Understanding Segmentation & Address Translation in Intel Processors, Slides of Computer Science

Download Understanding Segmentation & Address Translation in Intel Processors and more Slides Computer Science in PDF only on Docsity! 9.1: Intel Memory 1 OPERATING SYSTEMS Intel’s View of Memory Management Docsity.com 9.1: Intel Memory 2 Intel Memory Management This set of slides is designed to explain the Memory Management Architecture used by Intel Pentium processors. For these slides we will use the Intel document found at: http://www.intel.com/design/processor/manuals/253668.pdf Intel explains this document as a description of the hardware interface required by an Operating System in order to implement a Memory Management. It’s assumed that you are familiar with the normal picture of memory management as presented in Chapters 8 & 9 in this course. Docsity.com 9.1: Intel Memory 5 How Do Operating Systems Use Memory Management So I wrote a little program to probe the memory seen by a program. I ran that same program on Windows 2000, Windows XP and RedHat LINUX. I was looking at the addresses that were being used for various kinds of data/code in the program. I probed the addresses by asking for memory continually until something broke. For instance, did continual allocs until error was returned Windows XP Memory Usage Segment First Address Last Address Size Code 401000x 403000x 002000x ~ 8 Kbytes Static (Global) Data 403000x 703000x 300000x ~ 3 megabytes Heap 760000x 3A261000x 39800000x ~ 950 megabytes Stack 22EF00x 16EF00x 1C0000x ~ 2 megabyte Note these addresses grow down! The file MemoryDemo.exe is about 170Kbytes in size. Declared a 3 Meg static array!. Note: 100000x == 1 Megabyte Docsity.com 9.1: Intel Memory 6 How Do Operating Systems Use Memory Management So I wrote a little program to probe the memory seen by a program. I ran that same program on Windows 2000, Windows XP and RedHat LINUX. I was looking at the addresses that were being used for various kinds of data/code in the program. I probed the addresses by asking for memory continually until something broke. For instance, did continual allocs until error was returned LINUX Memory Usage Segment First Address Last Address Size Code 8048400x 8049900x 001500x ~ 6 Kbytes Static (Global) Data 8049A00x 8349A00 300000x ~ 3 megabytes Heap B7EE,B000x 01CE,4000x B6000000x ~ 3 gigabytes Stack BFFB,7334x 29BA,91E0x 9640,0000x ~ 2.5 gigabyte Note these addresses grow down! Declared a 3 Meg static array!. How can this sum to more than 4 gigs?? Note: 100000x == 1 Megabyte Docsity.com 9.1: Intel Memory 7 How Do Operating Systems Use Memory Management 0x08048368 <main+0>: 55 push %ebp 0x08048369 <main+1>: 89 e5 mov %esp,%ebp 0x0804836b <main+3>: 83 ec 08 sub $0x8,%esp 0x0804836e <main+6>: 83 e4 f0 and $0xfffffff0,%esp 0x08048371 <main+9>: b8 00 00 00 00 mov $0x0,%eax 0x08048376 <main+14>: 83 c0 0f add $0xf,%eax 0x08048379 <main+17>: 83 c0 0f add $0xf,%eax 0x0804837c <main+20>: c1 e8 04 shr $0x4,%eax 0x0804837f <main+23>: c1 e0 04 shl $0x4,%eax 0x08048382 <main+26>: 29 c4 sub %eax,%esp 0x08048384 <main+28>: 83 ec 0c sub $0xc,%esp 0x08048387 <main+31>: 68 c0 84 04 08 push $0x80484c0 0x0804838c <main+36>: e8 1f ff ff ff call 0x80482b0 0x08048391 <main+41>: 83 c4 10 add $0x10,%esp 0x08048394 <main+44>: e8 02 00 00 00 call 0x804839b <b> 0x08048399 <main+49>: c9 leave 0x0804839a <main+50>: c3 ret 1 void b(); 2 void c(); 3 int main( ) 4 { 5 printf( "Hello from main\n"); 6 b(); 7 } 8 // This routine reads the opcodes from memory and prints them out. 9 void b() 10 { 11 char *moving; 12 13 for ( moving = (char *)(&main); moving < (char *)(&c); moving++ ) 14 printf( "Addr = 0x%x, Value = %2x\n", (int)(moving), 255 & (int)*moving ); 15 } 16 void c() 17 { 18 } Docsity.com 9.1: Intel Memory 10 Intel Memory Management The memory management facilities of the IA-32 architecture are divided into two parts: Segmentation Segmentation provides a mechanism of isolating individual code, data, and stack modules so that multiple programs (or tasks) can run on the same processor without interfering with one another. When operating in protected mode, some form of segmentation must be used. Paging. Paging provides a mechanism for implementing a conventional demand-paged, virtual-memory system where sections of a program’s execution environment are mapped into physical memory as needed. Paging can also be used to provide isolation between multiple tasks. These two mechanisms (segmentation and paging) can be configured to support simple single program (or single-task) systems, multitasking systems, or multiple-processor systems that used shared memory. Docsity.com 9.1: Intel Memory 11 Intel Memory Management See Figure 3-1. Segmentation gives a mechanism for dividing the processor’s addressable memory space (called the linear address space) into smaller protected address spaces called segments. Segments are used to hold code, data, and stack for a program andr to hold system data structures (such as a TSS or LDT). Each program running on a processor, is assigned its own set of segments. The processor enforces the boundaries between segments and insures that one program doesn’t interfere with the execution of another . The segmentation mechanism allows typing of segments to restrict operations that can be performed. Docsity.com 9.1: Intel Memory 12 Intel Memory Management See Figure 3-1. All the segments in a system are contained in the processor’s linear address space. To locate a byte in a particular segment, a logical address (also called a far pointer) must be provided. A logical address has : 1. The segment selector – a unique identifier for a segment - provides an offset into a descriptor table (such as the global descriptor table, GDT) to a data structure called a segment descriptor. This segment descriptor specifies the size of the segment, the access rights and privilege level for the segment, the segment type, and the location of the first byte of the segment in the linear address space (called the base address of the segment). See 3.4.2 Segment Selectors” for more details. 2. The offset part of the logical address -added to the base address for the segment to locate a byte within the segment. The base address plus the offset thus forms a linear address in the processor’s linear address space. Docsity.com 9.1: Intel Memory 15 Intel Memory Management 3.2.3 Multi-Segment Model A multi-segment model (shown here) uses the full capabilities of segmentation to provide hardware enforced protection of code, data structures, and programs and tasks. • each program (or task) has its own table of segment descriptors and its own segments. • segments can be completely private to their programs or shared among programs. • Access to segments and to program environments is controlled by hardware. Access checks can be used to protect not only against referencing an address outside the limit of a segment, but also against performing disallowed operations in certain segments. • The access rights information created for segments can also be used to set up protection rings or levels. • Protection levels can be used to protect operating system procedures from unauthorized access by application programs. Docsity.com 9.1: Intel Memory 16 Intel Memory Management 3.3 PHYSICAL ADDRESS SPACE In protected mode, the IA-32 architecture provides a normal physical address space of 4 Gbytes (232 bytes). This is the address space that the processor can address on its address bus. This address space is flat (unsegmented), with addresses ranging continuously from 0 to FFFF,FFFFH. This physical address space can be mapped to read-write memory, read-only memory, and memory mapped I/O. The memory mapping facilities described in this chapter can be used to divide this physical memory up into segments and/or pages. The IA-32 architecture also supports an extension of the physical address space to 236 bytes (64 GBytes); with a maximum physical address of F,FFFF,FFFFH. This extension is invoked • Using the physical address extension (PAE) flag, located in bit 5 of control register CR4. -- Talked about later. Docsity.com 9.1: Intel Memory 17 Intel Memory Management 3.4 LOGICAL AND LINEAR ADDRESSES The processor uses two stages of address translation to arrive at a physical address: logical-address (via segments) translation and linear address space (via paging) translation. Docsity.com 9.1: Intel Memory 20 Intel Memory Management 3.4.3 Segment Registers To reduce address translation time and coding complexity, the processor provides registers for holding up to 6 segment selectors (see Figure 3-7). Each of these segment registers support a specific kind of memory reference (code, stack, or data). At least the code-segment, data-segment, and stack-segment registers must be loaded for a program to run.. The processor provides three additional data-segment registers (ES, FS, and GS), which can be used to make other data segments available to the currently executing program (or task). To access a segment, a program must get to it via a segment register. Although a system can define thousands of segments, only 6 can be available for immediate use. There are instructions available so the OS can set up segment registers. Note how the address translation actually goes through the segment register rather than through the Descriptor Table. Docsity.com 9.1: Intel Memory 21 Intel Memory Management Every segment register has a “visible” part and a “hidden” part. When a segment selector is loaded, the processor also loads the hidden part of the segment register with the base address, segment limit, and access control information from the descriptor pointed to by the segment selector. This allows the processor to translate addresses without taking extra bus cycles to read the base address and limit from the segment descriptor. In systems in which multiple processors have access to the same descriptor tables, it is the responsibility of software to reload the segment registers when the descriptor tables are modified. If this is not done, an old segment descriptor cached in a segment register might be used after its memory-resident version has been modified. Two kinds of instructions are provided for loading the segment registers: 1. Direct load instructions such as the MOV, LES, LGS, and LFS instructions explicitly reference the segment registers. 2. Implied load instructions such as the far pointer versions of the CALL, JMP, and RET instructions, the SYSENTER and SYSEXIT instructions, and the IRET, INTn, INTO and INT3 instructions. These instructions change the contents of the CS register as an incidental part of their operation. Docsity.com 9.1: Intel Memory 22 Intel Memory Management 3.5 SYSTEM DESCRIPTOR TYPES When the S (descriptor type) flag in a segment descriptor is clear, the descriptor type is a system descriptor. The processor recognizes the following types of system descriptors: • Local descriptor-table (LDT) segment descriptor. • Task-state segment (TSS) descriptor. • Call-gate descriptor. • Interrupt-gate descriptor. • Trap-gate descriptor. • Task-gate descriptor. These descriptor types fall into two categories: system-segment descriptors and gate descriptors. System-segment descriptors point to system segments (LDT and TSS segments). Gate descriptors are in themselves “gates,” which hold pointers to procedure entry points in code segments (call, interrupt, and trap gates) or which hold segment selectors for TSS’s (task gates). Table 3-2 shows the encoding of the type field for system-segment descriptors and gate descriptors. Docsity.com