ZeroPain

Background

Since July 2015 builds of RISC OS 5 running on ARMv5 or later processors have been available which make use of “zero page relocation”, a change to the standard memory map which moves the processor vectors and the kernel’s “zero page” workspace away from address zero and up to the high end of the memory map.

This greatly increases the system’s resilience to a common type of software bug known as a “null pointer dereference”, this comes in two forms:

1. Reading
   Buggy software makes a “harmless” null pointer dereferences where the code reads from page zero and then does something insignificant with the result (usually ignoring it completely), or proceeds to use the value read and subsequently crashes.
2. Writing
   Buggy software corrupts either the operating system workspace or overwrites the processor vectors, most likely this results in crashing the computer or similar knock on effects.

RISC OS 5.24 and later contain a temporary measure where there is still a page of RAM left mapped in at the old address to allow buggy software to continue to a limit. The access attributes are set such that:

• Reading
  Is permitted in all processor modes (no change).
• Writing
  Is forbidden in all processor modes (previously it was forbidden in user mode, but privileged modes could write).

This is designed to ensure the class of bugs with the most dangerous side effect are always faulted. The other class of bug, reading, is still a problem because the data your application is using is undefined.

In order to allow you to check your applications for bugs and report them to the author so they can be fixed, a means of logging them is needed.

This is where ZeroPain comes in. ZeroPain traps most attempts to read page zero and emulates the operation, providing a safe level of compatibility with the old memory map. And for any page zero access which it emulates, it adds an entry to a log file so that the user/developer is aware of the issue.

Note that ZeroPain does not trap writes to page zero, nor any attempts to execute code. Some infrequently used instructions, such as LDRD, are also not dealt with. In these cases a data or prefetch abort will be raised as normal, and the program will most likely terminate with an error.

Installation

The recommended method of installation is to add the ZeroPain module to your Choices.Boot.PreDesk folder.

To ensure that the log file is clearly visible, the default log location is the file ‘ZeroPain’ in the root of your boot drive. However if desired you can specify a different location for the file by passing the desired log file name when the module is loaded, for example:

RMLoad ZeroPain ADFS::Foo.$.Bar.Log

The module is intended to be a temporary aid to be used until the dummy compatibility page of RAM at address zero is removed – it is not intended to be a long-term compatibility solution for running old or unmaintained software.

Use

Log file entries

As long as the module is running, it will be monitoring the data abort vector and watching for attempts to read from page zero. If an attempt is caught and emulated, an entry will be added to the log file. If Reporter is running the module will also send a message to Reporter’s log.

Remember to review the contents of the log file at regular intervals, to see if there are any issues which haven’t already been reported to the relevant application developer. Any defective applications should be reported to the author and added to the list of known problems at Reporting zero page protection errors.

ZeroPain will pause logging once the log file exceeds 1MB in size. Deleting the log will allow it to resume.

Kill switch

Older versions of ZeroPain were distributed with a specific release of RISC OS: a built-in “kill switch” would stop it working on all later releases of RISC OS.

The version of ZeroPain distributed in the “Bonus Binaries” package no longer has a kill switch, so can be used on any RISC OS 5 release from 5.24 onwards.

History of the component

To view the release history for versions available on the ROOL web site, visit the GitLab Commits page (releases are “tagged” with the version number).

The source code is available from the GitLab source page.