memory management ii
DESCRIPTION
Memory Management II. CS 470 - Spring 200 2. Overview. Logical Addressing and Virtual Memory Logical to Linear Address Mapping Linear to Physical Address Mapping NT Virtual Address Descriptors What is a VAD? Virtual Memory Functions Example: Displaying the VAD splay - PowerPoint PPT PresentationTRANSCRIPT
Memory Management II
CS 470 - Spring 2002
Overview
• Logical Addressing and Virtual Memory– Logical to Linear Address Mapping– Linear to Physical Address Mapping
• NT Virtual Address Descriptors– What is a VAD?– Virtual Memory Functions– Example: Displaying the VAD splay– Example: How does the stack work?
Logical to Physical Mapping
Selector Segment OffsetLogical Address
Segment Translation
PG?
Dir Page Page Offset
Page Translation
Linear Address
Physical Address
Yes
NoControl Register 0, bit 31
031
31 0
31 0015
Linear to Physical Mapping
Dir Page Offset
0122231Linear Address
Dir Entry.
Page Directory
Pg Tbl Entry
Page Table
CR3
Physical Address
031Physical Address
Trans. Lookaside Buffer
misshit
Valid?
yes
Page FaultHandler
no
Page/Directory Table Entry
Page Frame Addr D ACD
RW
US
V
31 12 9 8 7 6 5 4 3 2 1 0
V ValidR/W Read / WriteU/S User / SupervisorW/T Write throughC/D Cache DisabledA AccessedD DirtyL Large pageGL Global
WT
GL
L
VM Access Steps• Instruction references logical address
• Hardware looks up page table entry
• Valid PTE gives physical address
• Invalid PTE causes address exception (page fault)
• Handler copies page to memory from disk or net, updates PTE and restarts instruction. Now have valid PTE and so get physical address
• Physical address used to access cache
Virtual Memory Advantages
• Allows programs to be larger than physical memory, but more importantly it allows many more processes to be simultaneously active
• Page table entries allow for security with page level granularity
• But, much added complexity, especially danger of thrashing as memory is so much faster than disk access
NT Process Structure
Process
AccessToken
Thread a
File c
Section f
Object Table
Virtual Address Space Description
Handle 1
Handle 2
Handle 3
Virtual Address Descriptors• Per process splay of VAD’s describes its
virtual address space
• VAD records location, security, and inheritance of a range of pages
• Each region can be free, reserved, or reserved and committed.– Reserved - No storage, Inaccessible, can’t
reserve a second time– Committed - Storage can be associated with
the region, can be accessible, PTE constructed on first access.
VAD Information• Starting and Ending address for VAD
range; amount of committed memory
• Pointers to other VAD structures in splay
• Attributes– Is allocated memory committed?– Shared/private flag– Protection (cf next slide)– Copy-on-write enabled flag - For Posix fork()– Inherited by forked child? (for mapped views)– Mapped view of section object?
VAD Protection Bits
• Combinations of the following: PAGE_NOACCESS, PAGE_READONLY, PAGE_READWRITE, PAGE_EXECUTE, PAGE_EXECUTE_READ, PAGE_EXECUTE_READWRITE, PAGE_GUARD, and PAGE_NOCACHE
• Allocation types:
MEM_RESERVE, MEM_COMMIT, MEM_TOP_DOWN
Virtual Memory Functions
• VirtualAllocateEx - To reserve or commit
• VirtualFreeEx - To de-commit or release
• VirtualProtectEx - To modify protection
• VirtualLock, VirtualUnlock - To lock pages into memory
• VirtualQueryEx - To get information on a region of memory
• GlobalMemoryStatus - To get summary information
Virtual Memory Allocation
LPVOID VirtualAllocEx(
HANDLE hProcess,
LPVOID lpAddress, // can be NULL
DWORD dwSize,
DWORD flAllocationType, // See last slide
DWORD flProtect // See last slide
);
Freeing Virtual Memory
• BOOL VirtualFreeEx(
HANDLE hProcess,
LPVOID lpAddress,
DWORD dwSize,
DWORD dwFreeType );
• Types: MEM_DECOMMIT, MEM_RELEASE
Changing Protection
• BOOL VirtualProtectEx(
HANDLE hProcess,
LPVOID lpAddress,
DWORD dwSize,
DWORD flNewProtect,
PDWORD lpflOldProtect );
Locking Pages into Memory
• BOOL VirtualLock(
LPVOID lpAddress,
DWORD dwSize );
• BOOL VirtualUnlock(
LPVOID lpAddress,
DWORD dwSize );
• At most 30 pages can be locked -- without changing minimum working set size.
VAD Status Functions
• DWORD VirtualQueryEx(
HANDLE hProcess,
LPCVOID lpAddress,
PMEMORY_BASIC_INFORMATION lpBuffer, // See next
slide
DWORD dwLength );
• VOID GlobalMemoryStatus(
LPMEMORYSTATUS lpBuffer );
Memory Info Structure• typedef struct
_MEMORY_BASIC_INFORMATION {
PVOID BaseAddress;
PVOID AllocationBase;
DWORD AllocationProtect;
DWORD RegionSize;
DWORD State;
DWORD Protect;
DWORD Type; // e.g. MEM_PRIVATE
} MEMORY_BASIC_INFORMATION;
Summary Info Struct
typedef struct _MEMORYSTATUS {
DWORD dwLength; // of this struct
DWORD dwMemoryLoad;
DWORD dwTotalPhys, dwAvailPhys;
DWORD dwTotalPageFile;
dwAvailPageFile;
DWORD dwTotalVirtual, dwAvailVirtual;
} MEMORYSTATUS;
Example: mem.c• Use VirtualQueryEx to print out vad info• DWORD ShowRegion(
HANDLE hProcess, LPCVOID addr) {
MEMORY_BASIC_INFORMATION mbi;
if (!VirtualQueryEx(hProcess, addr, &mbi, sizeof(mbi))) {
Gripe(); return -1;
} else {
print_out_mbi (&mbi);
} }
PAGE_GUARD Protection
• Visual C++ VirtualAlloc doc says --
Pages in the region become guard pages. Any attempt to read from or write to a guard page causes the operating system to raise a STATUS_GUARD_PAGE exception and turn off the guard page status. Guard pages thus act as a one-shot access alarm.
How does the stack work?#include <stdio.h>
#include <windows.h>
void main() {
unsigned sptr;
__asm {
mov eax, esp
mov sptr, eax
}
printf("esp: 0x%x\n", sptr);
while (getchar()) { __asm { mov eax, esp sub eax, 4096 mov esp, eax mov sptr, eax mov eax, [esp] } printf("esp: 0x%x\n",
sptr); }}
Jumping over the Guard Page• void main() { char a[4096]; }• The assembly language is:
push ebp mov ebp, esp mov eax, 4096 call __chkstk mov esp, ebp pop ebp• See vc98\crt\src\intel\chkstk.asm in c:\
program files\Microsoft Visual Studio