Virtual Memory – Writes and Protection

Writes

Writes to the next level of the hierarchy (disk) can take millions of processor clock cycles; therefore, building a write buffer to allow the system to write-through to disk would be completely impractical.

Virtual memory systems must use write-back, performing the individual writes into the page in memory, and copying the page back to disk when it is replaced in the memory. Copying back an entire page is much more efficient than writing individual words back to the disk.

To track whether a page has been written since it was read into the memory, a dirty bit is added to the page table. The dirty bit is set when any word in a page is written. A modified page is often called a dirty page.

Protection

The protection mechanism must ensure that although multiple processes are sharing the same main memory, one renegade process cannot write into the address space of another user process or into the operating system either intentionally or unintentionally. The write access bit can protect a page from being written.

To enable the operating system to implement protection in the virtual memory system, the hardware must provide at least the following three basic capabilities

1. Support at least two modes that indicate whether the running process is a user process or an operating system process, variously called a supervisor process or a kernel process.

2. Provide a portion of the processor state that a user process can read but not write. This includes the user/supervisor mode bit, which dictates whether the processor is in user or supervisor mode, the page table pointer, and the TLB. To write these elements, the operating system uses special instructions that are only available in supervisor mode.

3. Provide mechanisms whereby the processor can go from user mode to supervisor mode and vice versa. The first direction is typically accomplished by a system call exception that transfers control to a dedicated location in supervisor code space. The program counter from the point of the system call is saved in the exception PC (EPC), and the processor is placed in supervisor mode. To return to user mode from the exception, use the return from exception (ERET) instruction, which resets to user mode and jumps to the address in EPC.

Storing the page tables in the operating system’s address space, the operating system can change the page tables while preventing a user process from changing them, ensuring that a user process can access only the storage provided to it by the operating system.

The operating system keeps the page tables organized so that the independent virtual pages map to disjoint physical pages, one process will not be able to access another’s data.

The operating system can assure safety if it prevents the user process from modifying its own page tables. However, the operating system must be able to modify the page tables. Placing the page tables in the protected address space of the operating system satisfies both requirements.

To allow another process, say, P1, to read a page owned by process P2, P2 would ask the operating system to create a page table entry for a virtual page in P1’s address space that points to the same physical page that P2 wants to share. The operating system could use the write protection bit to prevent P1 from writing the data, if that was P2’s wish

When the operating system decides to change from running process P1 to running process P2 it must ensure that P2 cannot get access to the page tables of P1 because that would compromise protection. One way would be to clear the TLB entries that belong to P1 – both to protect the data of P1 and to force the TLB to load the entries for P2. A common alternative is to extend the virtual address space by adding a process/task identifier. The process identifier is concatenated to the tag portion of the TLB, so that a TLB hit occurs only if both the page number and the process identifier match.

Leave a Reply

Your email address will not be published. Required fields are marked *