Chapter 27 Further Reading: Memory Management

Open Assembly Language Project

Chapter 27 Further Reading: Memory Management

Primary References

Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 3A, Chapters 4 and 11 https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html Chapter 4 (Paging) is the hardware specification for page tables: exact entry formats, TLB behavior, large pages, CR3, INVLPG semantics. Chapter 11 (Memory Cache Control) covers TLB architecture, cache types, write-combining, and MTRR. These are the authoritative sources for all bit-level details.

OSDev Wiki — Paging https://wiki.osdev.org/Paging Practical guide to implementing page tables, with annotated C and assembly code. Covers the 3 and 4-level cases, identity mapping, higher-half kernel setup, and debugging page table issues. Also covers the ISA extension for 5-level paging (LA57).

"Understanding the Linux Virtual Memory Manager" — Mel Gorman (book, freely available online) https://www.kernel.org/doc/gorman/ A complete reference to the Linux virtual memory implementation: zone allocator, buddy system, slab allocator, page fault handling, reverse mapping, swap. Chapter 3 (Page Table Management) maps directly to this chapter's content. The closest you can get to a complete technical reference for Linux memory management without reading kernel source directly.

Deep Dives

"How the Kernel Manages Your Memory" — Gustavo Duarte https://manybutfinite.com/post/how-the-kernel-manages-your-memory/ An illustrated walkthrough of a process's virtual address space as seen from the kernel perspective: VMAs (vm_area_struct), the mm_struct, page table hierarchy. Shows how a simple malloc(1) request winds through libc, brk, and the kernel.

Linux Kernel Source — mm/fault.c https://elixir.bootlin.com/linux/latest/source/mm/fault.c The Linux page fault handler. The function do_page_fault → __do_page_fault → handle_mm_fault → handle_pte_fault implements the dispatch logic: demand paging, COW, anonymous pages, file-backed pages. Reading this with the chapter as background reveals exactly how production kernels handle the cases described here.

"ptmalloc, tcmalloc, jemalloc, mimalloc" — Comparison https://gperftools.github.io/gperftools/tcmalloc.html How different malloc implementations work, their internal structures, and performance characteristics. The chunk header format, free list management, and thread caching all affect security vulnerability classes (use-after-free, double-free, heap overflow). Understanding the allocator's data structures is prerequisite for heap exploitation research.

Tools

vmmap (pwndbg extension for GDB) https://github.com/pwndbg/pwndbg vmmap in pwndbg shows a formatted, color-coded view of a process's memory mappings, highlighting read/write/execute permissions. Essential for exploit development and memory corruption analysis. Works as a GDB plugin and shows the physical backing (file, anonymous, heap, stack) for each region.

/proc/<pid>/pagemap — Physical Address Lookup https://www.kernel.org/doc/html/latest/admin-guide/mm/pagemap.html The kernel interface for mapping virtual pages to physical frame numbers. Reading /proc/self/pagemap lets you (with appropriate permissions) determine the physical address of any virtual page in your process. Used in timing side-channel attacks, memory deduplication research, and memory forensics.

pmap(1) — Linux Memory Map Tool https://man7.org/linux/man-pages/man1/pmap.1.html pmap -x <pid> shows detailed memory usage by region: virtual size, resident size (physical pages actually in RAM), shared vs. private pages. Useful for understanding memory consumption and detecting memory leaks at the page level. Built on /proc/<pid>/maps and /proc/<pid>/smaps.