shadow memory

[zach.tu...@gmail.com]

There is a place on shadow memory that doesn't quite understand, as described below:

Take memory size 4G as an example.

In taint_memory.h：

#define BITPAGE_LEAF_BITS    TARGET_PAGE_BITS          

#define BITPAGE_MIDDLE_BITS (32-TARGET_PAGE_BITS)/2

BITPAGE_LEAF_BITS=12，BITPAGE_MIDDLE_BITS=(32-12)/2=10

//definition of leaf node

typedef struct _tbitpage_leaf {  

  uint8_t bitmap[2 << BITPAGE_LEAF_BITS];  //bitmap[2^13]

} tbitpage_leaf_t;

The bitmap size is 2^13bytes（8KB）

/* Middle node for holding memory taint information */

typedef struct _tbitpage_middle {

  tbitpage_leaf_t *leaf[2 << BITPAGE_MIDDLE_BITS];  //leaf[2^11]

} tbitpage_middle_t;

Each middle node contains 2^11 leaf nods。

/* Root node for holding memory taint information */

tbitpage_middle_t **taint_memory_page_table = NULL;

static void allocate_taint_memory_page_table(void) {

  if (taint_memory_page_table) return; // AWH - Don't allocate if one exists

  taint_memory_page_table_root_size = ram_size >> (BITPAGE_LEAF_BITS + BITPAGE_MIDDLE_BITS);  //ram_size=2^32,taint_memory_page_table_root_size=2^10

  taint_memory_page_table = (tbitpage_middle_t **) 

    g_malloc0(taint_memory_page_table_root_size * sizeof(void*));

  allocate_leaf_pool();

  allocate_middle_pool();

  middle_nodes_in_use = 0;

  leaf_nodes_in_use = 0;

}

In the function allocate_taint_memory_page_table(), we assign the size of the root node,ram_size = 2^32，

taint_memory_page_table_root_size = ram_size >> (BITPAGE_LEAF_BITS + BITPAGE_MIDDLE_BITS)=(2^32)> > (12 + 10)= 2^10 = 1024

Qeustion1:Generally, the page size of 4G RAM is 4KB, and the size of a leaf node defined here is not equal to the size of a page. Why?

Qeustion2:From the above allocation, if the ram_size is 4G, then the size of the entire shadow memory should be 2^13 * 2^11 * 2^10 bytes = 2^34bytes = 16G > ram_size, which is wrong or deliberate So designed?