IBM 10 SP1 EAL4 Manual De Usuario
•
A system call interface is provided to provide restricted access to user processes. This interface
allows user processes to allocate and free storage, and also to perform memory-mapped file I/O.
allows user processes to allocate and free storage, and also to perform memory-mapped file I/O.
This section highlights the implementation of the System Architecture requirements of a) allowing the kernel
software to protect its own memory resources and b) isolating memory resources of one process from those of
another, while allowing controlled sharing of memory resources between user processes.
This section is divided into five subsections. The first subsection, Four-Level Page Tables discuss recent
changes to the Linux page table implementation. The second subsection, Memory Addressing, illustrates the
SLES kernel’s memory addressing scheme and highlights how segmentation and paging are used to prevent
unauthorized access to a memory address. The third subsection, Kernel Memory Management, describes how
the kernel allocates dynamic memory for its own use, and highlights how the kernel takes care of object reuse
while allocating new page frames. The fourth subsection, Process Address Space, describes how a process
views dynamic memory and what the different components of a process’s address space are. The forth
subsection also highlights how the kernel enforces access control with memory regions and handles object
reuse with demand paging. The final subsection, Symmetric Multiprocessing and Synchronization, describes
various SMP synchronization techniques used by the SLES kernel.
Because implementations of a portion of the memory management subsystem are dependent on the
underlying hardware architecture, the following subsections identify and describe, where appropriate, how the
hardware-dependent part of the memory management subsystem is implemented for the System x, System p,
System z, and eServer 326 line of servers, which are all part of the TOE.
software to protect its own memory resources and b) isolating memory resources of one process from those of
another, while allowing controlled sharing of memory resources between user processes.
This section is divided into five subsections. The first subsection, Four-Level Page Tables discuss recent
changes to the Linux page table implementation. The second subsection, Memory Addressing, illustrates the
SLES kernel’s memory addressing scheme and highlights how segmentation and paging are used to prevent
unauthorized access to a memory address. The third subsection, Kernel Memory Management, describes how
the kernel allocates dynamic memory for its own use, and highlights how the kernel takes care of object reuse
while allocating new page frames. The fourth subsection, Process Address Space, describes how a process
views dynamic memory and what the different components of a process’s address space are. The forth
subsection also highlights how the kernel enforces access control with memory regions and handles object
reuse with demand paging. The final subsection, Symmetric Multiprocessing and Synchronization, describes
various SMP synchronization techniques used by the SLES kernel.
Because implementations of a portion of the memory management subsystem are dependent on the
underlying hardware architecture, the following subsections identify and describe, where appropriate, how the
hardware-dependent part of the memory management subsystem is implemented for the System x, System p,
System z, and eServer 326 line of servers, which are all part of the TOE.
83
Figure 5-23: Memory subsystem and its interaction with other subsystems