A detailed introduction to Linux memory management and addressing

1. Concept

Memory management mode

Segment type: The memory is divided into multiple segments, each segment is continuous memory, and different segments correspond to different uses. The size of each segment is not uniform, which will lead to problems such as memory fragmentation and inefficient memory swapping.

Paged: Memory is divided into multiple memory pages for management. For example, in Linux system, the size of each page is 4KB . Because of the paging, there will be no small memory fragments. But there is still the problem of memory fragmentation.

Paragraph-page format: a combination of paragraph format and page format.

Address type classification

Logical address: The address used by the program, usually the address not mapped by the segment memory management, is called the logical address

Linear address: The address mapped by segmented memory management is called a linear address, also called a virtual address

Virtual address: The address mapped by segmented memory management is called a linear address, also called a virtual address

Physical address: physical memory address

illustrate:

In the Inetel processor, the logical address is the address before the "segment memory management" conversion, and the linear address is the address before the "page memory management" conversion.

The address mapped by segmented memory management is no longer a "physical address", Intel calls it a "linear address" (also called a virtual address). Therefore, segmented memory management first maps logical addresses into linear addresses, and then paged memory management maps linear addresses into physical addresses.

Linux memory is mainly managed by page memory, but also involves segment mechanism. The approach currently taken by the Linux kernel is to make the segment mapping process virtually ineffective.

Intel's earliest processor, the 80286, was purely segment-based, while the 80386 had both segment and page management.

2. Page management

x86 architecture 32-bit CPU

​ Secondary page table addressing method, a memory page is 4KB in size, the first-level page directory table has 1024 entries, the second-level page table has 1024 entries, and a page table entry is 4 bytes. The first-level page directory table entries are all allocated, and the second-level page table is created when needed. (Locality principle).

Virtual address 32 bits

10+10+12, respectively index the level 1 page table number, the level 2 page table entry, and record the offset address of the physical base address. After using the PAE mechanism, the maximum memory supported by a 32-bit system is 64GB (the address is 32+4=36 bits).

Linear address addressing physical address steps

First, use the 10-bit addressing level 1 page table number. The level 1 page table number records the address of the level 2 page table.

After finding the address of the level 2 page table, the location of the entry in the level 2 page table is then found based on the other 10 bits of the virtual address.

After finding the entry of the level 2 page table, the entry records the starting address of the virtual address mapping to the physical address. The size of the entry is 4 bytes (32 bits).

The final physical address is calculated based on the starting address of the found physical address combined with the last 12 bits of the virtual address as an offset

x86 architecture 64-bit cpu

There are more levels of page tables

Global Page Directory PGD (Page Global Directory) Upper Page Directory PUD (Page Upper Directory) Intermediate Page Directory PMD (Page Middle Directory) Page Table Entry PTE (Page Table Entry)

Linear address addressing physical address steps

The linear address is 48 bits, the maximum physical address is 52 bits, and the actual physical memory address bus width is 40 bits, which means it supports 1TB of physical memory. x86_64 has a four-level page table, and the principle is the same as that of the x86 system, which is also addressed layer by layer. The CR3 register stores the starting physical address of the highest level table, so the first step in addressing is to get the value in the CR3 register. The size of each PTE entry is 8 bytes, which is 64 bits.

TLB

In the CPU chip, a cache is added to store the page table entries most frequently accessed by the program. This cache is TL (Translation Lookaside Buffer). It is usually called page table cache, redirection bypass cache, fast table, etc. Then when the CPU's memory management unit MMU seeks address, it will first check the TLB. If it is not found, it will continue to check the regular page table.

Proper Noun

PDT: Page Directory Table, multi-level page table, first-level page table, 32-bit system has 1024 page directories
PTT: Page Table Entries, multi-level page table, secondary page table, 32-bit system has 1024 page table entries under each page directory, each entry is 4 bytes
PDE: The base address of the page table, which is an item in PDT
PTE: is the base address of the page, one of the PTT
GDT: Global Descriptor Table, used to convert logical addresses into linear addresses
LDT: Local Descriptor Table, used to convert logical addresses into linear addresses

3. Address division

32 system kernel 1G: 0xC0 00 00 01 - 0xFF FF FF FF
User 3G: 0x00 00 00 00 - 0xC0 00 00 00
0xC0 00 00 00 == 3G

64-bit Systems:
Kernel 128T: 0xFF FF 80 00 00 00 00 00 - 0xFF FF FF FF FF FF FF FF (high)
0xFF FF 7F FF FF FF FF FF - 0xFF FF FF FF FF FF FF FF (calculate it yourself)

User 128T: 0x00 00 00 00 00 00 00 00 - 0x00 00 7F FF FF FF FF FF (lower order)
0x00 00 80 00 00 00 00 00 - 0x00 00 80 00 00 00 00 00 (calculate by yourself)

​ 0x00 00 7F FF FF FF FF FF == 127T
Question: Is 128T the dividing line for a 64-bit system? Is it 127T?

Access Rights

When a process is in user mode, it can only access user space memory. Only after entering kernel mode can it access kernel space memory.

PAE Mechanism

​ CPU bit width refers to the number of binary bits that the CPU can process within one clock cycle. In normal scenarios, the address bus of a 32-bit system CPU can be 32 bits. However, after the introduction of the PAE mechanism, the address bus bit width of a 16-bit CPU can be 20 bits (physical memory 1M), the address bus of a 32-bit CPU can be 36 bits (physical memory 64GB), and the address bus bit width of a 64-bit CPU can be 40 bits (physical memory 1TB). Therefore, we cannot simply say that 32-bit systems only support memory sticks with a maximum size of 4GB.

4. Debugging

Program Register

cs: is the code segment register
ds: is the data segment register
ss: is the stack segment register
es: is the extended segment register
fs: is the flag segment register after 32 bits
gs: is the global segment register after 32 bits

Example of a kernel crash log:

RIP: 0010:[ ] [ ] xxxxxxxxxx+0x69/0x70
RSP: 0018:ffff886241737d98 EFLAGS: 00010246
RAX: ffff880034814d40 RBX: ffff881fc6248740 RCX: 0000000000000200
RDX: 0000000000000000 RSI: 000000000000286 RDI: ffff881fc6381858
RBP: ffff886241737d98 R08: ffff886241734000 R09: 0000000000000000
R10: ffff880034814d40 R11: 0000000000000200 R12: ffff881fc62487a0
R13: 0000000000000000 R14: 00007fff86cb6260 R15: ffff881fc6381858
FS: 00007f78b59b8720(0000) GS:ffff885ffe3c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f690a057180 CR3: 0000006208985000 CR4: 00000000003627e0
DR0: 0000000000000000 DR1: 000000000000000 DR2: 000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

View Program Registers

Use GDB to debug an ELF32 executable file on Linux 32-bit and use the info r command to check the register status:

There are two cases for segment registers: 0x23 and 0x2b:

Hexadecimal: 0023
Binary: 0000000000100 0 11 - Segment number: 4 - Table type: GDT - Privilege level: Ring3
Hexadecimal: 002B
Binary: 0000000000101 0 11 - Segment number: 5 - Table type: GDT - Privilege level: Ring3

Segment number: starts from the fourth bit Table type: the third bit Privilege level: the first and second bits

I didn't find any command or tool to directly view GDT in Linux, so I went to the source code to find the answer:

See, the segments described by these two items are the same as Windows, with a base address of 0 and a size of 4GB.

Both Windows and Linux choose to bypass the CPU's segmented memory management mechanism in this way.

But it should be noted that although this is the case for both operating systems, it does not mean that the segment mechanism is completely unused. The CPU's task management TSS still needs to be used. Everyone just needs to know this. The segmentation mechanism is not welcome under the Linux 64-bit system, but the operating system will still maintain the addressing method of segmentation first and then paging.

Conclusion

This concludes this article on Linux memory management and addressing. For more information on Linux memory management and addressing, please search previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!