Determine context based on instruction pointer

Question

I am developing a simulator for which the instruction traces are coming from QEMU emulator. The instruction pointer in the traces are virtual instruction pointer.

My basic understanding of 32-bit Linux operating system is that out of 4GB address space, the lower 3GB i.e. 0-3GB is reserved for the application and the upper 1GB i.e. 3GB-4GB is reserved for the kernel.

Is my basic understanding correct ??

In order to determing the context of an instruction i.e. Kernel or Application, I am using a simple check ip>3G. Is this valid ??

One more thing, does this simple method easily extend to 64 bit operating systems ??

Answer 1

I assume you are talking about x86.

There are different virtual memory split options in the kernel that can be set in its config file. Take a look at VMSPLIT_* options in arch/x86/Kconfig.

3G / 1G, 2G / 2G, 1G / 3G are all possible.

To reliably check if the address belongs to the user space or the kernel space, you can compare it against TASK_SIZE value:

static int
is_user_space_address(unsigned long addr)
{
    return (addr < TASK_SIZE);
}

Works on both 32-bit and 64-bit x86 systems at least.