Understanding page tables for kernel exploitation: a hands-on qemu + gdb walkthrough

After finishing pwn.college's kernel security module I wanted to solidify what I'd learned about paging, so I built a qemu lab and wrote up a hands-on page table walk: cr3 to physical memory, PTE flag decoding, TLB, huge pages, the kernel direct map, etc. Feedback welcome!