1

Ch 14 Process Address Space

제 51 강 : Process Address Space

2

text: r-x-pdata: rw--pbss: rw--pstack: rwx-p

Permissions / Purposeintervals of legal

addresses “memory areas

(VMA)”

r: readable w: writablex: executable s: sharedp: private(copy on write)

ld(92KB)

libc(1232KB)

stack(8KB)

stack

datatext

textdatabss

#include<stdio.h>int i=1;int main(argc, argv){

printf(“%d”i);}

08048000-08049000

40014000-40016000

08049000-0804a000

bfffe000-c0000000

40000000-4001300040013000-40014000

my code (92KB)

4001c000-4010900040109000-4010d0004010d000-40111000

textdatabss

My Program

3

Example of Address Mapping

$ ./a.out >null & [1] 673

$ cat /proc/673/maps08048000-08049000 r-xp 00000000 08:21 6160562 /home/trinite/a.out08049000-0804a000 rw-p 00000000 08:21 6160562 /home/trinite/a.out

40000000-40013000 r-xp 00000000 08:01 917 /lib/ld-2.1.3.so40013000-40014000 rw-p 00012000 08:01 917 /lib/ld-2.1.3.so40014000-40016000 rw-p 00000000 00:00 0

4001c000-40109000 r-xp 00000000 08:01 923 /lib/libc-2.1.3.so40109000-4010d000 rw-p 000ec000 08:01 923 /lib/libc-2.1.3.so4010d000-40111000 rw-p 00000000 00:00 0

bfffe000-c0000000 rwxp fffff000 00:00 0

The address map of the running process is /proc/<pid>/maps

my code

loader

lib

stack

addressspace

T

L

S

D

4

struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ struct thread_info *thread_info; unsigned long flags; /* per process flags, defined below */ int prio, static_prio; struct list_head tasks;

struct mm_struct *mm, /*active_mm; struct task_struct *parent; /* parent process */ struct list_head children; /* list of my children */ struct list_head sibling; /* linkage in my parent's children list */ struct tty_struct *tty; /* NULL if no tty *//* ipc stuff */ struct sysv_sem sysvsem;/* CPU-specific state of this task */ struct thread_struct thread;/* filesystem information */ struct fs_struct *fs;/* open file information */ struct files_struct *files;/* namespace */ struct namespace *namespace;/* signal handlers */ struct signal_struct *signal; struct sighand_struct *sighand;};

5

thread_info

kernel stack

task field mmap

task_struct

mm_struct

vm_next

mm

tty

files

fs

poin

ters

vm_area_struct

addressspace

T

L

S

D

CPUStack

vm_next

vm_area_struct

vm_next

vm_area_struct

vm_next

vm_area_struct

6

struct mm_struct { /* memory descriptor of a process */

struct vm_area_struct *mmap; /* list of VMAs */

struct rb_root mm_rb; atomic_t mm_users; /* How many users with user space? */

atomic_t mm_count; /* How many references to "mm_struct" */

int map_count; /* number of VMAs */ struct rw_semaphore mmap_sem; spinlock_t page_table_lock; /* Protects task page tables and .. */

struct list_head mmlist; /* List of all active mm's. */ unsigned long start_code, end_code, start_data, end_data;

unsigned long start_brk, brk, start_stack; unsigned long arg_start, arg_end, env_start, env_end; unsigned long rss, total_vm, locked_vm; unsigned long def_flags;

…..

};

addressspace

T

L

S

D

7

• represents process’s address space• each process receives unique mm_struct• consists of (has pointers to) several VMA’s (memory areas)• processes may share address space with

children– clone(VM_flag); called “thread” (LWP) then mm_struct is not

allocated

Memory Descriptor addressspace

T

S

D

mmap

mm_struct

vm_next

vm_area_struct

vm_next

vm_area_struct

vm_next

vm_area_struct

8

mm_struct (per Process)

mmap field

singly linked list of vm_area_structs

(to visit every node)

VMAmy part

VMAlibc

VMAld

VMAW

VMAX

VMAY

VMAZ

balanced binary tree ofvm_area_structs

(to visit specific node)

mm_rb field

Reaching Memory Areas

thread_info

kernel stack

task_struct

mm

tty

files

fs

poin

ters

CPUStack

vm_next

vm_area_struct

vm_next

vm_area_struct

vm_next

vm_area_struct

9

struct mm_struct { /*memory descriptor of a process */ struct vm_area_struct *mmap; /* singly linked list of VMAs */ struct rb_root mm_rb; /* balanced binary tree of VMA’s */

atomic_t mm_users; /* How many users with user space? */ atomic_t mm_count; /* How many references to

"mm_struct" */ int map_count; /* number of VMAs */ struct rw_semaphore mmap_sem; spinlock_t page_table_lock; /* Protects task page tables and .. */

struct list_head mmlist; /* List of all active mm's. */ unsigned long start_code, end_code, start_data, end_data;

unsigned long start_brk, brk, start_stack; unsigned long arg_start, arg_end, env_start, env_end; unsigned long rss, total_vm, locked_vm; unsigned long def_flags;

…..

};

10

VMA (Memory Area)

11

VMA (memory area)

start_addressend_addresspermissionfileoperations o page fault o ++ o --

mm_struct (per Process)

VMA - text

VMA - data

VMA – stack

mmap field

vm_area_struct

vm_area_struct

vm_area_struct

addressspace

T

L

S

D

thread_info

kernel stack

task_struct

mm

tty

files

fs

poin

ters

CPUStack

12

Memory Area

• vm_start: the initial address in the interval• vm_end: the final address in the interval • vm_ops: operations associated with a given VMA• vm_mm: points back to this VMA’s associated mm_struct • vm_next: list of VMA’s• vm_file: file we map to

struct vm_area_struct{unsigned long vm_start;unsigned long vm_end;

struct vm_operations_struct *vm_ops; struct mm_struct *vm_mm;struct vm_area_struct *vm_next;struct file * vm_file;…

}

addressspace

T

L

S

D

13

VMA (memory area)• definition

– intervals of legal memory address– where process has permission/purpose to access

• content– text, data, bss, stack, memory mapped files, …

• kernel can dynamically add/delete memory areas– eg “add memory mapped file”, “remove shared memory”, etc

• If two VMA’s – have adjacent addresses & – have same permissions merge them

addressspace

T

L

S

D

14

struct mm

struct task_struct

mm_struct (per Process)

nopage – used by page fault handler, when no page found

open – when the memory area is added to an address space

close – when the memory area is removed to an address space

….

vm_ops field

Other Fields

vm_operations_struct

pgd

pagemapping

table

addressspace

T

L

S

D

15

• does not have process address space (no user context)

• mm field == NULL

• But, kernel threads need some data, such as page tables

• To provide it, kernel threads use the memory descriptor of

a task that ran previously

Kernel thread - Memory Descriptor

16

Paging

17

Address Space & Page Table Size

• Size of Address Space – Assume 12 bit for displacement (4 KB page)

• 16 bit machine– 4 bit for page address– Page table per process 24 entries

• 32 bit machine– 20 bit for page address – Page table per process 220 entries

• 64 bit machine – 52 bit for page address– Page table per process 252 entries

Mapping Table is

Too BigToo Sparse

18

T

D

S

T

D

S

16 bit

32 bit

64 bitAddress Space per Process

Assuming 4KB size page (12 bits for offset)32 bit machine needs 220 entries for page table64 bit machine needs 252 entries for page table

Too Large Space per Each ProcessToo SparseToo much memory wasted for (unused) Page Tables

T

L

S

D

19

Offset(12) Dir_no(10) Page_no(10) Offset(12) Page_no(20)

directory

PTETable T

L

S

D

T

L

S

D

1024 x 1024 PTE!

PTETable

PTETable

1024 entries

1024 entries

1024 entries

1024 entries

(1024 x 1024) entries (4 x 1024) entries

20

31 012 1122 21

directory table size page table size page itself 1024 enrties 1024 entries 4KB

page

page tablepage directory

no page tableif NULL entry

Offset(12) Dir_no(10) Page_no(10)

NULL

21

Paging in Linux

For 64 bit address, one more directory(4 parts) directory --- page global directory

page middle directory page table (PTE) offset

The size of each parts depends on the architecture For 32bit, Linux eliminates Page Middle Directory Same code can work on 32bit and 64bit machine

Offset(12) Dir_no(10) Page_no(10)

Offset(12) Page_no global_directory middle_directory

22

Page Mapping Table

page

PTE

PTE

PTE

Directory

addressspace

T

L

S

Dstruct mm

struct task_struct

mm_struct (per Process)

vm_ops pgd

vm_next

vm_area_struct

vm_next

vm_area_struct

vm_next

vm_area_structstart_addressend_addresspermissionfileoperations page fault() add_vma remove_vma

23

Functions for

Process Address Space

24

Allocating Memory Descriptor

• During fork(), memory descriptor is allocated.– do_fork() copy_process() copy_mm()– copy_mm():

• If normal process,– The mm_struct structure is allocated – from the mm_cachep slab cache via the

allocate_mm()

• if thread(CLONE_VM),– do not call allocate_mm()– mm field is set to point to parent’s memory

descriptor

25

Destroying Memory Descriptor

• exit_mm() mmput()– mmput():

• decrease mm_users• if mm_users is zero, mmdrop() is called

– mmdrop():• decrease mm_count• if mm_count is zero, free_mm() is invoked • to return the mm_struct to the mm_cachep

slab cache• via kmem_cache_free()

26

• Creating a VMA– do_mmap()

• is used by the kernel to create a new VMA• Is new interval adjacent to existing interval?

– if they share the same permissions, – the two intervals are merged into one

• otherwise, a new VMA is created

– mmap() system call• do_mmap() is exported to user via mmap() sys

call• actually the real name of system call is mmap2()

Manipulating Memory Areas T

L

S

D

27

•Removing a VMA– do_munmap()

• is used by the kernel to remove a VMA

– munmap()• do_munmap() is exported to user via munmap()

sys call

Manipulating Memory Areas

T

L

S

D

28

Manipulating Memory Areas

• find_vma()– Look up the first VMA which statisfies (addr <

vm_end)– finds the 1st VMA that (contains addr) – or (begins at an address greater than addr)

• find_vma_prev()– same as find_vma but return pointer to previous VMA

• find_vma_intersection()– returns 1st VMA that overlaps given address interval

T

L

S

D