Processes have valid and invalid entries on their page tables. The valid entries all point to some where "real" (e.g. a physical page, or some portion of disk in case of non-resident pages, etc). The entries that don't point anywhere are the entries that we will use when allocating a new page.
The allocation of new pages can be done in two ways: either via sbrk(), or via mmap(). If you want to increase the size of the heap (i.e. the number of valid pages), you can use sbrk().
Using mmap(), on the other hand, maps a ?le into a process' virtual address space. In the allocator you implemented, for example, you used mmap() to map memory addresses to the ?le /dev/zero. This makes it seem like you were allocating space from /dev/zero each time you called mmap(). (Remember that whenever you read something from /dev/zero, you get only zeroes for as long as you want to keep reading.) But, since /dev/zero is a read-only ?le and we usually call mmap() using the MAP PRIVATE ?ag, we follow the COW rules. When you actually try to write to the memory mmap()'d from /dev/zero, the OS intervenes and clones the corresponding page. So, instead of actually writing to /dev/zero, you end up writing to a new memory page.
Now suppose you mmap 3 pages to /dev/zero. Right after you do this, the process' page table contains three mappings to /dev/zero. These are all COW mappings to a same single page in memory, which itself maps to /dev/zero3. However, the ?rst time some of these pages is modi?ed, a new page is created, and the corresponding mapping in one of the page tables is modi?ed. Notice that we could have used mmap with any other ?le instead of /dev/zero; say, an MP3 ?le.
In this case, whenever we mmap'd, we would be actually mapping memory addresses to portions of the MP3 ?le. If we then tried to write to those areas of memory, we would be indirectly over writing the ?le! Notice, however, that we could be careful enough and used the mmap parameter MAP PRIVATE; then, we would still be able to read from the MP3 ?le, but all writings to it would be done using Copy On Write.