Commit charge for pagefile-backed sections

NTDEV
1

Hi,
from Windows Internals 6th ed and Mark Russinovich Pushing-the-limits-of-windows-virtual-memory pagefile-backed sections count toward the system commit limit. From my understanding memory subsystem creates a VAD entry upon a view of a section object is mapped inside a process’s virtual address space. This holds regardless the type of section object’s backing store: either a “normal” disk file or (one of) the system pagefiles.

The following output of !vm shows a (total) commit charge that take in account also the committed memory for pagefile-backed sections.

On the other hand the VAD entry for a (mapped) pagefile-backed section for a running instance of notepad.exe does not show any committed memory.

Is that an expected result ? Thanks.

lkd> !vm

*** Virtual Memory Usage ***
	Physical Memory:     1048444 (   4193776 Kb)
	Page File: \??\C:\pagefile.sys
	  Current:   4193776 Kb  Free Space:   3808868 Kb
	  Minimum:   4193776 Kb  Maximum:     12581328 Kb
Unimplemented error for MiSystemVaTypeCount
	Available Pages:      900557 (   3602228 Kb)
	ResAvail Pages:      1004249 (   4016996 Kb)
	Locked IO Pages:           0 (         0 Kb)
	Free System PTEs:   33555786 ( 134223144 Kb)
	Modified Pages:         1269 (      5076 Kb)
	Modified PF Pages:      1268 (      5072 Kb)
	NonPagedPool Usage: 84640248 ( 338560992 Kb)
	NonPagedPoolNx Usage:  13802 (     55208 Kb)
	NonPagedPool Max:     775672 (   3102688 Kb)
	********** Excessive NonPaged Pool Usage *****
	PagedPool 0 Usage:     28220 (    112880 Kb)
	PagedPool 1 Usage:      5644 (     22576 Kb)
	PagedPool 2 Usage:      3070 (     12280 Kb)
	PagedPool 3 Usage:      3090 (     12360 Kb)
	PagedPool 4 Usage:      3083 (     12332 Kb)
	PagedPool Usage:       43107 (    172428 Kb)
	PagedPool Maximum:  33554432 ( 134217728 Kb)
	Session Commit:         7908 (     31632 Kb)
	Shared Commit:         20752 (     83008 Kb)
	Special Pool:              0 (         0 Kb)
	Shared Process:         4364 (     17456 Kb)
	PagedPool Commit:      43160 (    172640 Kb)
	Driver Commit:          2813 (     11252 Kb)
	Committed pages:      227962 (    911848 Kb)  <-----------
	Commit limit:        2096424 (   8385696 Kb)

	Total Private:        110272 (    441088 Kb)
         0348 svchost.exe      26139 (    104556 Kb)
         0a80 svchost.exe      16825 (     67300 Kb)
         06ac explorer.exe     12768 (     51072 Kb)
         0130 svchost.exe       7334 (     29336 Kb)
         07c4 windbg.exe        6968 (     27872 Kb)
         0964 SearchIndexer.    6494 (     25976 Kb)
         0374 svchost.exe       5498 (     21992 Kb)
         0420 svchost.exe       3328 (     13312 Kb)
         02c4 svchost.exe       3099 (     12396 Kb)
         02e8 LogonUI.exe       2743 (     10972 Kb)
         0404 spoolsv.exe       1583 (      6332 Kb)
         03d8 svchost.exe       1511 (      6044 Kb)
         049c svchost.exe       1417 (      5668 Kb)
         01d8 lsass.exe         1283 (      5132 Kb)
         0194 services.exe      1074 (      4296 Kb)
         046c svchost.exe        991 (      3964 Kb)
         09d4 wmpnetwk.exe       981 (      3924 Kb)
         0294 svchost.exe        976 (      3904 Kb)
         0244 svchost.exe        974 (      3896 Kb)
         0908 taskhost.exe       906 (      3624 Kb)
         0798 csrss.exe          882 (      3528 Kb)
         0758 taskhost.exe       785 (      3140 Kb)
         08dc jusched.exe        757 (      3028 Kb)
         01e0 lsm.exe            750 (      3000 Kb)
         07b0 winlogon.exe       709 (      2836 Kb)
         01ac winlogon.exe       701 (      2804 Kb)
         0210 rdpclip.exe        528 (      2112 Kb)
         012c csrss.exe          521 (      2084 Kb)
         0154 wininit.exe        414 (      1656 Kb)
         0168 csrss.exe          412 (      1648 Kb)
         04f0 dwm.exe            402 (      1608 Kb)
         0cb8 notepad.exe        371 (      1484 Kb)  <-----------
         00e0 smss.exe           114 (       456 Kb)
         0004 System              34 (       136 Kb)
         0fd8 firefox.exe          0 (         0 Kb)
lkd> !process 0 1 notepad.exe
PROCESS fffffa80049d5160
    SessionId: 2  Cid: 0cb8    Peb: 7fffffdd000  ParentCid: 06ac
    DirBase: 11ac34000  ObjectTable: fffff8a00181f5e0  HandleCount:  59.
    Image: notepad.exe
    VadRoot fffffa8004335990 Vads 58 Clone 0 Private 307. Modified 371. Locked 0.
    DeviceMap fffff8a000d9d160
    Token                             fffff8a007d59a30
    ElapsedTime                       13 Days 16:58:23.719
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (159, 50, 345) (636KB, 200KB, 1380KB)
    PeakWorkingSetSize                1449
    VirtualSize                       77 Mb
    PeakVirtualSize                   77 Mb
    PageFaultCount                    1829
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      371   <-----------

lkd> .process /P fffffa80049d5160
Implicit process is now fffffa80`049d5160
lkd> !vad fffffa8004335990
VAD             level      start      end    commit
fffffa80040e1170 ( 6)         10       1f         0 Mapped       READWRITE          Pagefile-backed section
fffffa8004457160 ( 5)         20       26         0 Mapped       READONLY           Pagefile-backed section
fffffa80043a1e30 ( 6)         30       33         0 Mapped       READONLY           Pagefile-backed section
fffffa80046353b0 ( 4)         40       41         0 Mapped       READONLY           Pagefile-backed section
fffffa8004411510 ( 5)         50       50         1 Private      READWRITE         
fffffa800657cdb0 ( 3)         60       c6         0 Mapped       READONLY           \Windows\System32\locale.nls
fffffa80044b8110 ( 6)         d0       d1         0 Mapped       READWRITE          Pagefile-backed section
fffffa800669fa70 ( 5)         e0       e0         1 Private      READWRITE         
fffffa800633df70 ( 6)         f0       f0         1 Private      READWRITE         
<snip>  
fffffa80049c6650 ( 3)       23a0     241f        31 Private      READWRITE         
fffffa8003f56910 ( 5)       2420     26ee         0 Mapped       READONLY           \Windows\Globalization\Sorting\SortDefault.nls
fffffa80066065b0 ( 4)       2890     290f         2 Private      READWRITE         
fffffa80045e4010 ( 5)       2910     2cdd         0 Mapped       READONLY           Pagefile-backed section
fffffa80049eb9c0 ( 6)       2ce0     362f         0 Mapped       READONLY           \Windows\Fonts\StaticCache.dat
fffffa8004b996a0 ( 2)      77a60    77b59         3 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\user32.dll
fffffa80049026b0 ( 4)      77b60    77c7e         4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\kernel32.dll
fffffa8004a4a530 ( 3)      77c80    77e29        14 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\ntdll.dll
fffffa8004b391f0 ( 5)      7efe0    7f0df         0 Mapped       READONLY           Pagefile-backed section
fffffa8004ba3720 ( 4)      7f0e0    7ffdf         0 Private      READONLY          
fffffa8004335990 ( 0)      7ffe0    7ffef        -1 Private      READONLY          
fffffa80044ce960 ( 5)      ffee0    fff14         4 Mapped  Exe  EXECUTE_WRITECOPY  \Windows\System32\notepad.exe
<snip>    

Total VADs:    58  average level:    5  maximum depth: 6
lkd> !vad fffffa80040e1170 1

VAD @ fffffa80040e1170
  Start VPN                   10  End VPN               1f  Control Area  fffffa8004a2d330
  FirstProtoPte fffff8a0035b7948  LastPte fffff8a0035b79c0  Commit Charge                0 (0.)
  Secured.Flink                0  Blink                  0  Banked/Extend                0
  File Offset                  0  
      ViewUnmap READWRITE         

ControlArea  @ fffffa8004a2d330
  Segment      fffff8a0035b7900  Flink      0000000000000000  Blink        0000000000000000
  Section Ref                 1  Pfn Ref                   0  Mapped Views                2
  User Ref                    3  WaitForDel                0  Flush Count                 0
  File Object  0000000000000000  ModWriteCount             0  System Views                0
  WritableRefs                0  
  Flags (2000) Commit 

      Pagefile-backed section

Segment @ fffff8a0035b7900
  ControlArea     fffffa8004a2d330  ExtendInfo    0000000000000000
  Total Ptes                    10
  Segment Size               10000  Committed                   10
  CreatingProcess fffffa80049d5160  FirstMappedVa            10000
  ProtoPtes       fffff8a0035b7948
  Flags (80000) ProtectionMask 

Subsection 1 @ fffffa8004a2d3b0
  ControlArea  fffffa8004a2d330  Starting Sector        0  Number Of Sectors    0
  Base Pte     fffff8a0035b7948  Ptes In Subsect       10  Unused Ptes          0
  Flags
2

Any comment ? Thanks.

3

What do you believe you’ve shown there? You did not dump the VAD for “notepad.exe”, if that’s what you were trying to show.

4

@Tim_Roberts said:
What do you believe you’ve shown there? You did not dump the VAD for “notepad.exe”, if that’s what you were trying to show.

No that wasn’t my point. I dumped the VAD entry for the first pagefile backed section’s VA range for the process running notepad executable. It seems the commit charge value is always zero for pagefile backed sections even though the (total) system commit limit is charged for their sizes.

5

Maybe the point is that every section object, regardless of its backing store (disk file backed vs pagefile backed) is always Shareable memory (even though at any given time it may or may not actually be shared).

Shareable memory is always PPTE-based (Prototype PTE - based) not associated with a specific process. Therefore there is no commit charge associated with a process even for a pagefile-backed section mapped from it.

lkd> !pte 10000
                                           VA 0000000000010000
PXE at FFFFF6FB7DBED000    PPE at FFFFF6FB7DA00000    PDE at FFFFF6FB40000000    PTE at FFFFF68000000080
contains 00B000003B858867  contains 00F000010605B867  contains 012000010825C867  contains 85A0000110180847
pfn 3b858     ---DA--UWEV  pfn 10605b    ---DA--UWEV  pfn 10825c    ---DA--UWEV  pfn 110180    ---D---UW-V

lkd> !pfn 110180
    PFN 00110180 at address FFFFFA8003304800
    flink       0000005A  blink / share count 00000001  pteaddress FFFFF8A0035B7948
    reference count 0001    used entry count  0000      Cached    color 0   Priority 5
    restore pte 00000080  containing page        0437F5  Active      P      
      Shared      <-----------
lkd> !pte FFFFF8A0035B7948 1  <-------------
                                           VA fffff8a0035b7948
PXE at FFFFF8A0035B7948    PPE at FFFFF8A0035B7948    PDE at FFFFF8A0035B7948    PTE at FFFFF8A0035B7948
contains 8000000110180921  contains 8000000110180921  contains 8000000110180921  contains 8000000110180921
pfn 110180    -G--A--KR-V  pfn 110180    -G--A--KR-V  pfn 110180    -G--A--KR-V  pfn 110180    -G--A--KR-V

I’m not sure what happens when the pagefile-backed section object is mapped from a process as WRITECOPY. Is there an amount of commit charge associated with the process for it ?

6

Nobody?

7

Nobody?

I doubt it. This is a very obscure implementation detail that has no practical impact on programming.

8

If the section is backed up by the page file (or otherwise but using CoW mapping) system commit IS charged

9

@nycem said:
If the section is backed up by the page file (or otherwise but using CoW mapping) system commit IS charged

Yes sure, but only at system commit level. The point I was making is that the process mapping the pagefile-backed section is _not _ ‘commit charged’ as well.