Transcript IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory

IA32 Paging Scheme
Introduction to the Pentium’s
support for “virtual” memory
Two-Level Translation Scheme
PAGE
DIRECTORY
CR3
PAGE
TABLES
PAGE
FRAMES
Format of a Page-Table entry
31
PAGE-FRAME BASE ADDRESS
12 11 10 9 8 7 6 5 4 3 2 1 0
P P
AVAIL 0 0 D A C W U W P
D T
LEGEND
P = Present (1=yes, 0=no)
W = Writable (1 = yes, 0 = no)
U = User (1 = yes, 0 = no)
A = Accessed (1 = yes, 0 = no)
D = Dirty (1 = yes, 0 = no)
PWT = Page Write-Through (1=yes, 0 = no)
PCD = Page Cache-Disable (1 = yes, 0 = no)
Format of a Page-Directory entry
31
PAGE-TABLE BASE ADDRESS
12 11 10 9 8 7 6 5 4 3 2 1 0
P P
P
AVAIL 0
0 A C W U W P
S
D T
LEGEND
P = Present (1=yes, 0=no)
W = Writable (1 = yes, 0 = no)
U = User (1 = yes, 0 = no)
A = Accessed (1 = yes, 0 = no)
PS = Page-Size (0=4KB, 1 = 4MB)
PWT = Page Write-Through (1=yes, 0 = no)
PCD = Page Cache-Disable (1 = yes, 0 = no)
Why page-faults happen
•
•
•
•
•
•
•
Trying to access a virtual memory-address
Instruction-operand / instruction-address
Read-data/write-data, or fetch-instruction
Maybe page is ‘not present’
Maybe page is ‘not readable’
Maybe page is ‘not writable’
Maybe page is ‘not visible’
Page-fault examples
movl
movl
jmp
%eax, (%ebx)
(%ebx), %eax
ahead
; writable?
; readable?
; present?
Everything depends on the entries in the
current page-directory and page-tables,
and on the cpu’s Current Privilege Level
Current Privilege Level (CPL)
Layout of segment-register contents
(16 bits)
3
15
segment-selector
TI = Table-Indicator
2
1
0
T
I
RPL
RPL=Requested Privilege Level
CPL is determined by the value of RPL field in CS and SS
What does the CPU do?
• Whenever the cpu detects a page-fault, its
action depends on Current Privilege Level
• If CPL == 0 (executing in kernel mode):
1) push EFLAGS register
2) push CS register
3) push EIP register
4) push error-code
5) jump to page-fault service-routine
Alternative action in user-mode
• If CPL == 3 (executing in user mode)
the CPU will switch to its kernel-mode stack:
0)
1)
2)
3)
4)
5)
push SS and ESP
push EFLAGS
push CS
push EIP
push error-code
jump to the page-fault service-routine
Stack Frame Layout (32bit)
SS
ESP
points to the old stack’s top
EFLAGS
CS
EIP
Error Code
points to the faulting instruction
SS:ESP = the new stack’s top
When the ‘fault’ exception uses a 32-bit Interrupt-Gate (or Trap-Gate)
Page-Fault Error-Code
unused
2
1
U/S
R/W
0
P
P = Present (1=Protection fault, 0=Not-present fault)
R/W = Readable/Writable (1=Write fault, 0=Read fault)
U/S = User/Supervisor (1=User fault, 0=Supervisor fault)
CR2 = virtual address which caused the page-fault
How CPU finds new stack
•
•
•
•
•
•
Special CPU segment-register: TR
TR is the ‘Task Register’
TR holds ‘selector’ for a GDT descriptor
Descriptor is for a ‘Task State Segment’
So TR points indirectly to current TSS
TSS stores address of kernel-mode stack
Stack-switching mechanism
INTERRUPT
DESCRIPTOR
TABLE
CS
EIP
user code
SS
ESP
user stack
user-space
kernel-space
Gate descriptor
kernel
code
GLOBAL
DESCRIPTOR
TABLE
kernel
stack
IDTR
TR
GDTR
SS0
ESP0
TSS descriptor
TASK STATE
SEGMENT