DOCSLIB.ORG

Understanding the Linux Virtual Memory Manager

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Understanding the Linux Virtual Memory Manager 1 Understanding The Linux Virtual Memory Manager Mel Gorman 15th February 2004 Contents List of Figures 5 List of Tables 7 Acknowledgements 9 1 Introduction 12 1.1 General Kernel Literature . 13 1.2 Thesis Overview . 14 1.3 Typographic Conventions . 14 1.4 About this Document . 14 1.5 Companion CD . 15 2 Code Management 17 2.1 Managing the Source . 17 2.2 Getting Started . 23 2.3 Submitting Work . 24 3 Describing Physical Memory 26 3.1 Nodes . 27 3.2 Zones . 29 3.3 Pages . 31 3.4 High Memory . 33 4 Page Table Management 36 4.1 Describing the Page Directory . 37 4.2 Describing a Page Table Entry . 38 4.3 Using Page Table Entries . 39 4.4 Translating and Setting Page Table Entries . 42 4.5 Allocating and Freeing Page Tables . 42 4.6 Kernel Page Tables . 43 4.7 Mapping addresses to struct pages .................. 44 5 Process Address Space 47 5.1 Linear Address Space . 48 5.2 Managing the Address Space . 49 2 CONTENTS 3 5.3 Process Address Space Descriptor . 50 5.4 Memory Regions . 55 5.5 Exception Handling . 70 5.6 Page Faulting . 71 5.7 Copying To/From Userspace . 77 6 Boot Memory Allocator 80 6.1 Representing the Boot Map . 81 6.2 Initialising the Boot Memory Allocator . 81 6.3 Allocating Memory . 83 6.4 Freeing Memory . 85 6.5 Retiring the Boot Memory Allocator . 85 7 Physical Page Allocation 90 7.1 Managing Free Blocks . 90 7.2 Allocating Pages . 91 7.3 Free Pages . 94 7.4 Get Free Page (GFP) Flags . 95 7.5 Avoiding Fragmentation . 97 8 Non-Contiguous Memory Allocation 100 8.1 Describing Virtual Memory Areas . 100 8.2 Allocating A Non-Contiguous Area . 101 8.3 Freeing A Non-Contiguous Area . 102 9 Slab Allocator 104 9.1 Caches . 106 9.2 Slabs . 116 9.3 Objects . 122 9.4 Sizes Cache . 123 9.5 Per-CPU Object Cache . 125 9.6 Slab Allocator Initialisation . 128 9.7 Interfacing with the Buddy Allocator . 128 10 High Memory Management 130 10.1 Managing the PKMap Address Space . 130 10.2 Mapping High Memory Pages . 131 10.3 Mapping High Memory Pages Atomically . 133 10.4 Bounce Buffers . 134 10.5 Emergency Pools . 136 11 Page Frame Reclamation 138 11.1 Pageout Daemon (kswapd) . 139 11.2 Page Cache . 140 11.3 Manipulating the Page Cache . 141 11.4 Shrinking all caches . 145 CONTENTS 4 11.5 Swapping Out Process Pages . 145 11.6 Page Replacement Policy . 147 12 Swap Management 150 12.1 Describing the Swap Area . 151 12.2 Mapping Page Table Entries to Swap Entries . 154 12.3 Allocating a swap slot . 155 12.4 Swap Cache . 157 12.5 Activating a Swap Area . 158 12.6 Deactivating a Swap Area . 160 12.7 Swapping In Pages . 161 12.8 Swapping Out Pages . 162 12.9 Reading/Writing the Swap Area . 162 13 Out Of Memory Management 164 13.1 Selecting a Process . 165 13.2 Killing the Selected Process . 165 14 Conclusion 166 List of Figures 2.1 Example Patch . 20 3.1 Relationship Between Nodes, Zones and Pages . 27 4.1 Linear Address Bit Size Macros . 37 4.2 Linear Address Size and Mask Macros . 38 4.3 Page Table Layout . 40 4.4 Call Graph: paging_init() ....................... 44 5.1 Kernel Address Space . 48 5.2 Data Structures related to the Address Space . 57 5.3 Memory Region Flags . 58 5.4 Call Graph: sys_mmap2() ........................ 63 5.5 Call Graph: get_unmapped_area() ................... 64 5.6 Call Graph: insert_vm_struct() .................... 65 5.7 Call Graph: sys_mremap() ........................ 67 5.8 Call Graph: move_vma() ......................... 67 5.9 Call Graph: move_page_tables() .................... 68 5.10 Call Graph: sys_mlock() ........................ 69 5.11 Call Graph: do_munmap() ........................ 70 5.12 Call Graph: do_page_fault() ...................... 73 5.13 Call Graph: handle_mm_fault() .................... 74 5.14 Call Graph: do_no_page() ........................ 75 5.15 Call Graph: do_swap_page() ...................... 76 5.16 Call Graph: do_wp_page() ........................ 77 5.17 do_page_fault Flow Diagram . 79 6.1 Call Graph: setup_memory() ...................... 82 6.2 Call Graph: __alloc_bootmem() .................... 84 6.3 Call Graph: mem_init() ......................... 86 7.1 Free page block management . 91 7.2 Allocating physical pages . 93 7.3 Call Graph: alloc_pages() ....................... 93 7.4 Call Graph: __free_pages() ...................... 94 5 LIST OF FIGURES 6 8.1 vmalloc Address Space . 101 8.2 Call Graph: vmalloc() . 102 8.3 Call Graph: vfree() . 103 9.1 Layout of the Slab Allocator . 105 9.2 Call Graph: kmem_cache_create() . 113 9.3 Call Graph: kmem_cache_reap() . 114 9.4 Call Graph: kmem_cache_shrink() . 115 9.5 Call Graph: __kmem_cache_shrink() . 115 9.6 Call Graph: kmem_cache_destroy() . 116 9.7 Page to Cache and Slab Relationship . 117 9.8 Slab With Descriptor On-Slab . 118 9.9 Slab With Descriptor Off-Slab . 119 9.10 Call Graph: kmem_cache_grow() . 120 9.11 Initialised kmem_bufctl_t Array . 120 9.12 Call Graph: kmem_slab_destroy() . 122 9.13 Call Graph: kmem_cache_alloc() . 123 9.14 Call Graph: kmalloc() . 125 9.15 Call Graph: kfree() . 125 10.1 Call Graph: kmap() ............................131 10.2 Call Graph: kunmap() . 133 10.3 Call Graph: create_bounce() . 134 10.4 Call Graph: bounce_end_io_read/write() . 135 10.5 Acquiring Pages from Emergency Pools . 137 11.1 Call Graph: kswapd() . 139 11.2 Call Graph: generic_file_read() . 142 11.3 Call Graph: add_to_page_cache() . 143 11.4 Call Graph: shrink_caches() . 146 11.5 Call Graph: swap_out() . 147 11.6 Page Cache LRU List . 148 12.1 Storing Swap Entry Information in swp_entry_t . 155 12.2 Call Graph: get_swap_page() . 156 12.3 Adding a Page to the Swap Cache . 158 12.4 Call Graph: add_to_swap_cache() . 159 12.5 Call Graph: sys_writepage() . 162 13.1 Call Graph: out_of_memory() . 164 List of Tables 1.1 Kernel size as an indicator of complexity . 12 3.1 Flags Describing Page Status . 34 3.2 Macros For Testing, Setting and Clearing Page Status Bits . 35 4.1 Page Table Entry Protection.
Load more

Recommended publications
  • Better Performance Through a Disk/Persistent-RAM Hybrid Design
    The Conquest File System: Better Performance Through a Disk/Persistent-RAM Hybrid Design AN-I ANDY WANG Florida State University GEOFF KUENNING Harvey Mudd College PETER REIHER, GERALD POPEK University of California, Los Angeles ________________________________________________________________________ Modern file systems assume the use of disk, a system-wide performance bottleneck for over a decade. Current disk caching and RAM file systems either impose high overhead to access memory content or fail to provide mechanisms to achieve data persistence across reboots. The Conquest file system is based on the observation that memory is becoming inexpensive, which enables all file system services to be delivered from memory, except providing large storage capacity. Unlike caching, Conquest uses memory with battery backup as persistent storage, and provides specialized and separate data paths to memory and disk. Therefore, the memory data path contains no disk-related complexity. The disk data path consists of only optimizations for the specialized disk usage pattern. Compared to a memory-based file system, Conquest incurs little performance overhead. Compared to several disk-based file systems, Conquest achieves 1.3x to 19x faster memory performance, and 1.4x to 2.0x faster performance when exercising both memory and disk. Conquest realizes most of the benefits of persistent RAM at a fraction of the cost of a RAM-only solution. Conquest also demonstrates that disk-related optimizations impose high overheads for accessing memory content in a memory-rich environment. Categories and Subject Descriptors: D.4.2 [Operating Systems]: Storage Management—Storage Hierarchies; D.4.3 [Operating Systems]: File System Management—Access Methods and Directory Structures; D.4.8 [Operating Systems]: Performance—Measurements General Terms: Design, Experimentation, Measurement, and Performance Additional Key Words and Phrases: Persistent RAM, File Systems, Storage Management, and Performance Measurement ________________________________________________________________________ 1.
    [Show full text]
  • Virtual Memory
    Chapter 4 Virtual Memory Linux processes execute in a virtual environment that makes it appear as if each process had the entire address space of the CPU available to itself. This virtual address space extends from address 0 all the way to the maximum address. On a 32-bit platform, such as IA-32, the maximum address is 232 − 1or0xffffffff. On a 64-bit platform, such as IA-64, this is 264 − 1or0xffffffffffffffff. While it is obviously convenient for a process to be able to access such a huge ad- dress space, there are really three distinct, but equally important, reasons for using virtual memory. 1. Resource virtualization. On a system with virtual memory, a process does not have to concern itself with the details of how much physical memory is available or which physical memory locations are already in use by some other process. In other words, virtual memory takes a limited physical resource (physical memory) and turns it into an infinite, or at least an abundant, resource (virtual memory). 2. Information isolation. Because each process runs in its own address space, it is not possible for one process to read data that belongs to another process. This improves security because it reduces the risk of one process being able to spy on another pro- cess and, e.g., steal a password. 3. Fault isolation. Processes with their own virtual address spaces cannot overwrite each other’s memory. This greatly reduces the risk of a failure in one process trig- gering a failure in another process. That is, when a process crashes, the problem is generally limited to that process alone and does not cause the entire machine to go down.
    [Show full text]
  • Linux Physical Memory Analysis
    Linux Physical Memory Analysis Paul Movall International Business Machines Corporation 3605 Highway 52N, Rochester, MN Ward Nelson International Business Machines Corporation 3605 Highway 52N, Rochester, MN Shaun Wetzstein International Business Machines Corporation 3605 Highway 52N, Rochester, MN Abstract A significant amount of this information can alo be found in the /proc filesystem provided by the kernel. We present a tool suite for analysis of physical memory These /proc entries can be used to obtain many statis- usage within the Linux kernel environment. This tool tics including several related to memory usage. For ex- suite can be used to collect and analyze how the physi- ample, /proc/<pid>/maps can be used to display a pro- cal memory within a Linuxenvironment is being used. cess' virtual memory map. Likewise, the contents of / proc/<pid>/status can be used to retreive statistics about virtual memory usage as well as the Resident Set Size (RSS). Embedded subsystems are common in today's computer In most cases, this process level detail is sufficient to systems. These embedded subsystems range from the analyze memory usage. In systems that do not have very simple to the very complex. In such embedded sys- backing store, more details are often needed to analyze tems, memory is scarce and swap is non-existent. When memory usage. For example, it's useful to know which adapting Linux for use in this environment, we needed pages in a process' address map are resident, not just to keep a close eye on physical memory usage. how many. This information can be used to get some clues on the usage of a shared library.
    [Show full text]
  • Redhawk Linux User's Guide
    Linux® User’s Guide 0898004-520 May 2007 Copyright 2007 by Concurrent Computer Corporation. All rights reserved. This publication or any part thereof is intended for use with Concurrent products by Concurrent personnel, customers, and end–users. It may not be reproduced in any form without the written permission of the publisher. The information contained in this document is believed to be correct at the time of publication. It is subject to change without notice. Concurrent makes no warranties, expressed or implied, concerning the information contained in this document. To report an error or comment on a specific portion of the manual, photocopy the page in question and mark the correction or comment on the copy. Mail the copy (and any additional comments) to Concurrent Computer Corporation, 2881 Gateway Drive, Pompano Beach, Florida, 33069. Mark the envelope “Attention: Publications Department.” This publication may not be reproduced for any other reason in any form without written permission of the publisher. Concurrent Computer Corporation and its logo are registered trademarks of Concurrent Computer Corporation. All other Concurrent product names are trademarks of Concurrent while all other product names are trademarks or registered trademarks of their respective owners. Linux® is used pursuant to a sublicense from the Linux Mark Institute. Printed in U. S. A. Revision History: Date Level Effective With August 2002 000 RedHawk Linux Release 1.1 September 2002 100 RedHawk Linux Release 1.1 December 2002 200 RedHawk Linux Release 1.2 April 2003 300 RedHawk Linux Release 1.3, 1.4 December 2003 400 RedHawk Linux Release 2.0 March 2004 410 RedHawk Linux Release 2.1 July 2004 420 RedHawk Linux Release 2.2 May 2005 430 RedHawk Linux Release 2.3 March 2006 500 RedHawk Linux Release 4.1 May 2006 510 RedHawk Linux Release 4.1 May 2007 520 RedHawk Linux Release 4.2 Preface Scope of Manual This manual consists of three parts.
    [Show full text]
  • Chapter 3. Booting Operating Systems
    Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs.
    [Show full text]
  • ELF1 7D Virtual Memory
    ELF1 7D Virtual Memory Young W. Lim 2021-07-06 Tue Young W. Lim ELF1 7D Virtual Memory 2021-07-06 Tue 1 / 77 Outline 1 Based on 2 Virtual memory Virtual Memory in Operating System Physical, Logical, Virtual Addresses Kernal Addresses Kernel Logical Address Kernel Virtual Address User Virtual Address User Space Young W. Lim ELF1 7D Virtual Memory 2021-07-06 Tue 2 / 77 Based on "Study of ELF loading and relocs", 1999 http://netwinder.osuosl.org/users/p/patb/public_html/elf_ relocs.html I, the copyright holder of this work, hereby publish it under the following licenses: GNU head Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. CC BY SA This file is licensed under the Creative Commons Attribution ShareAlike 3.0 Unported License. In short: you are free to share and make derivative works of the file under the conditions that you appropriately attribute it, and that you distribute it only under a license compatible with this one. Young W. Lim ELF1 7D Virtual Memory 2021-07-06 Tue 3 / 77 Compling 32-bit program on 64-bit gcc gcc -v gcc -m32 t.c sudo apt-get install gcc-multilib sudo apt-get install g++-multilib gcc-multilib g++-multilib gcc -m32 objdump -m i386 Young W.
    [Show full text]
  • Isolation, Resource Management, and Sharing in Java
    Processes in KaffeOS: Isolation, Resource Management, and Sharing in Java Godmar Back, Wilson C. Hsieh, Jay Lepreau School of Computing University of Utah Abstract many environments for executing untrusted code: for example, applets, servlets, active packets [41], database Single-language runtime systems, in the form of Java queries [15], and kernel extensions [6]. Current systems virtual machines, are widely deployed platforms for ex- (such as Java) provide memory protection through the ecuting untrusted mobile code. These runtimes pro- enforcement of type safety and secure system services vide some of the features that operating systems pro- through a number of mechanisms, including namespace vide: inter-application memory protection and basic sys- and access control. Unfortunately, malicious or buggy tem services. They do not, however, provide the ability applications can deny service to other applications. For to isolate applications from each other, or limit their re- example, a Java applet can generate excessive amounts source consumption. This paper describes KaffeOS, a of garbage and cause a Web browser to spend all of its Java runtime system that provides these features. The time collecting it. KaffeOS architecture takes many lessons from operating To support the execution of untrusted code, type-safe system design, such as the use of a user/kernel bound- language runtimes need to provide a mechanism to iso- ary, and employs garbage collection techniques, such as late and manage the resources of applications, analogous write barriers. to that provided by operating systems. Although other re- The KaffeOS architecture supports the OS abstraction source management abstractions exist [4], the classic OS of a process in a Java virtual machine.
    [Show full text]
  • FIRM: Fair and High-Performance Memory Control for Persistent Memory Systems
    FIRM: Fair and High-Performance Memory Control for Persistent Memory Systems Jishen Zhao∗†, Onur Mutlu†, Yuan Xie‡∗ ∗Pennsylvania State University, †Carnegie Mellon University, ‡University of California, Santa Barbara, Hewlett-Packard Labs ∗ † ‡ [email protected], [email protected], [email protected] Abstract—Byte-addressable nonvolatile memories promise a new tech- works [54, 92] even demonstrated a persistent memory system with nology, persistent memory, which incorporates desirable attributes from performance close to that of a system without persistence support in both traditional main memory (byte-addressability and fast interface) memory. and traditional storage (data persistence). To support data persistence, a persistent memory system requires sophisticated data duplication Various types of physical devices can be used to build persistent and ordering control for write requests. As a result, applications memory, as long as they appear byte-addressable and nonvolatile that manipulate persistent memory (persistent applications) have very to applications. Examples of such byte-addressable nonvolatile different memory access characteristics than traditional (non-persistent) memories (BA-NVMs) include spin-transfer torque RAM (STT- applications, as shown in this paper. Persistent applications introduce heavy write traffic to contiguous memory regions at a memory channel, MRAM) [31, 93], phase-change memory (PCM) [75, 81], resis- which cannot concurrently service read and write requests, leading to tive random-access memory (ReRAM) [14, 21], battery-backed memory bandwidth underutilization due to low bank-level parallelism, DRAM [13, 18, 28], and nonvolatile dual in-line memory mod- frequent write queue drains, and frequent bus turnarounds between reads ules (NV-DIMMs) [89].1 and writes. These characteristics undermine the high-performance and fairness offered by conventional memory scheduling schemes designed As it is in its early stages of development, persistent memory for non-persistent applications.
    [Show full text]
  • Improving the Performance of Hybrid Main Memory Through System Aware Management of Heterogeneous Resources
    IMPROVING THE PERFORMANCE OF HYBRID MAIN MEMORY THROUGH SYSTEM AWARE MANAGEMENT OF HETEROGENEOUS RESOURCES by Juyoung Jung B.S. in Information Engineering, Korea University, 2000 Master in Computer Science, University of Pittsburgh, 2013 Submitted to the Graduate Faculty of the Kenneth P. Dietrich School of Arts and Sciences in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science University of Pittsburgh 2016 UNIVERSITY OF PITTSBURGH KENNETH P. DIETRICH SCHOOL OF ARTS AND SCIENCES This dissertation was presented by Juyoung Jung It was defended on December 7, 2016 and approved by Rami Melhem, Ph.D., Professor at Department of Computer Science Bruce Childers, Ph.D., Professor at Department of Computer Science Daniel Mosse, Ph.D., Professor at Department of Computer Science Jun Yang, Ph.D., Associate Professor at Electrical and Computer Engineering Dissertation Director: Rami Melhem, Ph.D., Professor at Department of Computer Science ii IMPROVING THE PERFORMANCE OF HYBRID MAIN MEMORY THROUGH SYSTEM AWARE MANAGEMENT OF HETEROGENEOUS RESOURCES Juyoung Jung, PhD University of Pittsburgh, 2016 Modern computer systems feature memory hierarchies which typically include DRAM as the main memory and HDD as the secondary storage. DRAM and HDD have been extensively used for the past several decades because of their high performance and low cost per bit at their level of hierarchy. Unfortunately, DRAM is facing serious scaling and power consumption problems, while HDD has suffered from stagnant performance improvement and poor energy efficiency. After all, computer system architects have an implicit consensus that there is no hope to improve future system’s performance and power consumption unless something fundamentally changes.
    [Show full text]
  • A Hybrid Swapping Scheme Based on Per-Process Reclaim for Performance Improvement of Android Smartphones (August 2018)
    Received August 19, 2018, accepted September 14, 2018, date of publication October 1, 2018, date of current version October 25, 2018. Digital Object Identifier 10.1109/ACCESS.2018.2872794 A Hybrid Swapping Scheme Based On Per-Process Reclaim for Performance Improvement of Android Smartphones (August 2018) JUNYEONG HAN 1, SUNGEUN KIM1, SUNGYOUNG LEE1, JAEHWAN LEE2, AND SUNG JO KIM2 1LG Electronics, Seoul 07336, South Korea 2School of Software, Chung-Ang University, Seoul 06974, South Korea Corresponding author: Sung Jo Kim ([email protected]) This work was supported in part by the Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education under Grant 2016R1D1A1B03931004 and in part by the Chung-Ang University Research Scholarship Grants in 2015. ABSTRACT As a way to increase the actual main memory capacity of Android smartphones, most of them make use of zRAM swapping, but it has limitation in increasing its capacity since it utilizes main memory. Unfortunately, they cannot use secondary storage as a swap space due to the long response time and wear-out problem. In this paper, we propose a hybrid swapping scheme based on per-process reclaim that supports both secondary-storage swapping and zRAM swapping. It attempts to swap out all the pages in the working set of a process to a zRAM swap space rather than killing the process selected by a low-memory killer, and to swap out the least recently used pages into a secondary storage swap space. The main reason being is that frequently swap- in/out pages use the zRAM swap space while less frequently swap-in/out pages use the secondary storage swap space, in order to reduce the page operation cost.
    [Show full text]
  • An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K
    An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K. Qureshi, and Karsten Schwan, Georgia Institute of Technology https://www.usenix.org/conference/atc16/technical-sessions/presentation/huang This paper is included in the Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC ’16). June 22–24, 2016 • Denver, CO, USA 978-1-931971-30-0 Open access to the Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC ’16) is sponsored by USENIX. An Evolutionary Study of inu emory anagement for Fun and rofit Jian Huang, Moinuddin K. ureshi, Karsten Schwan Georgia Institute of Technology Astract the patches committed over the last five years from 2009 to 2015. The study covers 4587 patches across Linux We present a comprehensive and uantitative study on versions from 2.6.32.1 to 4.0-rc4. We manually label the development of the Linux memory manager. The each patch after carefully checking the patch, its descrip- study examines 4587 committed patches over the last tions, and follow-up discussions posted by developers. five years (2009-2015) since Linux version 2.6.32. In- To further understand patch distribution over memory se- sights derived from this study concern the development mantics, we build a tool called MChecker to identify the process of the virtual memory system, including its patch changes to the key functions in mm. MChecker matches distribution and patterns, and techniues for memory op- the patches with the source code to track the hot func- timizations and semantics. Specifically, we find that tions that have been updated intensively.
    [Show full text]
  • A Comparison of Kernel Memory Protection for Docker Containers Across Host Operating Systems
    St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 5-2020 A Comparison of Kernel Memory Protection for Docker Containers Across Host Operating Systems Li Dai [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Dai, Li, "A Comparison of Kernel Memory Protection for Docker Containers Across Host Operating Systems" (2020). Culminating Projects in Information Assurance. 101. https://repository.stcloudstate.edu/msia_etds/101 This Thesis is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. A Comparison of Kernel Memory Protection for Docker Containers Across Host Operating Systems by Li Dai A Thesis Submitted to the Graduate Faculty of St. Cloud State University in Partial Fulfillment of the Requirements for the Degree of Master of Science in Information Assurance May 2020 Thesis Committee: Dennis Guster, Chairperson Erich Rice Balasubramanian Kasi 2 Abstract Object oriented programming concepts have been widely adopted by the modern design of enterprise applications, which relies on heap memory mapping, and re-use of pre-coded class libraries. Computing resource sharing such as containerization, is a popular way to effectively reduce operation overhead by enlarging the scale of kernel accessibility among distributed computer systems. Thus, proper isolation between processes, containers and host operating systems is a critical task to assure system wide information security.
    [Show full text]