Shared library load address under Linux

Question

I have a major doubt regarding the shared library. What I studied is that the virtual address of a library that will be shared by different processes will be same for all these processes. But I tried to look into the same using the proc filesystem through the following set of command:

$ cat /proc/*/maps | grep /lib/libc-2.12.1.so

The output was:

0025a000-003b1000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
003b1000-003b2000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
003b2000-003b4000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
003b4000-003b5000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
0086d000-009c4000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
009c4000-009c5000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
009c5000-009c7000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
009c7000-009c8000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00110000-00267000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
00267000-00268000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00268000-0026a000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
0026a000-0026b000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00485000-005dc000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
005dc000-005dd000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
005dd000-005df000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
005df000-005e0000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00110000-00267000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
00267000-00268000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00268000-0026a000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
0026a000-0026b000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00181000-002d8000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
002d8000-002d9000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
002d9000-002db000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
002db000-002dc000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00110000-00267000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
00267000-00268000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00268000-0026a000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
0026a000-0026b000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
0013c000-00293000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
00293000-00294000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00294000-00296000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00296000-00297000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00bf7000-00d4e000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
00d4e000-00d4f000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00d4f000-00d51000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so
00d51000-00d52000 rw-p 00159000 08:07 1046574    /lib/libc-2.12.1.so
00227000-0037e000 r-xp 00000000 08:07 1046574    /lib/libc-2.12.1.so
0037e000-0037f000 ---p 00157000 08:07 1046574    /lib/libc-2.12.1.so
0037f000-00381000 r--p 00157000 08:07 1046574    /lib/libc-2.12.1.so

The virtual addresses are different for the same shared library for different processes.

Can somebody please explain me why it is like this?

Answer 1

The shared library loader ld.so may change the virtual addresses at which a shared library is loaded depending on the needs of a binary, since the size of code, data and other sections may vary from one binary to the next. The process of rearranging the address space is called relocation.

Relocation is also the reason why you have to compile shared libraries as position-independent code with gcc -fPIC.

Answer 2

Same virtual address for shared libraries is from a.out days. ELF doesn't have such limitation.

Additionally kernel randomizes mapping layout (see ASLR).