared swapped jobs

In article <888@cartan.Berkeley.EDU> ballou@brahms.Berkeley.EDU (Kenneth R. Ballou) writes:
>In article <511@bobkat.UUCP> m5d@bobkat.UUCP (Mike McNally (dlsh)) writes:
>>In article <1169@steinmetz.steinmetz.UUCP> davidsen@kbsvax.UUCP (william E Davidsen) writes:
>>>
>>>If you allocate a full 64k to data, there is hardware protection: you
>>>can't address more than that. This assures that any program which
>>>doesn't deliberately set out to cause problems will not modify the
>>>code. ...
>>
>>What about a program with a bug in it?  Like "strcpy(a, b)" when "a" is
>>not quite what I meant?  It's real easy to make this kind of mistake;
>>how many times while debugging a program on a VAX (or whatever) do you
>>get SIGBUS or SIGSEGV?
>[Omitted here:  a description of a phenomenon with which I'm sure we are
> all too painfully familiar -- how wild pointers can crash programs and
> machines.]
>
>	I think you have missed a key point here which depends on the iAPX86
>architecture.  Because addresses are constructed as SEGMENT:OFFSET, as long
>as the compiler generates no code that would reload the segment registers
>and as long as you do not use any assembly code in your program that does
>this, then you are physically constrained to 64K bytes starting at absolute
>location 16 * SEGMENT.  Since pointers are passed only as offsets, the
>worst you can do is scribble over your 64K segment.
>
>	However, this is a blatant lie, and it is possible you are
>vindicated.  For, if auto variables are allocated on the stack, one
>could still easily lose.  Since the stack must lie in the same segment
>as the static data (otherwise, pointers must have segments associated
>with them to distinguish between auto and static variables), it is
>possible to scribble over the stack.  In doing so, one could alter a
>return address and find oneself in another process, or perhaps the
>kernel.  Also, equally likely is that one would try to execute data
>and encounter an illegal opcode.  I believe (but I am not certain)
>that this halts the 8086.
>
>--------
>Kenneth R. Ballou			ARPA:  ballou@brahms.berkeley.edu
>Department of Mathematics		UUCP:  ...!ucbvax!brahms!ballou
>University of California
>Berkeley, California  94720


Actually if you arange your code so data follows (which MINIX does)
since all jumps/calls/rets (except the long vesion) are CS:OFFSET
you may jump into your data, but not outside of your process space.
-- 
-----------------------------------------------------------------------
Brian Beattie			| Phone: (703)749-2365
NetExpress Communications, Inc.	| uucp: seismo!sundc!netxcom!beattie
1953 Gallows Road, Suite 300	|
Vienna,VA 22180			|