br breaking kern rnel ad address ss space la layout
play

Br Breaking Kern rnel Ad Address ss Space La Layout - PowerPoint PPT Presentation

Sep 23, 2022 •175 likes •1.2k views

Br Breaking Kern rnel Ad Address ss Space La Layout Randomization (KASLR LR) wi with th Intel TSX Yeongjin Jang , Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A

  1. Timing Side Channel (M/U) • For Mapped / Unmapped addresses • Measured performance counters (on 1,000,000 probing) Perf. Counter Mapped Page Unmapped Page Description dTLB-loads 3,021,847 3,020,243 84 2,000,086 dTLB-load-misses TLB-miss on U Observed Timing 209 (fast) 240 (slow) • dTLB hit on mapped pages, but not for unmapped pages. • Timing channel is generated by dTLB hit/miss 44

  2. Timing Side Channel (M/U) • For Mapped / Unmapped addresses • Measured performance counters (on 1,000,000 probing) Perf. Counter Mapped Page Unmapped Page Description dTLB-loads 3,021,847 3,020,243 84 2,000,086 dTLB-load-misses TLB-miss on U Observed Timing 209 (fast) 240 (slow) • dTLB hit on mapped pages, but not for unmapped pages. • Timing channel is generated by dTLB hit/miss 45

  3. Path for an Unmapped Page Probing an unmapped page took 240 cycles Page Table PML4 dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 46

  4. Path for an Unmapped Page Probing an unmapped page took 240 cycles Page Table PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 47

  5. Path for an Unmapped Page Probing an unmapped page took 240 cycles Page Table TLB miss PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 48

  6. Path for an Unmapped Page Probing an unmapped page took 240 cycles Page Table TLB miss PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE Page fault! 49

  7. Path for an Unmapped Page Probing an unmapped page took 240 cycles Page Table TLB miss PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE Page fault! Always do page table walk (slow) 50

  8. Path for a mapped Page On the first access, 240 cycles Page Table PML4 dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 51

  9. Path for a mapped Page On the first access, 240 cycles Page Table PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 52

  10. Path for a mapped Page On the first access, 240 cycles Page Table TLB miss PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 53

  11. Path for a mapped Page On the first access, 240 cycles Page Table TLB miss PML4 Kernel address access dTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE Page fault! 54

  12. Path for a mapped Page On the first access, 240 cycles Page Table TLB miss PML4 Kernel address access dTLB PML3 PML3 PTE PML2 PML2 PML2 PML1 PML1 PML1 Cache TLB entry! PTE Page fault! 55

  13. Path for a mapped Page On the second access, 209 cycles Page Table PML4 dTLB PML3 PML3 PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 56

  14. Path for a mapped Page On the second access, 209 cycles Page Table PML4 Kernel address access dTLB PML3 PML3 PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 57

  15. Path for a mapped Page On the second access, 209 cycles Page Table PML4 Kernel address access dTLB PML3 PML3 PTE PML2 PML2 PML2 dTLB hit PML1 PML1 PML1 PTE Page fault! 58

  16. Path for a mapped Page On the second access, 209 cycles Page Table PML4 Kernel address access dTLB PML3 PML3 PTE PML2 PML2 PML2 dTLB hit PML1 PML1 PML1 PTE Page fault! No page table walk on the second access (fast) 59

  17. Timing Side Channel (X/NX) • For Executable / Non-executable addresses • Measured performance counters (on 1,000,000 probing) Perf. Counter Exec Page Non-exec Page Unmapped Page 590 iTLB-loads (hit) 1,000,247 272 31 12 1,000,175 iTLB-load-misses 181 (fast) 226 (slow) 226 (slow) Observed Timing • Point #1: iTLB hit on Non-exec, but it is slow (226) why? • iTLB is not the origin of the side channel 60

  18. Timing Side Channel (X/NX) • For Executable / Non-executable addresses • Measured performance counters (on 1,000,000 probing) Perf. Counter Exec Page Non-exec Page Unmapped Page 590 iTLB-loads (hit) 1,000,247 272 31 12 1,000,175 iTLB-load-misses 181 (fast) 226 (slow) 226 (slow) Observed Timing • Point #1: iTLB hit on Non-exec, but it is slow (226) why? • iTLB is not the origin of the side channel 61

  19. Timing Side Channel (X/NX) • For Executable / Non-executable addresses • Measured performance counters (on 1,000,000 probing) Perf. Counter Exec Page Non-exec Page Unmapped Page 590 iTLB-loads (hit) 1,000,247 272 31 12 1,000,175 iTLB-load-misses 181 (fast) 226 (slow) 226 (slow) Observed Timing • Point #2: iTLB does not even hit on Exec page, while NX page hits iTLB • iTLB did not involve in the fast path • Is there any cache that does not require address translation? 62

  20. Intel Cache Architecture From the patent US 20100138608 A1 , 63 registered by Intel Corporation

  21. Intel Cache Architecture • L1 instruction cache • Virtually-indexed, Physically-tagged cache (requires TLB access) • Caches actual x86/x64 opcode From the patent US 20100138608 A1 , 64 registered by Intel Corporation

  22. Intel Cache Architecture • Decoded i-cache • An instruction will be decoded as micro-ops (RISC-like instruction) • Decoded i-cache stores micro-ops • Virtually-indexed, Virtually-tagged cache (no TLB access) From the patent US 20100138608 A1 , 65 registered by Intel Corporation

  23. Path for an Unmapped Page On the second access, 226 cycles Page Table PML4 iTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 66

  24. Path for an Unmapped Page On the second access, 226 cycles Page Table PML4 Kernel address access iTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 67

  25. Path for an Unmapped Page On the second access, 226 cycles Page Table TLB miss PML4 Kernel address access iTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE 68

  26. Path for an Unmapped Page On the second access, 226 cycles Page Table TLB miss PML4 Kernel address access iTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE Page fault! 69

  27. Path for an Unmapped Page On the second access, 226 cycles Page Table TLB miss PML4 Kernel address access iTLB PML3 PML3 PML2 PML2 PML2 PML1 PML1 PML1 PTE Page fault! Always do page table walk (slow) 70

  28. Path for an Executable Page On the first access Page Table PML4 Decoded iTLB PML3 PML3 I-cache PML2 PML2 PML2 PML1 PML1 PML1 PTE 71

  29. Path for an Executable Page On the first access Page Table Kernel address PML4 Decoded access iTLB PML3 PML3 I-cache PML2 PML2 PML2 PML1 PML1 PML1 PTE 72

  30. Path for an Executable Page On the first access Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PML2 PML2 PML2 PML1 PML1 PML1 PTE 73

  31. Path for an Executable Page On the first access Page Table Kernel address TLB miss PML4 miss Decoded access iTLB PML3 PML3 I-cache PML2 PML2 PML2 PML1 PML1 PML1 PTE 74

  32. Path for an Executable Page On the first access Page Table Kernel address TLB miss PML4 miss Decoded access iTLB PML3 PML3 I-cache PML2 PML2 PML2 PML1 PML1 PML1 PTE Insufficient privilege, fault! 75

  33. Path for an Executable Page On the first access Page Table Kernel address TLB miss PML4 miss Decoded access iTLB PML3 PML3 I-cache Cache TLB PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE Insufficient privilege, fault! 76

  34. Path for an Executable Page On the first access Page Table Kernel address TLB miss PML4 miss Decoded access iTLB PML3 PML3 I-cache Cache TLB PTE uops PML2 PML2 PML2 PML1 PML1 PML1 PTE Cache Decoded Instructions Insufficient privilege, fault! 77

  35. Path for an Executable Page On the second access, 181 cycles Page Table PML4 Decoded iTLB PML3 PML3 I-cache PTE uops PML2 PML2 PML2 PML1 PML1 PML1 PTE 78

  36. Path for an Executable Page On the second access, 181 cycles Page Table Kernel address PML4 Decoded access iTLB PML3 PML3 I-cache PTE uops PML2 PML2 PML2 PML1 PML1 PML1 PTE 79

  37. Path for an Executable Page On the second access, 181 cycles Page Table Kernel address PML4 Decoded access iTLB PML3 PML3 I-cache PTE uops PML2 PML2 PML2 PML1 PML1 PML1 Decoded I-cache hit! PTE Insufficient privilege, fault! 80

  38. Path for an Executable Page On the second access, 181 cycles Page Table Kernel address PML4 Decoded access iTLB PML3 PML3 I-cache PTE uops PML2 PML2 PML2 PML1 PML1 PML1 Decoded I-cache hit! PTE Insufficient privilege, fault! No TLB access, No page table walk (fast) 81

  39. Path for a non-executable, but mapped Page On the second access, 226 cycles Page Table PML4 Decoded iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 82

  40. Path for a non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 83

  41. Path for a non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 84

  42. Path for a non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 TLB hit PML1 PML1 PML1 PTE Page fault! 85

  43. Path for a non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 TLB hit PML1 PML1 PML1 PTE Page fault! If no page table walk, it should be faster than unmapped (but not!) 86

  44. Cache Coherence and TLB • TLB is not a coherent cache in Intel Architecture 87

  45. Cache Coherence and TLB • TLB is not a coherent cache in Intel Architecture Core 1 1. Core 1 sets 0xff01 as Non-executable memory TLB 0xff01->0x0010, NX 88

  46. Cache Coherence and TLB • TLB is not a coherent cache in Intel Architecture Core 1 1. Core 1 sets 0xff01 as Non-executable memory 2. Core 2 sets 0xff01 as Executable memory TLB No coherency, do not update/invalidate TLB in Core 1 0xff01->0x0010, NX Core 2 TLB 0xff01->0x0010, X 89

  47. Cache Coherence and TLB • TLB is not a coherent cache in Intel Architecture Core 1 1. Core 1 sets 0xff01 as Non-executable memory 2. Core 2 sets 0xff01 as Executable memory TLB No coherency, do not update/invalidate TLB in Core 1 0xff01->0x0010, NX 3. Core 1 try to execute on 0xff01 -> fault by NX Core 2 TLB 0xff01->0x0010, X 90

  48. Cache Coherence and TLB • TLB is not a coherent cache in Intel Architecture Core 1 1. Core 1 sets 0xff01 as Non-executable memory 2. Core 2 sets 0xff01 as Executable memory TLB Execute No coherency, do not update/invalidate TLB in Core 1 0xff01->0x0010, NX 3. Core 1 try to execute on 0xff01 -> fault by NX Core 2 TLB 4. Core 1 must walk through the page table 0xff01->0x0010, X The page table entry is X, update TLB, then execute! 91

  49. Path for a Non-executable, but mapped Page On the second access, 226 cycles Page Table PML4 Decoded iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 92

  50. Path for a Non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 93

  51. Path for a Non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 PML1 PML1 PML1 PTE 94

  52. Path for a Non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 TLB hit PML1 PML1 PML1 PTE NX, cannot execute! 95

  53. Path for a Non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache PTE PML2 PML2 PML2 TLB hit PML1 PML1 PML1 PTE NX, cannot execute! 96

  54. Path for a Non-executable, but mapped Page On the second access, 226 cycles Page Table Kernel address PML4 miss Decoded access iTLB PML3 PML3 I-cache Cache TLB PTE PML2 PML2 PML2 TLB hit PML1 PML1 PML1 PTE NX, cannot execute! NX, Page fault! 97

  55. Root-cause of Timing Side Channel (X/NX) • For executable / non-executable addresses Fast Path (X) Slow Path (NX) Slow Path (U) 1. Jmp into the Kernel addr 1. Jmp into the kernel addr 1. Jmp into the kernel addr 2. Decoded I-cache hits 2. iTLB hit 2. iTLB miss 3. Page fault! 3. Protection check fails, 3. Walks through page table page table walk. 4. Page fault! 4. Page fault! Cycles: 181 Cycles: 226 Cycles: 226 • Decoded i-cache generates timing side channel 98

  56. Countermeasures? • Modifying CPU to eliminate timing channels • Difficult to be realized L • Turning off TSX • Cannot be turned off in software manner (neither from MSR nor from BIOS) • Coarse-grained timer? • A workaround could be having another thread to measure the timing indirectly (e.g., counting i++;) 99

  57. Countermeasures? • Using separated page tables for kernel and user processes • High performance overhead (~30%) due to frequent TLB flush • TLB flush on every copy_to_user() • Fine-grained randomization • Compatibility issues on memory alignment, etc. • Inserting fake mapped / executable pages between the maps • Adds some false positives to the DrK Attack 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of

Buffer overflows (a security interlude) Address space layout the stack discipline + C's lack of bounds-checking HUGE PROBLEM x86-64 Linux Memory Layout ... ... 0x00007fffffffffff Stack not drawn to scale Caller Frame Extra Arguments

325 views • 16 slides
Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics Yufei Gu, and

Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics Yufei Gu, and

Introduction State-of-the-Art Overview Design Evaluation Discussion Conclusion References Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics Yufei Gu, and Zhiqiang Lin The University of Texas at Dallas March 9

680 views • 67 slides
Kernel Address Space Layout Randomization http://outflux.net/slides/2013/lss/kaslr.pdf gholzer

Kernel Address Space Layout Randomization http://outflux.net/slides/2013/lss/kaslr.pdf gholzer

Kernel Address Space Layout Randomization http://outflux.net/slides/2013/lss/kaslr.pdf gholzer Linux Security Summit, New Orleans 2013 Kees Cook <keescook@google.com> (pronounced Case) Overview Classic Attack Structure

431 views • 15 slides
P Starting at address 0, going to address MAX prog 0 But where do addresses come from? MOV

P Starting at address 0, going to address MAX prog 0 But where do addresses come from? MOV

Memory Management Basics 1 Basic Memory Management Concepts Address spaces MAX sys Physical address space The address space supported by the hardware Starting at address 0, going to address MAX sys MAX prog Logical/virtual address space

448 views • 22 slides
1 The problem Address the problem of stopping determined attackers from exploiting our

1 The problem Address the problem of stopping determined attackers from exploiting our

1 The problem Address the problem of stopping determined attackers from exploiting our software Interest in Control Flow Integrity(CFI) Data execution prevention (DEP), stack smashing protection (SSP), address space layout

673 views • 34 slides
Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert

Address Space Randomization A n E f f e c t i v e I m p l e m e n t a t i o n Michael Cloppert May, 2006 Address Space Randomization Theory Randomize location of memory objects Libraries Heap User, kernel-space stack Foils attacks like

560 views • 15 slides
Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

10/21/2014 Processes, Address Spaces, and PROCESS Memory Management A running program and its associated data Jonathan Misurda jmisurda@cs.pitt.edu Processs Address Space Linux Address Space 0x7fffffff Stack Data (Heap) Data (Heap)

579 views • 3 slides
Buffer overflows (a security interlude) IA32 Linux Memory Layout ...

Buffer overflows (a security interlude) IA32 Linux Memory Layout ...

11/20/15 Buffer overflows (a security interlude) IA32 Linux Memory Layout ... FF ... How address space layout, the stack discipline, and C's lack of Stack

726 views • 4 slides
Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var

Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var

Recall: Address Space Map Somet imes St ack Biggest Reserved f or (Space f or local var iables et c. Vir t ual OS 13: Memory Management For each nest ed pr ocedur e call) Address St ack Point er Last Modif ied: Heap (Space f or

322 views • 8 slides
fo for r th the co e coupled upled el elec ectric tric dri rives ves dat ataset aset

fo for r th the co e coupled upled el elec ectric tric dri rives ves dat ataset aset

Ke Kern rnel el man anifold ifold re regress gression ion fo for r th the co e coupled upled el elec ectric tric dri rives ves dat ataset aset Mirko ko Mazzolen leni Matteo Sca cande della lla Fabi bio Previd vidi

352 views • 33 slides
Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications need to be able to adjust the presentation of our interfaces. We need to dynamically reposition and resize our content in response to: Change in

681 views • 28 slides
Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications

Layout Dynamic layout Layout design pattern Layout strategies 2 Dynamic Layout Applications need to be able to adjust the presentation of our interfaces. We need to dynamically reposition and resize our content in response to: Change in

594 views • 26 slides
New Center 60 Prospect Street 2 Layout 3 3-D View 4 Vision Create a sacred space for

New Center 60 Prospect Street 2 Layout 3 3-D View 4 Vision Create a sacred space for

New Center 60 Prospect Street 2 Layout 3 3-D View 4 Vision Create a sacred space for teaching and training TriYoga practices, conducive to transformation and healing Provide space for growing community and class sizes Offer two

257 views • 9 slides
Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates

Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates

Program address space What does the OS loader do? 0x7ffffffff0000 Stack 8MB reserved Creates new process Sets up address space/segments Read executable file, load instructions, init global data 0x7ffff770000 Shared library

844 views • 16 slides
Process Layout and Function Calls CS 161 Spring 2017 1 / 8 Process Layout in Memory

Process Layout and Function Calls CS 161 Spring 2017 1 / 8 Process Layout in Memory

Process Layout and Function Calls CS 161 Spring 2017 1 / 8 Process Layout in Memory 0xc0000000 Stack Stack high address grows towards decreasing addresses. dynamic is initialized at run-time . growth Heap grow

440 views • 30 slides
and Threads CS 4411 Spring 2020 Outline for Today Intro to EGOS and GitHub Address Space

and Threads CS 4411 Spring 2020 Outline for Today Intro to EGOS and GitHub Address Space

Project 1, Processes, and Threads CS 4411 Spring 2020 Outline for Today Intro to EGOS and GitHub Address Space Layout Processes vs. Threads Context Switching Kernel vs. User-Level Threads Project 1 Overview EGOS Grass

725 views • 23 slides
showmappings by Cheli Jefry Amarpal Singh Implementation First we convert the address from a

showmappings by Cheli Jefry Amarpal Singh Implementation First we convert the address from a

showmappings by Cheli Jefry Amarpal Singh Implementation First we convert the address from a string to a hexadecimal long using strtol. Implementation First we convert the address from a string to a hexadecimal long using strtol. Next we

196 views • 7 slides
} (pages and frames, respectively) free frames can be tracked using a simple bitmap Interpret VA as

} (pages and frames, respectively) free frames can be tracked using a simple bitmap Interpret VA as

Paging Virtual address Allocate VA & PA memory in fixed-sized chunks 32 bits } (pages and frames, respectively) free frames can be tracked using a simple bitmap Interpret VA as comprised of two components 0011111001111011110000 one bit/frame

198 views • 5 slides
MEETING WITH FORM TEACHERS 12 JAN 2019 Slides will be available for download on the LMS portal

MEETING WITH FORM TEACHERS 12 JAN 2019 Slides will be available for download on the LMS portal

MEETING WITH FORM TEACHERS 12 JAN 2019 Slides will be available for download on the LMS portal by Monday evening. FRONTLINERS LOOKING AFTER SEC 1 STUDENTS Student Development & Discipline Mr Adrian Goh Year Head (Lower Sec) Ext: 224

570 views • 30 slides
Budget & Finance Bill Update - 2013 Mike Hayes & Geraint Lewis Main topics Personal

Budget & Finance Bill Update - 2013 Mike Hayes & Geraint Lewis Main topics Personal

Budget & Finance Bill Update - 2013 Mike Hayes & Geraint Lewis Main topics Personal tax allowances & rates Inheritance tax New residence rules Mansion tax Anti-avoidance VAT & other indirect taxes

936 views • 89 slides
Mul$-Level Page Tables Level 2 Suppose: Tables

Mul$-Level Page Tables Level 2 Suppose: Tables

Mul$-Level Page Tables Level 2 Suppose: Tables 4KB (2 12 ) page size, 48-bit address space, 4-byte PTE Level 1 Problem:

434 views • 12 slides
A Few Problems with Physical Addressing Main memory 0: 1: Physical address 2: Virtual Memory

A Few Problems with Physical Addressing Main memory 0: 1: Physical address 2: Virtual Memory

A Few Problems with Physical Addressing Main memory 0: 1: Physical address 2: Virtual Memory 3: (PA) CPU 4: 4 5: Process Abstraction, Part 2: Private Address Space 6: 7: 8: ... M-1: Motivation : why not direct physical memory

376 views • 6 slides
Memory Virtualization: Paging Speed Prof. Patrick G. Bridges 1 University of New Mexico

Memory Virtualization: Paging Speed Prof. Patrick G. Bridges 1 University of New Mexico

University of New Mexico Memory Virtualization: Paging Speed Prof. Patrick G. Bridges 1 University of New Mexico Speeding up Translation with a TLB Page table entries (PTEs) are cached in L1 like any other memory word PTEs may be

328 views • 20 slides
Operating Systems Fall 2014 Page Table Management, TLBs, and Other Pragmatics Myungjin Lee

Operating Systems Fall 2014 Page Table Management, TLBs, and Other Pragmatics Myungjin Lee

Operating Systems Fall 2014 Page Table Management, TLBs, and Other Pragmatics Myungjin Lee myungjin.lee@ed.ac.uk 1 Address translation and page faults (refresher!) virtual address virtual page # offset physical memory page frame 0 page

693 views • 30 slides

More recommend