IBM 10 SP1 EAL4 Manuel D’Utilisation
•
Read/Write flag: This flag contains access rights of the physical pages mapped by the table entry.
The R/W flag is either read/write or read. If set to 0, the corresponding page can only be read;
otherwise, the corresponding page can be written to or read. The R/W flag affects all physical pages
mapped by the table entry. That is, the R/W flag of the page map level-4 entry affects access to all
the 128 MB (512 x 512 x 512) physical pages it maps through the lower-level translation tables.
The R/W flag is either read/write or read. If set to 0, the corresponding page can only be read;
otherwise, the corresponding page can be written to or read. The R/W flag affects all physical pages
mapped by the table entry. That is, the R/W flag of the page map level-4 entry affects access to all
the 128 MB (512 x 512 x 512) physical pages it maps through the lower-level translation tables.
•
User/Supervisor flag: This flag controls the privilege level that is required to access the page or page
table. The U/S flag is either 0, which indicates that the page can be accessed only in kernel mode, or
1, which indicates that it can always be accessed. This flag controls user access to all physical pages
mapped by the table entry. That is, the U/S flag of the page map level-4 entry affects access to all the
128 MB (512 x 512 x 512) physical pages it maps through the lower-level translation tables.
table. The U/S flag is either 0, which indicates that the page can be accessed only in kernel mode, or
1, which indicates that it can always be accessed. This flag controls user access to all physical pages
mapped by the table entry. That is, the U/S flag of the page map level-4 entry affects access to all the
128 MB (512 x 512 x 512) physical pages it maps through the lower-level translation tables.
•
No Execute flag: This flag controls the ability to execute code from physical pages mapped by the
table entry. When No Execute (NX) is set to 0, code can be executed from the mapped physical
pages. Otherwise, when set to one, it prevents code from being executed from the mapped physical
pages. This flag controls code execution from all physical pages mapped by the table entry. That is,
the NX flag of the page map level-4 entry affects all 128 MB (512 x 512 x 512) physical pages it
maps through the lower-level translation tables. The NX bit can only be set when the no-execute
page-protection feature is enabled by setting the NXE bit of the Extended Feature Enable Register
(EFER).
table entry. When No Execute (NX) is set to 0, code can be executed from the mapped physical
pages. Otherwise, when set to one, it prevents code from being executed from the mapped physical
pages. This flag controls code execution from all physical pages mapped by the table entry. That is,
the NX flag of the page map level-4 entry affects all 128 MB (512 x 512 x 512) physical pages it
maps through the lower-level translation tables. The NX bit can only be set when the no-execute
page-protection feature is enabled by setting the NXE bit of the Extended Feature Enable Register
(EFER).
In addition to the R/W, U/S, and NX flags of the page entry, access control is also affected by the Write
Protect (WP) bit of register CR0. If the write protection is not enabled (Write Protect bit set to 0), a process
in kernel mode (CPL 0, 1 or 2) can write any physical page, even if it is marked as read-only. With write
protection enabled, a process in kernel mode cannot write into read-only, user, or supervisor pages.
Protect (WP) bit of register CR0. If the write protection is not enabled (Write Protect bit set to 0), a process
in kernel mode (CPL 0, 1 or 2) can write any physical page, even if it is marked as read-only. With write
protection enabled, a process in kernel mode cannot write into read-only, user, or supervisor pages.
5.5.2.5.7 Translation Lookaside Buffers
The AMD Opteron processor includes an address translation cache called the Translation Lookaside Buffer
(TLB) to expedite linear-to-physical address translation. The TLB is built up as the kernel performs linear to
physical translations. Using the TLB, the kernel can quickly obtain a physical address corresponding to a
linear address, without going through the page tables. Because address translations obtained from the TLB do
not go through the paging access control mechanism described in Section 5.5.2.1.2, the kernel flushes the
TLB buffer every time a process switch occurs between two regular processes. This process enforces the
access control mechanism implemented by paging, as described in Section 5.5.2.1.2.
(TLB) to expedite linear-to-physical address translation. The TLB is built up as the kernel performs linear to
physical translations. Using the TLB, the kernel can quickly obtain a physical address corresponding to a
linear address, without going through the page tables. Because address translations obtained from the TLB do
not go through the paging access control mechanism described in Section 5.5.2.1.2, the kernel flushes the
TLB buffer every time a process switch occurs between two regular processes. This process enforces the
access control mechanism implemented by paging, as described in Section 5.5.2.1.2.
5.5.3 Kernel memory management
A portion of the RAM is permanently assigned to the SLES kernel. This memory stores kernel code and
static data. The remaining part of RAM, called dynamic memory, is needed by the processes and the kernel
itself.
Kernel memory management is highly improved in the SLES 2.6 kernel. Better memory management
capabilities include support for Non Uniform Memory Access (NUMA) servers, Reverse map Virtual
Memory (Rmap VM), huge TLBs, and Remap_file_pages. The following sections describe these
improvements, and also describe page frame management, memory area management, and noncontiguous
memory area management.
static data. The remaining part of RAM, called dynamic memory, is needed by the processes and the kernel
itself.
Kernel memory management is highly improved in the SLES 2.6 kernel. Better memory management
capabilities include support for Non Uniform Memory Access (NUMA) servers, Reverse map Virtual
Memory (Rmap VM), huge TLBs, and Remap_file_pages. The following sections describe these
improvements, and also describe page frame management, memory area management, and noncontiguous
memory area management.
123