Thanks. Life's been super busy, but hopefully settling down a bit soon.

What if the memory is mapped but mprotect'ed? What would be the best way to check if the read is not going to issue the protection?

You would be sued for putting your child's life in danger in the Kernel Court!

Pointers to hardware are differently mapped than pointers in the process space.

@@maxaafbackname5562 Can you expand on that? How so? I assume you can’t just `mmap` them but I thought they were still, as far as C was concerned, just pointers

@@danielrhouck as far as the concept of the pointer itself, there is no difference for the language and the CPU instructions. The addresses in a process are virtual addresses, not fysical addresses. These virtual addresses are handled/controlled by the Menory Managment Unit. This virtual addresses are mapped by the MMU to fysical addresses. (This includes things like paging and virtual memory.) Because of this mapping, addresses in a process are the same virtual address (as seen by the "user") in a spawned (child) process after a fork(), but are at different fysical addresses. The parent process memory itself is not shared with the child, only the addresses. (Memory between threads is shared, but fork() is about processes.) That's why the trick with the child process works. If the address is valid, the write is done on the same virtual address, but at a part of memory that is only of the child process, not the parent process. (The child has the same ranges of valid addresses as the parent process.) From the point of view of the parent process, the write is never done. The wite is only done in the memory of the child process, not the parent process. For hardware addresses, the trick with the child process does not work because that mapping from virtual addresses to fysical addresses does not exist or is different. The write to that (hardware) adress can't be tricked because if the write is valid, the write is done. And a double write to a hardware address results mostly in an unwanted result/hardware state. In Linux there are virtual, logical and fysical addresses. But I don't think the explanation of that make much difference for this explanation. Also the case of things like hardware virtualisation etc.

Maybe good point about shared memory? The pointer/code does not knows it is pointing to memory thar is shared between parant and child process. If the process scheduler decides that the parent process is run before the child process, after the fork(), the last of the two writes to the same (shared) menory, is not the write (withe the value) you want!

@@maxaafbackname5562 I know why the `fork` trick mentioned would work in “normal” cases. l think you’re saying the same thing I was; with a pointer to a hardware device the `fork` trick doesn’t work.

A late reply, but maybe this is still interesting or helpful to you: There are a couple "restrictions" to pointers: 1) The most important thing: "normal" (user space) programms can only access virtual memory (virtual address space). The operating system creates those "fake" address spaces for each process which makes it so that each process gets the illusion of having access to the whole available 32/64-Bit memory address space. The OS maps actual physical memory into the virtual address space of each process. But it only maps as much as the process needs. So the majority of the processes address space is not mapped to actual memory most of the time. And if you try to access an address in the virtual address space of the process that is not mapped to any actual physical memory you get the classic segfault. 2) Another effect of this virtual address space is that each process pretty much runs in a "memory sandbox", as there is no way to access memory of other processes, except if the operating system (or some kernel driver) offers syscalls that let you read from/write to memory of another process. In Linux there's the pseudo file /proc/$pid/mem that let's you do that or the ReadProcessMemory/WriteProcessMemory APIs in Windows. 3) What addresses you can read/write to also depends on the protection flags of the memory page that the address you're trying to access. Some memory for example is marked as readonly and you can't write to it with a pointer. But you can change the protection flags with mprotect (VirtualProtect for Windows) to make it writeable for example. Fun fact: Early operating systems like DOS did not have this virtual address space and you actually could just read/write foreign process memory without any restrictions. But that of course is also highly dangerous.

You can have a bad pointer and still not segfault, and that's even worse because your program may seem to run properly, or crash at a totally different point.

@@xravenx24fe true but in this context that's not relevent as the code only checks for unmapped addresses, which triggers a segfault always. The kind you're talking about won't ever be caught by simply trying to read/write to them

You also missed spaces mapped, direct or indirect, with mmap(). For example large blocks are directly mmap()'ed by mallic() in stead of allocated with the heap manager from the heap.

Yep, malloc a large block (50MB) and look at the address. On most modern OSes, it won't be where your small heap objects are.

It's a font ligature. I've mentioned it in previous videos. Sorry it caused confusion.

If it is on child?

Simply if the child process happens to call `pause()` or any other system call that makes it halt for an undertemined amount of time, then `waitpid()` called by the parent would wait for its child to terminate, which might never happen. This is why you can pass the option WNOHANG (defined in wait.h) to waitpid, which changes waitpid's behaviour so that it just checks if the child has exited but doesn't actually "wait" as long as said child process is still running. Refer to `man 2 waitpid` for more info. EDIT: This happens when you start a shell session in an already running shell. The parent shell forks, then launches the second program (by calling execve or an alternative), and waits for it to terminate. So if the second the seconde program is another shell, it will show a prompt and read the standard input, which pauses it (for the user to actually type their input). So in that example, the "parent" shell is kind of stuck in its call to `waitpid`, because the "child" shell is busy operating its function, and does not terminate immediately. However, in the use case presented for waitpid in this video, it seems impossible for waitpid to never return.

Yes, it does.

There is almost never ever any reason to check pointers.