Virtual Memory Management

MMU

Virtual Memory Management (vmmemory Management) mechanism is widely used in modern operating systems. This requires the support of MMU (Memory Management Unit) in the processor. This section briefly introduces the role of MMU.

First, we introduce two concepts: Virtual Address and physical address. If the processor does not have an MMU, or the MMU is not enabled, the memory address sent by the CPU execution unit is directly transferred to the Chip Pin, which is called the physical memory, the physical address (PA), as shown in.

Figure 17.5. physical address

 

If MMU is enabled for the processor, the memory address sent by the CPU Execution Unit will be intercepted by MMU. The address from CPU to MMU is called virtual address (VA ), MMU translates this address into another address and sends it to the external address pin of the CPU chip, that is, ing Va to Pa, as shown in.

Figure 17.6. Virtual Address

 

If it is a 32-bit processor, the inner address bus is 32-bit, connected to the CPU Execution Unit (only four address lines are shown in the figure ), the external address bus after MMU conversion is not necessarily 32-bit. That is to say, the virtual address space is independent from the physical address space. The virtual address space of a 32-bit processor is 4 GB, and the physical address space can be larger than or less than 4 GB.

MMU maps Va to PA in the unit of page. The page size of a 32-bit processor is usually 4 kb. For example, MMU can map a page 0xb7001000 ~ 0xb7001fff ing to one page of PA 0x2000 ~ 0x2fff: If the CPU Execution Unit needs to access the virtual address 0xb7001008, the physical address actually accessed is 0x2008. Pages in the physical memory are called physical pages or page frames ). Which page of the virtual memory is mapped to the physical memory? Which page frame is described through the page table. The page table is saved in the physical memory, MMU searches the page table to determine the PA to which a VA is mapped.

The operating system works with MMU as follows:

1. When the operating system initializes, allocates, and releases memory, it will execute some commands to fill in the page table in the physical memory, and then use the commands to set the MMU to tell the location of the MMU page table in the physical memory.

2. After the configuration is complete, the CPU automatically triggers MMU to perform lookup and address translation operations every time it executes the memory access command. The hardware automatically completes the address translation operation and does not need to use commands to control MMU.

The variables and functions we use in the program have their own addresses. After the program is compiled, these addresses become the addresses in the instruction, and the addresses in the instruction are interpreted and executed by the CPU, the memory address issued by the CPU Execution Unit. Therefore, when MMU is enabled, all addresses used in the program are virtual addresses, which will lead to MMU lookup and address conversion operations. So why should we design such a complicated memory management mechanism? What are the benefits of the conversion from VA to Pa? All problems in computer science can be solved by another level of indirection. Do you still remember this sentence? An additional layer is indirectly required to solve the problem. After the necessary preparations are completed, we will discuss the role of the virtual memory management mechanism in section 5th "Virtual Memory Management.

In addition to address translation, MMU also provides memory protection. Various architectures are divided into user mode and privileged mode. The operating system can set access permissions for each memory page in the page table, and some pages cannot be accessed, some pages can be accessed only when the CPU is in privileged mode. Some pages can be accessed in both user mode and privileged mode. The access permissions are divided into three types: readable, writable, and executable. After this setting, when the CPU needs to access a va, MMU checks whether the CPU is in user mode or privileged mode. The purpose of access to the memory is to read data, write data, or retrieve commands, if it is consistent with the page permission set by the operating system, access is allowed and converted to Pa. Otherwise, access is not allowed and an exception is thrown ). The exception handling process is similar to the interrupt. The difference is that the interrupt is generated by an external device and the exception is generated by the CPU. The reason for the interrupt is irrelevant to the instruction currently executed by the CPU, the exception is caused by a problem with the commands currently executed by the CPU. For example, if the command used to access the memory is checked by MMU and the division command has a division of 0, an exception occurs.

Figure 17.7. processor Mode

 

Generally, the operating system divides the virtual address space into user space and kernel space. For example, the virtual address space in Linux on the X86 platform is 0x00000000 ~ 0 xffffffff, first 3 GB (0x00000000 ~ 0 xbfffffff) is the user space, the last 1 GB (0xc0000000 ~ 0 xffffffff) is the kernel space. The user program is loaded to the user space and executed in user mode. It cannot access data in the kernel or jump to the kernel code for execution. This protects the kernel. If a process accesses an Invalid Address, the process crashes at most without affecting the stability of the kernel and the entire system. When the CPU is interrupted or abnormal, it not only jumps to the interrupted or abnormal service program, but also automatically switches from user mode to privileged mode, therefore, you can jump from an interrupted or abnormal service program to the kernel code for execution. In fact, the entire kernel is composed of various interrupt and exception handling programs. To sum up, the processor normally executes the user program in user mode, and switches the processor to privileged mode to execute the kernel program in case of interruption or exception, after an interruption or exception is processed, return to user mode to continue executing the user program.

We have encountered this error many times. It is generated as follows:

1. A va to be accessed by the user program, which is not authorized to be accessed by MMU check.

2. MMU generates an exception. The CPU switches from user mode to privileged mode, and the exception service program is executed in kernel code.

3. The kernel interprets this exception as a segment error and terminates the process that causes the exception.

Http://learn.akae.cn/media/ch20s05.html

We know that the operating system uses the va-to-pa conversion mechanism provided by the architecture to Implement Virtual Memory Management. With the basic knowledge of the shared library, we can now further understand the virtual memory management. First, we will analyze an example:

$ ps  PID TTY          TIME CMD29977 pts/0    00:00:00 bash30032 pts/0    00:00:00 ps$ cat /proc/29977/maps 08048000-080f4000 r-xp 00000000 08:15 688142     /bin/bash080f4000-080f9000 rw-p 000ac000 08:15 688142     /bin/bash080f9000-080fe000 rw-p 080f9000 00:00 0 09283000-09497000 rw-p 09283000 00:00 0          [heap]b7ca8000-b7cb2000 r-xp 00000000 08:15 581665     /lib/tls/i686/cmov/libnss_files-2.8.90.sob7cb2000-b7cb3000 r--p 00009000 08:15 581665     /lib/tls/i686/cmov/libnss_files-2.8.90.sob7cb3000-b7cb4000 rw-p 0000a000 08:15 581665     /lib/tls/i686/cmov/libnss_files-2.8.90.so...b7e15000-b7f6d000 r-xp 00000000 08:15 581656     /lib/tls/i686/cmov/libc-2.8.90.sob7f6d000-b7f6f000 r--p 00158000 08:15 581656     /lib/tls/i686/cmov/libc-2.8.90.sob7f6f000-b7f70000 rw-p 0015a000 08:15 581656     /lib/tls/i686/cmov/libc-2.8.90.so...b7fbd000-b7fd7000 r-xp 00000000 08:15 565466     /lib/ld-2.8.90.sob7fd7000-b7fd8000 r-xp b7fd7000 00:00 0          [vdso]b7fd8000-b7fd9000 r--p 0001a000 08:15 565466     /lib/ld-2.8.90.sob7fd9000-b7fda000 rw-p 0001b000 08:15 565466     /lib/ld-2.8.90.sobfac5000-bfada000 rw-p bffeb000 00:00 0          [stack]

UsepsCommand to view the processes on the current terminal.bashThe process ID is 29977, and thencat /proc/29977/mapsCommand to view its virtual address space./procThe file in the directory is not a real disk file, but a file system virtualized by the kernel./procThe directory name is the process ID. You can view the files in the directory to obtain information about the process. In additionpmap 29977Command to obtain similar output results.

Figure 20.4. process address space

 

As mentioned in section 4th "MMU", the virtual address space of the X86 platform is 0x0000 0000 ~ 0 xFFFF FFFF, roughly the first 3 GB (0x0000 0000 ~ 0 xbfff FFFF) is the user space, the last 1 GB (0xc000 0000 ~ 0 xFFFF FFFF) is the kernel space, which is verified here. 0x0804 8000-0x080f 4000 is from/bin/bashThe access permission isr-x, Indicating text segment, including.textSegment,.rodataSegment,.plt. 0x080f 4000-0x080f 9000 is also from/bin/bashThe access permission isrw-, Indicates data segment, including.dataSegment,.bss.

0x0928 3000-0x0949 7000 is not loaded from the disk file to the memory. This space is called heap and will be used latermallocThe function dynamically allocates memory here. Starting from 0xb7ca 8000, It is the ing space of the shared library. Each shared library is divided into several segments, and each segment has different access permissions. We can see that there is a large address hole between the end address of the heap space (0x0949) and the START address of the shared library ing space (0xb7ca 7000, heap space can increase to a high address when the memory is dynamically allocated. The address ceiling of heap space (0x09497000) is called break. To increase heap space to a high address, the break is increased, and the new Virtual Memory Page is mapped to the physical memory, which is called by the system.brkImplemented,mallocThe function is also called.brkMemory Allocation to the kernel request.

/lib/ld-2.8.90.soIs the dynamic linker/lib/ld-linux.so.2The latter is the symbolic link of the former. Marked[vdso]The address range islinux-gate.so.1The ing space of the shared library is virtualized by the kernel. 0 xbfac 5000-0xbfad a000 is the stack space. The high-address part stores the environment variables and command line parameters of the process, and the low-address part stores the function stack frame, stack space is growing to a low address, but obviously there is no room for growth as the heap space is so large, because it is not uncommon for actual applications to dynamically allocate a large amount of memory, however, there are dozens of layers of function calls, and each layer of calls has many local variables, which are rare. In short, stack space may be used up, and it is easier to use up than heap space. As mentioned in section 3rd "recursion", infinite recursion will exhaust stack space and eventually lead to segment errors.

What is the role of Virtual Memory Management? It can be understood from the following aspects.

First, the virtual memory management can control the access permissions of the physical memory. The physical memory itself does not restrict access, and any address can be read and written. The operating system requires different pages to have different access permissions, this is achieved by using the CPU mode and memory protection mechanism of MMU. For example, text segment is read-only to prevent unexpected rewriting of wrong commands and kernel address space, so as to prevent unexpected rewriting of kernel data by executing wrong commands in user mode. In this way, the ability to execute wrong commands or corrupt malicious code is limited. At most, the current process is terminated due to a segment error, without affecting the stability of the entire system.

Second, the main role of virtual memory management is to give each process an independent address space. The so-called independent address space means that the same va in different processes is mapped to different PA by MMU, in addition, accessing any address in a process cannot access the data of another process, in this way, illegal memory access by any process due to execution of wrong commands or malicious code will not accidentally rewrite the data of other processes, and will not affect the running of other processes, thus ensuring the stability of the entire system. On the other hand, each process deems itself exclusive to the entire virtual address space, so that the implementation of the linker and the loader will be easier, and there is no need to consider whether the address ranges of each process conflict.

Continue with the previous experiment, open a terminal window, and check out the newbashThe address space of the process.bashThe process address space layout is similar:

$ ps  PID TTY          TIME CMD30697 pts/1    00:00:00 bash30749 pts/1    00:00:00 ps$ cat /proc/30697/maps08048000-080f4000 r-xp 00000000 08:15 688142     /bin/bash080f4000-080f9000 rw-p 000ac000 08:15 688142     /bin/bash080f9000-080fe000 rw-p 080f9000 00:00 0 082d7000-084f9000 rw-p 082d7000 00:00 0          [heap]b7cf1000-b7cfb000 r-xp 00000000 08:15 581665     /lib/tls/i686/cmov/libnss_files-2.8.90.sob7cfb000-b7cfc000 r--p 00009000 08:15 581665     /lib/tls/i686/cmov/libnss_files-2.8.90.sob7cfc000-b7cfd000 rw-p 0000a000 08:15 581665     /lib/tls/i686/cmov/libnss_files-2.8.90.so...b7e5e000-b7fb6000 r-xp 00000000 08:15 581656     /lib/tls/i686/cmov/libc-2.8.90.sob7fb6000-b7fb8000 r--p 00158000 08:15 581656     /lib/tls/i686/cmov/libc-2.8.90.sob7fb8000-b7fb9000 rw-p 0015a000 08:15 581656     /lib/tls/i686/cmov/libc-2.8.90.so...b8006000-b8020000 r-xp 00000000 08:15 565466     /lib/ld-2.8.90.sob8020000-b8021000 r-xp b8020000 00:00 0          [vdso]b8021000-b8022000 r--p 0001a000 08:15 565466     /lib/ld-2.8.90.sob8022000-b8023000 rw-p 0001b000 08:15 565466     /lib/ld-2.8.90.sobff0e000-bff23000 rw-p bffeb000 00:00 0          [stack]

This process also occupies the address space of 0x0000 109-0xbfff FFFF, the text segment is also 0x0804 8000-0x080f 4000, and the data segment is 0x080f 4000-0x080f 9000, which is exactly the same as the previous process, because these addresses are written at the compilation Link/bin/bashThis executable file is loaded by both processes. The two processes run simultaneously in the same system. Their data segment occupies the same va, but the two processes perform their respective tasks. Obviously, the data in the data segment should be different, how can different data be generated for the same va? Because they are mapped to different PA. As shown in.

Figure 20.5 process address space is independent

 

We can also see that both processes arebashProcess, text segment is the same, and text segment is read-only and will not be rewritten. Therefore, the operating system will arrange the text segment of the two processes to share the same physical page. Since each process has its own set of va-to-pa ing tables, any va in the whole address space searches for the corresponding Pa in each process's own ing table, therefore, it is impossible to access the addresses of other processes, and it is impossible to accidentally rewrite the data of other processes.

In addition, it is noted that the address for loading the shared libraries of the two processes is different. The address for loading the shared libraries is determined at runtime, rather than written in/bin/bashIn this executable file. Even so, the two processes share the shared libraries on the same physical page. Of course, only the read-only parts are shared, and the readable and writable parts are not shared.

Using shared libraries can greatly save memory usage. For examplelibc, Almost all processes in the system are mappedlibcTo the process address space, andlibcOnly one copy of the read-only part of the physical memory can be shared by all processes. This is the origin of the "Shared Library" name.

Now we can understand why the shared library must be a location-independent code. For examplelibcDifferent processes sharelibcPhysical pages, but these physical pages are mapped to the virtual address space of each process but are located at different addresses.libcThe code can be correctly executed no matter what address it loads.

Third, the VA ing between VA and PA facilitates the allocation and release of memory. Several memories with Discontinuous physical addresses can be mapped to a continuous block of memory with virtual addresses. For examplemallocAllocate a large amount of memory. Although there is enough free physical memory, there is not enoughContinuousIdle memory, multiple discontinuous physical pages can be allocated and mapped to a continuous virtual address range. As shown in.

Figure 20.6. Discontinuous PA can be mapped to consecutive va

 

Fourth, if a system runs many processes at the same time, the sum of memory allocated to each process may be greater than the actual available physical memory, and virtual memory management makes the processes still run normally in this case. Because each process allocates only virtual memory pages, data on these pages can be mapped to physical pages, or saved to disks temporarily without occupying physical pages, the temporary storage of the virtual memory page on the disk may be a disk partition or a disk file called a swap device ). When the physical memory is not enough, temporarily save some data in some infrequently used physical pages to the swap device. Then the physical page is considered idle and can be re-allocated to the process for use, this process is called page out ). If a process uses a page to be swapped out, it is loaded back to the physical memory from the swap device. This is called page in ). The swap-out and swap-in operations are collectively referred to as paging. Therefore:

Total allocable memory in the system = physical memory size + swap device size

As shown in. The first figure shows how to save the data on the physical page to the disk, unmap the address, and release the physical page. The second figure is an inbound switch. allocate one from the idle physical page, load the temporary disk page back to the memory, and create address ing.

Figure 20.7 page feed