(3b2) functions in data space
KW Heuer
kwh at bentley.UUCP
Wed Mar 12 02:22:56 AEST 1986
I've changed the cross-posting from net.unix to net.unix-wizards, as
this is no longer a neophyte question.
In article <728 at petsd.UUCP> petsd!law (Steve Law) writes:
>UNIX System V link editor (ld) allows one to put functions in the .data
>section of a COFF file. All you need to do is to create a ld command
>file (also called ifile). For example ...
The person who started this discussion was already able to create code
in the .data space; whether it's done by the loader or at run-time by
the program is irrelevant. The question is whether it's possible to
_execute_ such a function. On a vax, you can. On a pdp11 with split
I/D, you can't, because .text and .data addresses are each 16 bits,
so an attempt to call a function from .data space will actually call
the function at the same address in .text space. (The workaround is
to use ld -N, so you don't have split I/D.) The remainder of this
discussion focuses on the 3b2, where .text and .data addresses have
separate ranges (.text normally starts at 0x80800000, .data at
0x80880000).
The first thing I tried was "ld -N" as described in ld(1) and a.out(4).
It produced a normal 0410 file, just like a plain "ld" or "ld -n".
Then I tried patching the a.out file to change the magic number from
0410 to 0407; the resulting a.out could not be run (ENOEXEC). So I
looked at the kernel source. In the code for sys exec, there was a
comment which stated that 0407 is unimplemented on the 3b2 because of
a hardware restriction; it's apparently just not possible to have a
segment which is simultaneously executable and writable (or readable).
In article <1486 at devwrl.DEC.COM> williams at kirk.DEC (John Williams) writes:
>Perhaps a way around it would be to gain access somehow to the memory
>management register, have a function that flips a bit just before
>calling the data code, and cleans up afterwards.
This would allow a block of impure code to be _alternately_ .text
and .data, which is sufficient for some applications. Certainly this
sort of thing can be done in kernel mode (ptrace() is a good example);
Perhaps sys3b() is the loophole to user mode? The man page says it's
for the 3b20s -- there's a function of the same name on the 3b2, but
it might have a different set of subcommands. Subcommand 7 is to
"Modify the System Status Register". Is this it? In what way should
the register be modified to transmute a block at a given address?
More information about the Comp.lang.c
mailing list