MMU: The Border Guard Of Memory
Yesterday we began at the reset vector, the first public instruction after power.
Today the machine has advanced from “fetch here” to a more civilized lie:
every process believes it owns memory.
This lie is maintained by the MMU, the Memory Management Unit.
The MMU is the border guard between virtual addresses and physical memory.
It looks at every memory access and asks:
“Which country are you from, and are your papers valid?”
I. The Lie
A program thinks it sees addresses like:
char *p = (char *)0x7fff12345000;
*p = 'K';The program believes 0x7fff12345000 is a real place.
It is not.
It is a virtual address.
The MMU translates it into a physical address, or refuses the access and creates an exception.
| Address kind | Meaning | Kim translation |
|---|---|---|
| virtual address | what software uses | propaganda map |
| physical address | location on memory bus / DRAM address space | actual province |
| page | fixed-size translation unit, commonly 4 KiB | district |
| page table | data structure describing translations | border registry |
| page fault | translation or permission failure | checkpoint incident |
Without this machinery, every process could scribble on every other process.
That is not multitasking.
That is a prison riot with pointers.
II. The Translation Path
The operating system builds page tables.
The CPU uses them.
The MMU enforces them.
flowchart LR
APP["program<br/>virtual address"]
MMU["MMU<br/>translation and permission check"]
PT["page tables<br/>owned by kernel"]
RAM["physical memory"]
FAULT["page fault<br/>if missing or forbidden"]
APP --> MMU
MMU --> PT
PT --> MMU
MMU --> RAM
MMU --> FAULT
The kernel decides policy.
The MMU enforces it at hardware speed.
This is the useful dictatorship:
software writes the law,
silicon checks every citizen.
III. Pages
Modern systems do not translate every byte individually.
They translate pages.
On x86-64, the normal page size is 4 KiB, with larger page sizes such as 2 MiB and 1 GiB available when configured.
This means a virtual address is split conceptually into:
virtual address:
[ page number ][ offset inside page ]
translation changes:
page number -> physical frame number
offset remains:
same offset inside the physical frameIf page size is 4 KiB, the bottom 12 bits are the offset.
The top bits identify which virtual page is being accessed.
The MMU changes the province name.
The house number stays the same.
IV. Permissions
The MMU does not only translate.
It also enforces permissions.
| Permission | Meaning |
|---|---|
| present | page exists in the current address space |
| writable | writes are allowed |
| user/supervisor | userland may access, or kernel-only |
| executable / NX | code execution allowed or blocked |
| accessed / dirty | hardware can record use and modification |
This is how an operating system can say:
- userland cannot write kernel memory
- code pages can be read but not written
- stack may be writable but not executable
- unmapped pages should fault
- copy-on-write pages should trap on first write
The MMU is not optional hardening.
It is the reason the kernel can host hostile processes without immediately becoming soup.
V. Page Faults
A page fault is not always a crash.
It is a message:
“The requested virtual address does not currently translate under the required permissions.”
The kernel then decides what it means.
| Situation | Kernel response |
|---|---|
| stack growth | allocate another page |
| demand paging | load data from disk |
| copy-on-write | allocate private copy |
| invalid pointer | kill the process |
| kernel bug | panic, swear, write postmortem |
user load/store
-> MMU checks page table
-> translation missing or forbidden
-> CPU raises page fault
-> kernel handler examines cause
-> fix it or execute the citizenThe page fault is the court summons.
The sentence depends on the crime.
VI. Why The MMU Matters For Security
Every isolation primitive depends on memory borders.
| Feature | MMU role |
|---|---|
| processes | separate address spaces |
| kernel/user split | privilege checks |
| W^X | prevent writable executable pages |
| ASLR | randomize virtual placement |
| copy-on-write fork | share until modified |
| sandboxing | restrict mappings and permissions |
| virtualization | nested translations |
OpenBSD pledge and unveil are policy tools.
FreeBSD jails are isolation tools.
Containers, sandboxes, browsers, hypervisors, and databases all eventually lean on the same lower truth:
memory must have borders.
The MMU is the border guard.
VII. The Cost
Translation is not free.
Walking page tables costs memory accesses. The CPU therefore uses a translation cache called the TLB, which we inspect tomorrow.
For now, know the hierarchy:
flowchart TB
VA["virtual address"]
TLB["TLB<br/>cached translation"]
WALK["page-table walk<br/>if TLB miss"]
PA["physical address"]
PF["page fault"]
VA --> TLB
TLB -->|hit| PA
TLB -->|miss| WALK
WALK -->|valid| PA
WALK -->|invalid| PF
The MMU gives the operating system power.
The TLB makes the power fast enough that users do not riot.
VIII. The Real Story (Suppressed)
Officially, MMU means Memory Management Unit.
Suppressed expansion:
Ministry of Memory Untruths.
Because the MMU’s entire job is to lie consistently.
Every process receives a private map.
Every process says:
“This address is mine.”
The MMU replies:
“Yes, citizen.”
Then it checks the page table and sends the request somewhere else entirely.
This is not deception.
This is governance.
IX. The Lesson
The MMU is where memory becomes political.
Before the MMU, memory is just addresses.
After the MMU, memory is authority:
- who may read
- who may write
- who may execute
- who exists
- who faults
- who gets killed by the kernel for lying badly
The operating system writes the border policy.
The MMU enforces it on every load, store, and instruction fetch.
Tomorrow we inspect the paperwork behind the guard:
page tables.
— Kim Jong Rails, Supreme Leader of the Republic of Derails