All processes share the kernel page tables starting at PAGE_OFFSET, and have their own process-specific page tables for the range 0...PAGE_OFFSET-1. Thus, the process page tables are valid in kernel mode, which simplifies user-->kernel transitions. The sharing of the kernel mapping is accomplished by copying the relevant parts of the kernel page directory when a new page directory is created for a process. Since the kernel pages occupy a privileged segment, a process running in user mode cannot access addresses >= PAGE_OFFSET; those addresses are accessible only in kernel mode. As a process runs and attempts to access user-mode memory, the kernel allocates physical pages and maps them into the process's virtual address space by making suitable modifications to the process page tables. A physical page allocated to process VM will have at least two virtual mappings: one in kernel memory at PAGE_OFFSET+physical_page_address, and one at some address less than PAGE_OFFSET in process VM. Such pages may also have additional mappings: for example, multiple processes executing the same program share the program's executable code by mapping the same physical pages in their respective page tables. (HIGHMEM pages don't have a permanent virtual kernel address, so they're exceptional in that regard.)
For each user process, the kernel maintains an mm_struct describing the process's address space. The mm_struct, in turn, maintains a list of vm_area_structs describing contiguous areas of the address space. Each vm_struct may have different methods of handling VM-related tasks such as page faults; this allows the kernel to properly handle virtual regions that are used in different ways. For example, a vm_area corresponding to a process's executable image has a fault handler that fetches the proper page from the file; whereas a vm_area corresponding to anonymous (malloc()ed) memory has a fault handler that either fetches a page from the system swap file, or else supplies a newly-allocated page if the required page doesn't exist in the swap cache or on the swap device.
 Kernel VM Allocation |  Linux MM Outline |  Swapping |
Questions and comments to Joe Knapka
The LXR links in this page were produced by lxrreplace.tcl, which is available for free.