Chapter 27 Quiz: Memory Management

Open Assembly Language Project

Chapter 27 Quiz: Memory Management

1. Which CPU register holds the physical address of the PML4 (top-level page table)?

A) CR0 B) CR2 C) CR3 D) CR4

Answer: C — CR3 holds the physical base address of the PML4 table (aligned to 4KB). The CPU reads CR3 to begin every page table walk. On a context switch, the OS writes a new value to CR3 to switch to a new process's address space, which flushes the TLB.

2. In a 4-level x86-64 page table, how many bits of the virtual address are used for the page offset?

A) 9 bits B) 12 bits C) 16 bits D) 21 bits

Answer: B — The page offset is 12 bits, corresponding to 4096 bytes (2¹² = 4096) — one 4KB page. The remaining bits (47:12) are used for the four table indices, 9 bits each.

3. What happens when a page table entry has the Present (P) bit cleared?

A) The page is read-only B) The page can only be accessed by the kernel C) Accessing the virtual address causes a page fault (#PF, vector 14) D) The entry is ignored and the CPU uses the next entry

Answer: C — When P=0, the CPU fires a page fault. The kernel's #PF handler then determines why the page is not present (demand paging, swapped out, invalid access) and either maps the page or sends SIGSEGV.

4. What is the purpose of the NX (No-Execute) bit in a page table entry?

A) It prevents other processes from accessing the page B) It prevents execution of code from that page, even if data is present C) It marks the page as belonging to the kernel D) It prevents caching of the page's contents

Answer: B — Setting the NX bit (bit 63) in a PT entry prevents the CPU from executing code in that page. If code fetch is attempted and the NX bit is set, a page fault fires with the I bit set in the error code. This prevents code injection exploits on data pages.

5. A page fault error code of 0b000010 (binary) means:

A) Not-present page, write attempt, kernel mode B) Not-present page, write attempt, user mode C) Present page, read attempt, kernel mode D) Present page, write attempt, user mode

Answer: A — Error code bits: P=0 (not present), W=1 (write caused it), U=0 (kernel mode). Bit 0=0 means not present, bit 1=1 means write, bit 2=0 means kernel. Note: this would be unusual — usually page faults occur in user mode (bit 2 = 1).

6. What does INVLPG [addr] do?

A) Marks the page at addr as invalid in the page table B) Flushes the TLB entry for the virtual address in brackets C) Invalidates the entire TLB D) Prevents future access to the specified page

Answer: B — INVLPG invalidates a single TLB entry for the specified virtual address. After modifying a page table entry (e.g., after mapping a new page or changing permissions), you must execute INVLPG for the affected address to ensure the CPU uses the updated mapping rather than a stale TLB entry.

7. When a process calls fork(), why is physical memory not immediately doubled?

A) The kernel uses compression to store the child's pages B) The child shares the parent's page tables with copy-on-write (COW) semantics C) The kernel defers copying until the child calls exec() D) Both processes share the same virtual address space

Answer: B — After fork, both parent and child have their pages marked read-only and copy-on-write. Physical pages are shared. Only when either process writes to a COW page does the kernel allocate a new physical frame, copy the content, and remap the writing process's virtual page to the new frame.

8. What is the TLB (Translation Lookaside Buffer)?

A) A software cache maintained by the OS kernel for page table entries B) A hardware cache in the CPU that stores recent virtual-to-physical translations C) The buffer that holds page table entries waiting to be written to memory D) A per-core cache of recently used physical pages

Answer: B — The TLB is a hardware cache that stores recent virtual-to-physical address translations. On a TLB hit, the CPU uses the cached translation without consulting the page tables. On a TLB miss, the CPU performs the full 4-level walk and caches the result.

9. How does glibc's malloc() handle a request for 1MB of memory?

A) It extends the heap using sys_brk B) It allocates directly from the stack C) It calls sys_mmap with MAP_PRIVATE|MAP_ANONYMOUS D) It reuses existing free memory regardless of size

Answer: C — For large allocations (≥ ~128KB, controlled by M_MMAP_THRESHOLD), glibc bypasses the heap and calls mmap directly. The mapping is completely independent of the heap arena. When freed, the mapping is unmapped with munmap, returning the memory immediately to the OS.

10. In /proc/self/maps, a line with permissions r-xp means:

A) Read, write, executable, private B) Read, no-write, executable, private (copy-on-write) C) Read-only, no-execute, protected D) Read, execute, extra-permissions, protected

Answer: B — r = readable, - = not writable, x = executable, p = private (copy-on-write; changes are not written back to the file). This is the typical permission for code (.text) sections of executables and shared libraries.

11. What is the virtual address range of user space on Linux x86-64 (with 4-level paging)?

A) 0x0 to 0xFFFFFFFF (4GB) B) 0x0 to 0x7FFFFFFFFFFFFFFF (128TB) C) 0x0 to 0xFFFFFFFFFFFFFFFF (full 64-bit) D) 0x0 to 0x000FFFFFFFFFFFFF (4PB)

Answer: B — With 4-level paging (48-bit virtual addresses), user space occupies the lower canonical half: 0x0000000000000000 to 0x00007FFFFFFFFFFF, which is 2⁴⁷ bytes = 128TB.

12. What is the purpose of ASLR (Address Space Layout Randomization)?

A) Allocates memory faster by randomizing the allocator state B) Randomizes base addresses of heap, stack, and libraries to prevent hardcoded-address exploits C) Ensures that all processes get an equal share of physical memory D) Prevents fragmentation by randomizing allocation order

Answer: B — ASLR randomizes the virtual addresses where the heap, stack, and shared libraries are loaded on each execution. This makes exploits that depend on hardcoded addresses (return addresses for ROP, shellcode injection locations) fail, because the attacker cannot predict where their target code/data will be in memory.

13. A 2MB huge page in x86-64 is enabled by:

A) Setting the P bit in the PML4 entry B) Setting the PS bit in the PD entry (page directory) C) Setting a special bit in CR0 D) Using the PDPE1GB CPUID feature flag in the PDP entry

Answer: B — A 2MB huge page is enabled by setting the PS (Page Size) bit in a Page Directory (PD) entry. Instead of the PD entry pointing to a Page Table, it points directly to a 2MB-aligned physical page. 1GB huge pages set PS in the PDP entry.

14. In the bitmap physical memory allocator, what does BTS (Bit Test and Set) accomplish?

A) Tests if a bit is set; if not, returns an error B) Atomically reads a bit and sets it to 1, returning the old value C) Searches for set bits in a bit field D) Sets all bits in a qword to 1

Answer: B — BTS [mem], bit atomically tests the specified bit and sets it to 1. The original value is in CF. This is used in the allocator to mark a page frame as "in use" and simultaneously detect if it was already in use (though in a single-CPU kernel, atomicity is less critical).

15. The "canonical hole" in x86-64 virtual address space refers to:

A) A reserved area for kernel use below the user stack B) The range of addresses where bits 63:48 are not a sign extension of bit 47 (non-canonical) C) The memory region where the BIOS legacy ROM is mapped D) The physical address space above 4GB that must be accessed through PAE

Answer: B — Virtual addresses must be "canonical": bits 63:48 must equal bit 47 (sign extension). Addresses like 0x0000800000000000 violate this rule. The CPU generates a #GP fault if you try to use a non-canonical address. This creates a large unused "hole" between user space (0x00007FFF...) and kernel space (0xFFFF800...) that separates them without needing page table entries.