Muli Ben-Yehuda's journal

June 8, 2004

PNS day 30 – what would a SEAL do?

Filed under: Uncategorized — Muli Ben-Yehuda @ 6:41 PM

Weight continues dropping, and I’m breaking new grounds. May the trend continue unabated!

This morning I went to the pool and swam my customary 1 kilometer. I was very close to quitting at the 500 meters mark and at the 750 meters mark. Each time, I asked myself what a SEAL would do, and just kept going. As the gym-master says, exercising is half muscles and three quarters will power.

My reward for the swim is aching all over, and a small measure of satisfaction at not quitting. I’ll take the latter even with the former any day.

Tomorrow the plan is weights in the morning, and likewise on Thursday. I’m thinking tennis on Saturday will be swell… now I just need to find a partner-in-crime.

Aviram Jenik talk on “Application level attacks: Security holes are YOUR fault”

Filed under: Uncategorized — Muli Ben-Yehuda @ 6:35 PM

Aviram Jenik of BeyondSecurity gave a most entertaining talk this morning at HRL. Hearing Aviram talk is always a pleasure, and this morning was no different.

the story of a (page) fault

Filed under: Uncategorized — Muli Ben-Yehuda @ 6:15 PM

I just added some tracing code to arch/i386/mm/fault.c:do_page_fault() and it worked on the first try. I love it when that happens!

I’m trying to figure out why a user space program that accesses the area where the kernel is supposedly mapped (above PAGE_OFFSET,
e.g. 0xC0000004) gets killed. I know (vis-a-vis the tracing code
mentioned above) that it gets a page fault, sees that it’s above PAGE_OFFSET and a user space fault, and then sends a SIGSEGV. What I am not absolutely convinced about is why the fault happens in the first place. The options are that it gets a fault because the kernel is mapped, but the protection on the ptes is such that only code running in ring 0 (i.e. the kernel) can access them, or that the kernel is not mapped while we are running in user space, and is only mapped in when we context switch to kernel space. The former makes a lot more sense, but I haven’t yet hunted down the code that does it.

This question came up in the context of our reading group at work that is reading Mel Gorman’s Understanding the Linux VM book. The books is not great for our needs (too many details, not enough overview and concepts), but provides great context for the discussions.

Blog at