IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory
IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory.
Dec 19, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IA32 Paging Scheme
Introduction to the Intel x86’s support for “virtual” memory
What is ‘paging’?
• It’s a scheme for dynamically remapping addresses for fixed-size memory-blocks
Virtual address-spacePhysical address-space
What’s ‘paging’ good for?
• For efficient ‘time-sharing’ among multiple tasks, an operating system needs to have several programs residing in main memory at the same time
• To accomplish this using actual physical memory-addressing would require doing address-relocation calculations each time a program was loaded (to avoid conflicting with any addresses already being used)
Why use ‘Paging’?
• Use of ‘paging’ allows ‘relocations’ to be done just once (by the linker), and every program can ‘reuse’ the same addresses
Task #1
Task #2
Task #3
physical memory
How to enable paging
PG
CD
NW
AM
WP
NE
ET
TS
EM
MP
PE
Control Register CR0
‘Protected-Mode’ must be enabled (PE=1)
Then ‘Paging’ can be enabled (set PG=1)
# Here is how you can enable paging (if CPU is in protected-mode)mov %cr0, %eax # get current machine status bts $31, %eax # turn on the PE-bit’s imagemov %eax, %cr0 # put modified status in CR0jmp . + 2 # now flush the prefetch queue
# but you had better prepare the ‘mapping’ beforehand!
31 0
Several ‘paging’ schemes
• Intel’s design for ‘paging’ has continued to evolve since its introduction in 80386 CPU
• Our Core-2 Quad CPUs support the initial ‘paging’ design (plus several extensions)
• Here we shall describe the initial design (it’s simplest and it remains the ‘default’)
• It is based on subdividing the entire 4GB physical address-space into 4-KB blocks
Terminology
• The 4KB memory-blocks are called ‘page frames’ -- and they are non-overlapping
• Therefore each page-frame begins at a memory-address which is a multiple of 4K
• Remember: 4K = 4 x 1024 = 4096 = 212
• So the address of any page-frame will have its lowest 12-bits equal to zeros
• Example: page six begins at 0x00006000
Control Register CR3
• Register CR3 is used by the CPU to find the paging-tables in memory which define its ‘virtual-to-physical’ address-translation
• Specifically, CR3 points to a page-frame, called the Page Directory, which contains addresses of frames called Page Tables
• An address in CR3 must be ‘page aligned’
Physical Address of the Page-Directory31 0
CR3 =
Two-Level Translation Scheme
PAGEDIRECTORY
CR3
PAGETABLES
PAGEFRAMES
Page-Directory
• The Page-Directory occupies one frame, so it has room for 1024 4-byte entries
• Each page-directory entry can contain a pointer to a further data-structure, called a Page-Table (also page-aligned 4KB size)
• Each Page-Table occupies one frame and has enough room for 1024 4-byte entries
• Page-Table entries can contain pointers
Address-translation
• The CPU examines any virtual address it encounters, subdividing it into three fields
offset into page-frame
index intopage-directory
index into page-table
31 22 21 12 11 0
10-bits 10-bits 12-bits
This field selects one of the 1024 array-entries inthe Page-Directory
This field selects one of the 1024 array-entries in that Page-Table
This field provides the offset to one of the 4096 bytes in that Page-Frame
Identity-mapping
• When the CPU first turns on the ‘paging’ capability, it must be executing code from an ‘identity-mapped’ page (or it crashes!)
code code
physical memory
‘virtual’ memory
identity-mapping
Additional mappings
• Besides having at least one page that is ‘identity-mapped’ (for turning ‘paging’ on), there can be multiple other mappings
code code
physical memory
‘virtual’ memory
identity-mapping
data
data
datadata
Demo program
• We wrote a very simple demo-program showing how to create a Page-Directory and a Page-Table for an identity-mapping of the page-frame that contains program-code, plus a non-identity mapping for the initial page of the video display memory
• This demo is named ‘vrampage.s’ (you can find it on our CS 630 course website)
Demo’s page-mapping
program arena
video memory
unused
unused
unused
CR3
page-directory one page-table
Our ‘vrampage.s’ demo-program uses only four page-frames of physical memory (16K) 1) the program’s arena (at 0x00010000) 2) the page-directory (at 0x00011000) 3) only one page-table (at 0x00012000) 4) one page of vram (at 0x000B8000)
Virtual-to-Physical
physical address-space
‘virtual’ address-space
code and data
video memory
page-table
video memory
code and data0x00010000 0x00010000
0x000B8000
0x00000000
page-directory
The demo’s table-entries
• Our page-directory uses only one entry:
• And our page-table uses only two entries:
0x00011 003 pgdir[0x000]:
0x000B8 003 pgtbl[0x000]:
0x00010 003 pgtbl[0x010]: identity-mapping
The segment descriptors
• Our demo’s GDT uses three descriptors:
0x0000009A010000FFFF
‘executable’ segment at virtual-address 0x00010000
0x00000092010000FFFF
‘writable’ segment at virtual-address 0x00010000
0x00000092000000FFFF
‘writable’ segment at virtual-address 0x00000000
Page-Level ‘protection’
• Each entry in a Page-Table can assign a collection of ‘attributes’ to the Page-Frame it points to; for example:– The P-bit (page is ‘present’) can be used by
an operating system to implement “demand paging” and “memory-mapping” of disk-files
– The W/R-bit can be used to mark a page as either ‘Writable’ (=1) or as ‘Read-Only’ (=0)
– The U/S-bit can be used to mark a page as ‘User-accessible’ or as ‘Supervisor-only’
Format of a Page-Table entry
PAGE-FRAME BASE ADDRESS PWUPWT
PCD
AD00
31 12 11 10 9 8 7 6 5 4 3 2 1 0
AVAIL
LEGEND P = Present (1=yes, 0=no) W = Writable (1 = yes, 0 = no) U = User (1 = yes, 0 = no) A = Accessed (1 = yes, 0 = no) D = Dirty (1 = yes, 0 = no)
PWT = Page Write-Through (1=yes, 0 = no)PCD = Page Cache-Disable (1 = yes, 0 = no)
Format of a Page-Directory entry
PAGE-TABLE BASE ADDRESS PWUPWT
PCD
A0PS
0
31 12 11 10 9 8 7 6 5 4 3 2 1 0
AVAIL
LEGEND P = Present (1=yes, 0=no) W = Writable (1 = yes, 0 = no) U = User (1 = yes, 0 = no) A = Accessed (1 = yes, 0 = no)
PWT = Page Write-Through (1=yes, 0 = no)PCD = Page Cache-Disable (1 = yes, 0 = no)
PS = Page-Size (0=4KB, 1 = 4MB)
NOTE: The PS-bit is only meaningful when the PSE-bit in register CR4 is set
Violations
• When a task violates the page-attributes of any Page-Frame, the CPU will generate a ‘Page-Fault’ Exception (interrupt 0x0E)
• Then the operating system’s page-fault exception-handler gets control and can take whatever action it deems is suitable
• The CPU will provide help to the OS in determining why a Page-Fault occurred
The Error-Code format
• The CPU will push an Error-Code onto the operating system’s stack
PW/R
U/ S
reserved (=0)
3 2 1 0
Legend: P (Present): 0=attempted access was to a ‘not-present’ page W/R (Write/Read): 1=attempted to write to a ‘read-only’ page U/S (User/Supervisor): 1=user attempted access to a ‘supervisor’ page
NOTE: ‘User’ means that CPL = 3; ‘Supervisor’ means that CPL = 0, 1, or 2
Control Register CR2
• Whenever a ‘Page-Fault’ is encountered, the CPU will save the virtual-address that caused that fault into the CR2 register– If the CPU was trying to modify the value of an
operand in a ‘read-only’ page, then that operand’s virtual address is written into CR2
– If the CPU was trying to read the value of an operand in a supervisor-only page (or was trying to fetch-and-execute an instruction) while CPL=3, the relevant virtual address will be written into CR2
CR3 and Task-Switchinglink
esp0ss0
esp1ss1
esp2ss2
PTDBEIP
ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0ss0 ss0
ESCSSSDSFSGS
LDTRIOMAP TRAP
EFLAGSEAXECXEDXEBXESPEBPESIEDI
I/O permission bitmap
= field is ‘static’
= field is ‘volatile’
= field is ‘reserved’
04812162024283236404448525660646872768084889296100
26 longwords
32-bits
Page-Table Directory Base
This value will get loaded into register CR3 as part of the context-switching mechanism when paging has been enabled (PG=1)
So the ‘incoming task’ will automatically have its own individual mapping of its ‘virtual’ address-space to page-frames in the CPU’s ‘physical’ address-space
Extensions to ‘paging’ scheme
• The Core-2 Quad CPU provides several enhancements to the original 386 paging
• These enhancements are ‘optional’ and must be selectively enabled by software
• Control Register CR4 implements bits to “turn on” the desired ‘paging-extension’ and some other enhancements that are unrelated to the ‘paging’ architectures
Control Register CR4
VMXE
PCE
PGE
MCE
PAE
PSE
DE
TSD
PVI
VME
31 13 10 9 8 7 6 5 4 3 2 1 0
Legend (for paging-related extensions):
PSE = Page-Size Extension is enabled (1 = yes, 0 = no) PAE = Page-Address Extension is enabled (1 = yes, 0 = no) PGE = Page-Global Extension is enabled (1 = yes, 0 = no)
What about efficiency?
• When paging is enabled, every reference to memory requires the CPU to ‘translate’ the virtual-address into a physical-address
• That ‘translation’ is based on table-lookups
• These lookups must be done ‘sequentially’
• So ‘address-translation’ could be costly in terms of CPU speed – a high percentage of instructions typically refer to memory
The ‘TLB’ solution
• When the CPU has performed the table lookups that map a virtual-address to a physical-address, it “remembers” that relationship by saving the pair of page-addresses (virtual-page physical page) in a special CPU cache known as the TLB (“Translation Look-aside Buffer”)
• Subsequent references to this same page can be resolved quickly -- via that cache!
4-way set-associative
• The TLB is implemented as a ‘4-way set-associative’ cache -- it’s like a parallelized version of a Hash Table (with ‘evictions’)
• Due to the ‘locality of reference’ principle, the TLB concept generally works well in most common programming contexts as an efficient ‘speedup’ of the page-address table-lookup translation-mechanism
• Modifying CR3 invalidates the TLB cache
Related Documents
