How does kernel know, which pages in the virtual address space correspond to a swapped out physical page frame?

Linux: When swap file is used the Page Table Entry gets updated with one marked as invalid and holding information about where it is saved in the swap file. That is: an index to the swap_info array and an offset within the swap_map. Example from (an a bit old) Page Table Entry type (pte_t) on … Read more

How is it possible to access memory of other processes?

In all likelyhood, the tool uses ReadProcessMemory or some variant, which requires PROCESS_VM_READ access. With respect to your “malicious” comment, remember that you (or the process invoking this API, which likely needs Administrator-level permissions) already has total control over the machine. The security game is already lost at this point.

Physical or virtual addressing is used in processors x86/x86_64 for caching in the L1, L2 and L3?

The answer to your question is – it depends. That’s strictly a CPU design decision, which balances over the tradeoff between performance and complexity. Take for example recent Intel Core processors – they’re physically tagged and virtually indexed (at least according to http://www.realworldtech.com/sandy-bridge/7/). This means that the caches can only complete lookups in pure physical … Read more

What exactly do shadow page tables (for VMMs) do?

Shadow page tables are used by the hypervisor to keep track of the state in which the guest “thinks” its page tables should be. The guest can’t be allowed access to the hardware page tables because then it would essentially have control of the machine. So, the hypervisor keeps the “real” mappings (guest virtual -> … Read more

segmentation fault vs page fault

These two things are very dissimilar, actually. A segmentation fault means a program tried to access an invalid or illegal memory address: for example, 0, or a value larger than any valid pointer. A page fault is when a pointer tries to access a page of address space that’s currently not mapped onto physical memory, … Read more

Can’t understand Belady’s anomaly

The reason that when using FIFO, increasing the number of pages can increase the fault rate in some access patterns, is because when you have more pages, recently requested pages can remain at the bottom of the FIFO queue longer. Consider the third time that “3” is requested in the wikipedia example here: http://en.wikipedia.org/wiki/Belady%27s_anomaly Page … Read more

Difference between physical/logical/virtual memory address

My answer is true for Intel CPUs running on a modern Linux system, and I am speaking about user-level processes, not kernel code. Still, I think it’ll give you some insight enough to think about the other possibilities Address Types Regarding question 3: I have come across discussion that virtual and logical addresses/address space are … Read more