IBM 10 SP1 EAL4 5.5.3 Kernel memory management

•Read/Write flag: This flag contains access rights of the physical pages mapped by the table entry.

The R/W flag is either read/write or read. If set to 0, the corresponding page can only be read;

otherwise, the corresponding page can be written to or read. The R/W flag affects all physical pages

mapped by the table entry. That is, the R/W flag of the page map level-4 entry affects access to all

the 128 MB (512 x 512 x 512) physical pages it maps through the lower-level translation tables.

•User/Supervisor flag: This flag controls the privilege level that is required to access the page or page

table. The U/S flag is either 0, which indicates that the page can be accessed only in kernel mode, or

1, which indicates that it can always be accessed. This flag controls user access to all physical pages

mapped by the table entry. That is, the U/S flag of the page map level-4 entry affects access to all the

128 MB (512 x 512 x 512) physical pages it maps through the lower-level translation tables.

•No Execute flag: This flag controls the ability to execute code from physical pages mapped by the

table entry. When No Execute (NX) is set to 0, code can be executed from the mapped physical

pages. Otherwise, when set to one, it prevents code from being executed from the mapped physical

pages. This flag controls code execution from all physical pages mapped by the table entry. That is,

the NX flag of the page map level-4 entry affects all 128 MB (512 x 512 x 512) physical pages it

maps through the lower-level translation tables. The NX bit can only be set when the no-execute

page-protection feature is enabled by setting the NXE bit of the Extended Feature Enable Register

(EFER).

In addition to the R/W, U/S, and NX flags of the page entry, access control is also affected by the Write

Protect (WP) bit of register CR0. If the write protection is not enabled (Write Protect bit set to 0), a process

in kernel mode (CPL 0, 1 or 2) can write any physical page, even if it is marked as read-only. With write

protection enabled, a process in kernel mode cannot write into read-only, user, or supervisor pages.

The AMD Opteron processor includes an address translation cache called the Translation Lookaside Buffer

(TLB) to expedite linear-to-physical address translation. The TLB is built up as the kernel performs linear to

physical translations. Using the TLB, the kernel can quickly obtain a physical address corresponding to a

linear address, without going through the page tables. Because address translations obtained from the TLB do

not go through the paging access control mechanism described in Section 5.5.2.1.2, the kernel flushes the

TLB buffer every time a process switch occurs between two regular processes. This process enforces the

access control mechanism implemented by paging, as described in Section 5.5.2.1.2.

5.5.3 Kernel memory management

A portion of the RAM is permanently assigned to the SLES kernel. This memory stores kernel code and

static data. The remaining part of RAM, called dynamic memory, is needed by the processes and the kernel

itself.

Kernel memory management is highly improved in the SLES 2.6 kernel. Better memory management

capabilities include support for Non Uniform Memory Access (NUMA) servers, Reverse map Virtual

Memory (Rmap VM), huge TLBs, and Remap_file_pages. The following sections describe these

improvements, and also describe page frame management, memory area management, and noncontiguous

memory area management.

123