It seems that on Windows 32 bit, kernel will reserve 1G of virtual memory from the totally 4G user virtual memory space and map some of the kernel space into this 1G space.
So my questions are:
- Is there any similiar situation on 32 bit Linux?
- If so, how can we see the whole memory layout ?
I think
cat /proc/pid/map
can only see the user space layout of certain process..
Thank you!
Actually, on 32-bit Windows, without the
/3G
boot option, the kernel is mapped at the top 2GB of linear address space, leaving 2GB for user process.Linux does a similar thing, but it maps the kernel in the top 1GB of linear space, thus leaving 3GB for user process.
I don't know if you can peek the entire memory layout by just using the /proc filesystem. For a lab I designed for my students, I created a tiny device driver that allows a user to peek at an physical memory address, and get the contents of several control registers, such as CR3 (directory page base address).
By using these two operations, one can walk through the directory page of the current process (the one which is doing this operation) and see which pages are present, which ones are owned by the user and the kernel, or just by the kernel, which ones are read/write or read only, etc. With that information, they have to display a map showing memory usage, including kernel space.
Take a look at this PDF. It's the compiled version of all the labs we did in my course. http://www.atc.us.es/asignaturas/tpbn/PracticasTPBN2011.pdf
On page 36 of PDF (page 30 of the document) you will see how a memory map looks like. This is the result of doing exercise #3.2 from lab #3.
The text is in spanish, but I'm sure you can use a translator or something like that if there are things you cannot understand. This labs assumes the student has previously read about how the paging system works and how to interpret the layout of the directory and page entries.
The map is like this. A 16x64 block. Each cell in the block represents 4MB of the current process virtual address space. The map should be tridimensional, as there are 4MB regions that are described by a page table with 1024 entries (pages), and not all pages may be present, but to keep the map clear, the exercise requires the user to collapse these regions, showing the contents of the first page entry that describes a present page, in the hope that all subsequents pages in that page table share the same attributes (which may or may not be actually true).
This map is used with kernels 2.6.X. in which
PAE
is not used, andPSE
is used (PAE
andPSE
being two bit fields from control registerCR4
).PAE
enables 2MB pages andPSE
enables 4MB pages. 4KB pages are always available.You can see there is a vast space of 3GB of memory, almost empty in this case (the process is just a little C application, and uses less than 4MB, all contained in a page table, whose first present page is a read only page, assumed to be part of the program code, or maybe static strings).
Near the 3GB border there are two small regions read/write, which may belong to shared libraries loaded by the user program.
The last 4 rows (256 directory entries) belong almost all of them to the kernel. There are 224 entries which are actually being present and used. These maps the first 896MB of physical memory and it's the space in where the kernel lives. The last 32 entries are used by the kernel to access physical memory beyond the 896MB mark in systems with more than 896MB RAM.