Memory Management II power point slides

reelingripehalfSoftware and s/w Development

Dec 14, 2013 (3 years and 5 months ago)

71 views

Memory Management II

CS 470
-

Spring 200
2

Overview


Logical Addressing and Virtual Memory


Logical to Linear Address Mapping


Linear to Physical Address Mapping


NT Virtual Address Descriptors


What is a VAD?


Virtual Memory Functions


Example: Displaying the VAD splay


Example: How does the stack work?

Logical to Physical Mapping

Selector

Segment Offset

Logical Address

Segment Translation

PG?

Dir

Page

Page Offset

Page Translation

Linear Address

Physical Address

Yes

No

Control Register 0, bit 31

0

31

31

0

31

0

0

15

Linear to Physical Mapping

Dir

Page

Offset

0

12

22

31

Linear Address

Dir Entry.

Page Directory

Pg Tbl Entry

Page Table

CR3

Physical Address

0

31

Physical Address

Trans. Lookaside Buffer

miss

hit

Valid?

yes

Page Fault

Handler

no

Page/Directory Table Entry

Page Frame Addr

D

A

C

D

R

W

U

S

V

31 12 9 8 7 6 5 4 3 2 1 0

V Valid

R/W Read / Write

U/S User / Supervisor

W/T

Write through

C/D

Cache Disabled

A Accessed

D Dirty

L

Large page

GL

Global

W

T

G

L

L

VM Access Steps


Instruction references logical address


Hardware looks up page table entry


Valid PTE gives physical address



Invalid PTE causes address exception
(page fault)


Handler copies page to memory from
disk or net, updates PTE and restarts
instruction. Now have valid PTE and so
get physical address


Physical address used to access cache

Virtual Memory Advantages


Allows programs to be larger than
physical memory, but more importantly it
allows many more processes to be
simultaneously active


Page table entries allow for security with
page level granularity


But, much added complexity, especially
danger of thrashing as memory is so
much faster than disk access

NT Process
Structure

Process

Access

Token

Thread a

File c

Section f

Object Table

Virtual Address Space Description

Handle 1

Handle 2

Handle 3

Virtual Address Descriptors


Per process splay of VAD’s describes its
virtual address space


VAD records location, security, and
inheritance of a range of pages


Each region can be free, reserved, or
reserved and committed.


Reserved
-

No storage, Inaccessible, can’t
reserve a second time


Committed
-

Storage can be associated with
the region, can be accessible, PTE
constructed on first access.

VAD Information


Starting and Ending address for VAD
range; amount of committed memory


Pointers to other VAD structures in splay


Attributes


Is allocated memory committed?


Shared/private flag


Protection (cf next slide)


Copy
-
on
-
write enabled flag
-

For Posix fork()


Inherited by forked child? (for mapped
views)


Mapped view of section object?

VAD Protection Bits


Combinations of the following:
PAGE_NOACCESS, PAGE_READONLY,
PAGE_READWRITE, PAGE_EXECUTE,
PAGE_EXECUTE_READ,
PAGE_EXECUTE_READWRITE,
PAGE_GUARD, and PAGE_NOCACHE


Allocation types:


MEM_RESERVE, MEM_COMMIT,
MEM_TOP_DOWN

Virtual Memory Functions


VirtualAllocateEx
-

To reserve or commit


VirtualFreeEx
-

To de
-
commit or release


VirtualProtectEx
-

To modify protection


VirtualLock, VirtualUnlock
-

To lock
pages into memory


VirtualQueryEx
-

To get information on a
region of memory


GlobalMemoryStatus
-

To get summary
information

Virtual Memory Allocation

LPVOID VirtualAllocEx(


HANDLE hProcess,


LPVOID lpAddress, // can be NULL


DWORD dwSize,


DWORD flAllocationType, // See last slide


DWORD flProtect // See last slide

);

Freeing Virtual Memory


BOOL VirtualFreeEx(




HANDLE hProcess,




LPVOID lpAddress,




DWORD dwSize,




DWORD dwFreeType );


Types: MEM_DECOMMIT,
MEM_RELEASE

Changing Protection


BOOL VirtualProtectEx(




HANDLE hProcess,




LPVOID lpAddress,



DWORD dwSize,




DWORD flNewProtect,



PDWORD lpflOldProtect );

Locking Pages into Memory


BOOL VirtualLock(




LPVOID lpAddress,



DWORD dwSize );



BOOL VirtualUnlock(




LPVOID lpAddress,



DWORD dwSize );


At most 30 pages can be locked
--

without changing minimum working set
size.

VAD Status Functions


DWORD VirtualQueryEx(




HANDLE hProcess,




LPCVOID lpAddress,




PMEMORY_BASIC_INFORMATION




lpBuffer, // See next slide




DWORD dwLength );


VOID GlobalMemoryStatus(




LPMEMORYSTATUS lpBuffer );

Memory Info Structure


typedef struct




_MEMORY_BASIC_INFORMATION {



PVOID BaseAddress;



PVOID AllocationBase;



DWORD AllocationProtect;



DWORD RegionSize;



DWORD State;



DWORD Protect;



DWORD Type; // e.g. MEM_PRIVATE


} MEMORY_BASIC_INFORMATION;


Summary Info Struct

typedef struct _MEMORYSTATUS {


DWORD dwLength; // of this struct


DWORD dwMemoryLoad;


DWORD dwTotalPhys, dwAvailPhys;


DWORD dwTotalPageFile;




dwAvailPageFile;


DWORD dwTotalVirtual, dwAvailVirtual;

} MEMORYSTATUS;

Example: mem.c


Use VirtualQueryEx to print out vad info


DWORD ShowRegion(



HANDLE hProcess, LPCVOID addr) {



MEMORY_BASIC_INFORMATION mbi;



if (!VirtualQueryEx(hProcess, addr,




&mbi, sizeof(mbi))) {




Gripe(); return
-
1;



} else {




print_out_mbi (&mbi);


} }

PAGE_GUARD Protection


Visual C++ VirtualAlloc doc says
--


Pages in the region become guard
pages. Any attempt to read from or write
to a guard page causes the operating
system to raise a
STATUS_GUARD_PAGE exception and
turn off the guard page status. Guard
pages thus act as a one
-
shot access
alarm.

How does the stack work?

#include <stdio.h>

#include <windows.h>

void main() {


unsigned sptr;


__asm {


mov eax, esp


mov sptr, eax


}


printf("esp: 0x%x
\
n", sptr);



while (getchar()) {


__asm {


mov eax, esp


sub eax, 4096


mov esp, eax


mov sptr, eax


mov eax, [esp]


}


printf("esp: 0x%x
\
n",




sptr);


}

}


Jumping over the Guard Page


void main() { char a[4096]; }



The assembly language is:



push ebp



mov ebp, esp



mov eax, 4096



call __chkstk



mov esp, ebp



pop ebp


See vc
98
\
crt
\
src
\
intel
\
chkstk.asm

in
c:
\
program files
\
Microsoft Visual Studio