Linux Process Memory Layout: task_struct, mm_struct, and VMA Explained

Overview

The article summarizes Linux process memory management, building on previous kernel knowledge and a referenced blog. It presents a detailed diagram of the Linux memory layout and explains the structures that describe a process and its virtual memory.

Key Structures

Each Linux process is represented by a task_struct (process descriptor). Within this structure, the mm_struct field acts as the memory descriptor, holding information about all virtual memory regions of the process.

The mm_struct records the start and end addresses of each memory segment, the resident set size (RSS), the virtual address space size (VSZ), the collection of virtual memory areas (VMAs), and the page tables.

Memory Segments

The process address space consists of:

Code segment (Text)

Data segment (initialized globals and static variables)

BSS segment (uninitialized globals and static variables)

Heap

Memory‑mapped area

Stack

Each contiguous virtual memory region is described by a vm_area_struct . This structure stores the region’s start and end addresses, access flags, and the associated file (if any). Anonymous regions have no file mapping.

Example: /bin/gonzo Process

The diagram shows the memory layout of the /bin/gonzo process. The binary is mapped into the code and data segments (code is read‑only and executable). Global and static uninitialized variables reside in the BSS segment as anonymous mappings. Both the heap and stack are also anonymous. The memory‑mapped area can contain shared libraries, file mappings, or anonymous mappings, depending on the associated file.

All vm_area_struct instances are stored in the mm_struct as a singly linked list and a red‑black tree. The red‑black tree, whose root is in the mm_rb field, enables fast lookup of a specific memory block. Traversing the list produces the contents of /proc/<pid>/maps.

Page Tables and Physical Memory

Linear (virtual) addresses are translated to physical addresses via page tables. Each process’s mm_struct holds a pointer to its page‑global directory ( pgd), linking virtual pages to page‑table entries.

Virtual memory itself holds no data; it merely maps address space to physical memory. Physical pages are allocated by the kernel’s buddy system. When a physical page is not yet mapped, it remains anonymous until a page‑fault occurs, at which point the kernel allocates a physical page and updates the page‑table entry.

Page‑Fault Example

An illustration shows three pages mapped to physical memory and two pages unmapped, resulting in an RSS of 12 KB and a virtual size of 20 KB. Mapped pages have the Present flag set to 1; unmapped pages have it cleared, causing a page‑fault on access.

Heap Expansion and Page Fault Handling

Initially, the heap contains 8 KB of memory, all mapped to physical pages.

Calling brk() expands the heap; the new pages are not yet mapped.

When the CPU accesses an address in the newly allocated region, a page‑fault occurs.

The kernel requests a physical page from the buddy system, maps it to the virtual address, creates a page‑table entry, and sets the Present bit.

Key Takeaways

1. Every segment of a Linux process’s memory layout is represented by a vm_area_struct , which describes a contiguous range of virtual addresses.

2. Memory requests first extend or create a vm_area_struct without immediately allocating physical memory; physical pages are only assigned when a page‑fault occurs, at which point the kernel fulfills the request.