I am developing a simulator for which the instruction traces are coming from QEMU emulator. The instruction pointer in the traces are virtual instruction pointer.
My basic understanding of 32-bit Linux operating system is that out of 4GB address space, the lower 3GB i.e. 0-3GB is reserved for the application and the upper 1GB i.e. 3GB-4GB is reserved for the kernel.
Is my basic understanding correct ??
In order to determing the context of an instruction i.e. Kernel or Application, I am using a simple check ip>3G. Is this valid ??
One more thing, does this simple method easily extend to 64 bit operating systems ??
I assume you are talking about x86.
There are different virtual memory split options in the kernel that can be set in its config file. Take a look at VMSPLIT_* options in arch/x86/Kconfig.
3G / 1G, 2G / 2G, 1G / 3G are all possible.
To reliably check if the address belongs to the user space or the kernel space, you can compare it against TASK_SIZE value:
static int
is_user_space_address(unsigned long addr)
{
return (addr < TASK_SIZE);
}
Works on both 32-bit and 64-bit x86 systems at least.