Understanding Linux Kernel Page Faults: Causes and Handling Strategies

When a program accesses a virtual memory page that is not currently in physical RAM, the CPU raises a "page fault" exception. The operating system must handle this exception by loading the required page from disk into memory, a key step in Linux's virtual memory management.

Virtual Memory and the MMU

Linux processes use virtual addresses, which the Memory Management Unit (MMU) translates to physical addresses via page tables. This abstraction lets each process believe it has a large, contiguous address space while the kernel maps those virtual pages to actual physical frames, providing isolation and protection.

Core Data Structures

The kernel represents a process's virtual memory regions with struct vma_struct, which records the start and end addresses, flags, and links to other regions. A higher‑level struct mm_struct holds a list of all VMA structures, a cache pointer for fast lookup, the page directory pointer, and a pointer to the swap manager.

struct vma_struct {
    struct mm_struct *vm_mm;
    uintptr_t vm_start; // start addr of vma
    uintptr_t vm_end;   // end addr of vma
    uint32_t vm_flags; // flags of vma
    list_entry_t list_link; // sorted by start addr
};

#define VM_READ  0x00000001 // read‑only
#define VM_WRITE 0x00000002 // read‑write
#define VM_EXEC  0x00000004 // executable

struct mm_struct {
    list_entry_t mmap_list;   // list of vmas
    struct vma_struct *mmap_cache; // fast‑path cache
    pde_t *pgdir;            // page directory
    int map_count;           // number of vmas
    void *sm_priv;           // swap manager private data
};

Operations on these structures include vma_create, insert_vma_struct, and find_vma for VMA management, as well as mm_create and mm_destroy for the overall address space.

Page‑Fault Handling Flow

When a fault occurs, the CPU saves the faulting address in the CR2 register and pushes an error code onto the kernel stack. Control is transferred to page_fault_handler (vector 0xE). The kernel then dispatches to pgfault_handler and finally to do_pgfault:

trap → trap_dispatch → pgfault_handler → do_pgfault

do_pgfault

examines the faulting address, checks the associated VMA, validates access permissions, and decides whether to allocate a new physical page, map an existing one, or terminate the process for an illegal access.

Types of Page Faults

Hard (Major) Page Fault – the required page frame is absent from RAM; the kernel reads it from disk or swap.

Soft (Minor) Page Fault – the frame exists in RAM (e.g., shared memory) but no mapping is present; the kernel only updates the page tables.

Invalid Page Fault – the accessed virtual address is illegal (e.g., null pointer), leading to a SIGSEGV or kernel panic.

Root Causes

Faults arise from missing page‑table entries, pages that have been swapped out, or permission violations (e.g., writing to a read‑only page). The kernel uses the VMA list to determine whether the address is within a legitimate region before deciding on the handling strategy.

Example Code

A simple C program demonstrates demand paging: memory is allocated with malloc, but physical pages are not allocated until the program first writes to the allocated region, causing a page fault.

#include <stdio.h>
#include <stdlib.h>

int main() {
    int *ptr = (int *)malloc(1024 * sizeof(int)); // reserves virtual address space
    if (ptr == NULL) {
        perror("malloc failed");
        return 1;
    }
    // First access triggers a page fault
    ptr[0] = 100;
    printf("Value at ptr[0]: %d
", ptr[0]);
    free(ptr);
    return 0;
}

Performance Impact

Hard page faults involve slow disk I/O and can dramatically degrade system throughput, especially for memory‑intensive workloads such as databases. Soft faults are cheaper because they only require updating page‑table entries, but a high rate of soft faults still consumes CPU cycles.