Transcript Windows Kernel Internals Advance Virtual Memory

Windows Kernel Internals
Advance Virtual Memory
*David B. Probert, Ph.D.
Windows Kernel Development
Microsoft Corporation
© Microsoft Corporation
1
PFN: Working Set Page
WorkingSetIndex
PteAddress
ShareCount
Flags
RefCount
OriginalPTE
PteFrame
iperr vrfy awe kstk
© Microsoft Corporation
cach
3
PFN: Free Page
ForwardLink
PteAddress
ShareCount
Flags
RefCount
OriginalPTE
PteFrame
iperr vrfy awe kstk
© Microsoft Corporation
cach
4
PFN: Standby Page
ForwardLink
PteAddress
BackLink
Flags
RefCount
OriginalPTE
PteFrame
iperr vrfy awe kstk
© Microsoft Corporation
cach
5
PFN: Transition page
Event
PteAddress
ShareCount
Flags
RefCount
OriginalPTE
PteFrame
iperr vrfy awe kstk
© Microsoft Corporation
cach
6
PFN Fields
PteAddress: VA of PTE referencing page
RefCount: count of WS or IO locks
OriginalPte: PTE to restore on soft-fault
PteFrame: PageFrame for PteAddress
Flags:
Modified : 1
ReadInProgress : 1
WriteInProgress : 1
PrototypePte: 1
PageColor : 4
PageLocation : 3
RemovalRequested : 1
CacheAttribute : 2
© Microsoft Corporation
7
Page Table Entries
• Some fields defined by hardware
• Six PTE states:
– Active/valid
– Transition
– Modified-no-write
– Demand zero
– Page file
– Mapped file
© Microsoft Corporation
8
Valid x86 Hardware PTEs
Reserved
Global
Dirty
Accessed
Cache disabled
Write through
Owner
Write
Pageframe
31
R R R G R D A Cd Wt O W 1
12 11 10 9
8
7
6
5
4 3
© Microsoft Corporation
2
1
0
9
x86 Invalid PTEs
Transition
Prototype
Page file
Page file offset 0
31
Protection
5 4
12 11 10 9
31
0
1 0
Transition
Prototype
Transition
Page file offset 1
PFN
Protection
12 11 10 9
Cache disable
Write through
Owner
© Microsoft Corporation
Write
HW ctrl 0
5 4
1 0
10
x86 Invalid PTEs
Demand zero:
Page file PTE with zero offset and
PFN
Unknown:
PTE is completely zero or Page Table
doesn’t exist yet. Examine VADs.
Pointer to Prototype PTE
pPte bits 7-27
31
pPte bits 0-6
12 11 10 9 8 7
© Microsoft Corporation
5 4
0
1 0
11
MMPAGING_FILE
• PFN_NUMBER Size, MaxSize, MinSize,
FreeSpace, CurrUsage, PeekUsage,
HighestPage
• pFileObject
• ModWriterMdlEntries[]
• pPageFileName
• pAllocationBitmap
• Flags:
– PageFileNumber, RefCount, BootPart
© Microsoft Corporation
12
MMSUPPORT
// embedded in EPROCESS
• WorkingSetExpEntry[2]
• LastTrimTime
• Flags
• PageFaultCount, PeakWorkingSetSize,
GrowthSinceLastEstimate
• MinimumWorkingSetSize, MaximumWorkingSetSize
• pVmWorkingSetList
• WSLE_NUMBER Claim, NextEstimationSlot,
NextAgingSlot, EstimatedAvailable, WorkingSetSize
© Microsoft Corporation
13
MMADDRESS_NODE
• pParent, pLeft, pRight
• StartingVpn, EndingVpn
© Microsoft Corporation
14
MMVAD
•
•
•
•
•
MMADDRESS_NODE AddressTreeNode
pControlArea
pFirstProtoPte
pLastContigPte
Flags:
– CommitCharge, PhysMap, ImageMap, Awe, Prot,
MemCommit, Private, LargePages, WriteWatch,
NoChange, FileOffset64k, SecNoChange, ReadOnly,
Extendable, Inherit, CopyOnWrite
© Microsoft Corporation
15
CONTROL_AREA
• pSegment
• DereferenceListEntry[2]
• nSectRefs, nPfnRefs, nMapViews,
nCacheViews, nUserRefs
• nModWrites, nFlushesActive,
• Flags
• pFileObject
• iPfnBase
• Subsections[]
© Microsoft Corporation
16
SUBSECTION
• pControlArea
• Flags:
– ReadOnly, ReadWrite, SubsectionStatic, GlobalMemory,
Protection, StartingSector, SectorEndOffset
•
•
•
•
•
•
•
StartingSector
nFullSectors
pSubsectBasePtes
nUnusedPtes
nPtesInSubsection
pNextSubsection
nMappedViews
© Microsoft Corporation
17
SECTION
•
•
•
•
•
MMADDRESS_NODE AddressTreeNode
pSegment
Size
InitialPageProt
Flags:
– BeingDeleted, BeingCreated, BeingPurged, NoModifiedWriting,
FailAllIo, Image, Based, File, Networked, NoCache,
PhysicalMemory, CopyOnWrite, Commit, FloppyMedia,
WasPurged, UserReference, GlobalMemory, DeleteOnClose,
FilePointerNull, DebugSymbolsLoaded,
SetMappedFileIoComplete, CollidedFlush, NoChange,
HadUserReference, ImageMappedInSystemSpace,
UserWritable, Accessed, GlobalOnlyPerSession, Rom
© Microsoft Corporation
18
SEGMENT
•
•
•
•
•
•
•
•
•
•
pControlArea
nPtes
nWritableUserRefs
Size
PteTemplate
nCommittedPages
Flags
BasedAddress
PrototypePte
ProtoPtes[]
© Microsoft Corporation
19
Discussion
© Microsoft Corporation
20