Protected-Mode Address Translation X GB

Protected-Mode Address Translation x GB

Selector Linear Physical Segment Address Page Address CPU Oﬀset Translation Translation Logical Address 0 RAM

Logical Address Linear Address Physical Address 16 32 10 10 12 20 12 Selector Offset Dir Table Offset PPN Offset

32 20 12 20 12 1023 PPN Flags 16 8 Base Limit Flags 20 12 0 1023 GDT/LDT 1 0 Page Table PPN Flags

1 0 CR3 Page Directory

31 1112 78910 6 5 4 3 2 1 0 P Present A P C W Page table physical page number V G 0 A U W P W Writable L S D T U User PDE WT 1=Write-through, 0=Write-back CD Cache disabled A Accessed D Dirty 31 1112 78910 6 5 4 3 2 1 0 PS Page size (0=4KB, 1=4MB) A P C W Physical page number V G D A U W P PAT Page table attribute index A D T L T G Global page PTE AVL Available for system use

*+,-./-.0"1,0.)1.1,+2)13435.1.4- *+,-./-.0'1,0.%1.1,+2%13435.1.4-

interpreted as the 20 most-significant bits of the physical address, which forces pages to be aligned on 4-KByte boundaries. Linear Address 3122 2112 11 0 Directory Table Offset Page-Directory Entry (4-KByte Page Table) 31 12 11 9 8 7 6 5 4 3 2 10 12 4-KByte Page P P U R Page-Table Base Address Avail G P 0 A C W / / P S D T S W 10 10 Page Table Physical Address Page Directory Available for system programmer’s use Global page (Ignored) Page size (0 indicates 4 KBytes) Page-Table Entry 20 Reserved (set to 0) Directory Entry Accessed Cache disabled 20 Write-through 32* 1024 PDE !"1024 PTE = 2 Pages User/Supervisor CR3 (PDBR) Read/Write Present *32 bits aligned onto a 4-KByte boundary. Page-Table Entry (4-KByte Page) <':=+)%!5>$"%%&'()*+%,--+)..%/+*(.0*1'2(%345?781)%9*:).; 31 12 11 9 8 7 6 5432 1 0

P P P U R Page Base Address Avail G A D A C W / / P To select the various table entries, the linear address is divided into three sections: T D T S W • Page-directory entry — Bits 22 through 31 provide an offset to an entry in the page directory. The selected entry provides the base physical address of a page Available for system programmer’s use table. Global Page Page Table Attribute Index • Page-table entry — Bits 12 through 21 of the linear address provide an offset to Dirty an entry in the selected page table. This entry provides the base physical address Accessed of a page in physical memory. Cache Disabled Write-Through • Page offset — Bits 0 through 11 provides an offset to a physical address in the User/Supervisor page. Read/Write Present Memory management software has the option of using one page directory for all programs and tasks, one page directory for each task, or some combination of the two. !"#$%&'()*+,''!-%./0'-1'2/#&)3"%&40-%5'/67'2/#&)8/9:&';60%"&<'1-%'+)=>50&'2/#&<' /67'(?)>"0'2@5<"4/:'A77%&<<&<

!"#"$% &'()*+%,--+)..%/+*(.0*1'2(%3456781)%9*:).; (Page-directory entries for 4-KByte page tables) — Specifies the Figure 3-13 shows how a page directory can be used to map linear addresses to physical address of the first byte of a page table. The bits in this field 4-MByte pages. The entries in the page directory point to 4-MByte pages in physical are interpreted as the 20 most-significant bits of the physical address, memory. This paging method can be used to map up to 1024 pages into a 4-GByte which forces page tables to be aligned on 4-KByte boundaries. linear address space. (Page-directory entries for 4-MByte pages) — Specifies the physical address of the first byte of a 4-MByte page. Only bits 22 through 31 of this field are used (and bits 12 through 21 are reserved and must be set to 0, for IA-32 processors through the Pentium II processor). The

!"#$ %&'()! !"#$%& &'() +,-.//01-)2,3).45.1-+6,)72,38+,9 )*+,--./+%0*1%,23,/+)4*%50*16)*7

— The RSVD flag indicates that the processor detected 1s in reserved bits of the Stack Usage with No page directory, when the PSE or PAE flags in control register CR4 are set to 1. Privilege-Level Change Note: Interrupted Procedure’s and Handler’s Stack • The PSE flag is only available in recent Intel 64 and IA-32 processors including the Pentium 4, Intel Xeon, P6 family, and Pentium processors. ESP Before • The PAE flag is only available on recent Intel 64 and IA-32 processors EFLAGS Transfer to Handler including the Pentium 4, Intel Xeon, and P6 family processors. CS EIP • In earlier IA-32 processor, the bit position of the RSVD flag is reserved. Error Code ESP After — The I/D flag indicates whether the exception was caused by an instruction Transfer to Handler fetch. This flag is reserved if the processor does not support execute-disable bit or execute disable bit feature is not enabled (see Section 3.10).

Stack Usage with

Privilege-Level Change 31 4 3 2 1 0 RSVD I/D U/S W/R P Interrupted Procedure’s Handler’s Stack Stack Reserved

ESP Before Transfer to Handler SS P 0 The fault was caused by a non-present page. 1 The fault was caused by a page-level protection violation. ESP EFLAGS W/R 0 The access causing the fault was a read. CS 1 The access causing the fault was a write. EIP ESP After Error Code U/S 0 The access causing the fault originated when the processor Transfer to Handler was executing in supervisor mode. 1 The access causing the fault originated when the processor was executing in user mode. :,;6'*%!2<"%%=)3+>%?93;*%(-%@'3-9.*'9%)(%5-)*''61)%3-4%/0+*1),(-273-48,-;%A(6),-*9 RSVD 0 The fault was not caused by reserved bit violation. 1 The fault was caused by reserved bits set to 1 in a page directory.

I/D 0 The fault was not caused by an instruction fetch. To return from an exception- or interrupt-handler procedure, the handler must use 1 The fault was caused by an instruction fetch. the IRET (or IRETD) instruction. The IRET instruction is similar to the RET instruction except that it restores the saved flags into the EFLAGS register. The IOPL field of the EFLAGS register is restored only if the CPL is 0. The IF flag is changed only if the CPL is less than or equal to the IOPL. See Chapter 3, “Instruction Set Reference, A-M,” of !"#$%&'()*+'',-#&)!-$./'0%%1%'213& the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 2A, for a description of the complete operation performed by the IRET instruction. • The contents of the CR2 register. The processor loads the CR2 register with the If a stack switch occurred when calling the handler procedure, the IRET instruction 32-bit linear address that generated the exception. The page-fault handler can switches back to the interrupted procedure’s stack on the return. use this address to locate the corresponding page directory and page-table entries. Another page fault can potentially occur during execution of the page- fault handler; the handler should save the contents of the CR2 register before a !"#$"#"#%% &'()*+),(-%(.%/0+*1),(-2%3-4%5-)*''61)273-48*'%&'(+*46'*9 second page fault can occur.1 If a page fault is caused by a page-level protection The privilege-level protection for exception- and interrupt-handler procedures is 8$ /9":;<<"9<%=>?@A;%3-B%CD;E;F;9%@%>@G;%H@=#A%I<%?;A;:A;?$%)H%@%<;:"E?%>@G;%H@=#A%"::=9<%CDI#;%@E% similar to that used for ordinary procedure calls when called through a call gate (see ;@9#I;9%>@G;%H@=#A%I<%J;IEG%?;#IF;9;?K%AD;%H@=#AIEG%#IE;@9%@??9;<<%"H%AD;%<;:"E?%H@=#A%CI##%"F;9C9IA;% Section 4.8.4, “Accessing a Code Segment Through a Call Gate”). The processor does AD;%:"EA;EA<%"H%3-B%L9;>#@:IEG%AD;%>9;FI"=<%@??9;<?@A;<%A"%3-B%"::=9%;F;E%IH%AD;% >@G;%H@=#A%9;<=#A<%IE%@%?"=J#;%H@=#A%"9%"::=9<%?=9IEG%AD;%?;#IF;9N%"H%@%?"=J#;%H@=#A$

!"#$ %&'()* !"#$%& '('' JOS Virtual Memory Map

4 Gig Memory-mapped I/O 32 MB IOMEMBASE

Remapped physical memory RW/-- 224 MB

KERNBASE f0000000 TIEPTSIZE PTSIZE

Invalid memory --/--

CPU 0 kernel stack RW/-- KSTKSIZE KSTACKTOP efc00000 KSTKGAP Invalid memory PTSIZE --/-- CPU 1 kernel stack RW/-- Invalid memory --/-- CPU 2 kernel stack RW/-- ULIM ef800000 Invalid memory --/--

Cur. page table (User R-) R-/R-

UVPT ef400000

PAGES (User R-) R-/R-

UPAGES ef000000 PTSIZEPTSIZE

ENVS (User R-) R-/R- UTOP eec00000

UENVS PGSIZE PGSIZE UXSTACKTOP eec00000 User exception stack RW/RW Program data & heap RW/RW eebﬀ000 Empty memory --/-- USTACKTOP eebfe000 UTEXT 00800000 Normal user stack RW/RW PTSIZE eebfd000 Empty memory --/--

UTEMP 00400000

Empty memory PTSIZE User STAB data (optional) USTABDATA 00200000 Empty memory 0 00000000 31 22 18192021 14151617 10111213 56789 01234 I V V I A V R N O O D I T S Z A P C EFLAGS I I 0 0 0 1 D V M F T P F F F F F F F F F P F L

Status flags Control flags RF Resume flag CF Carry flag DF Direction flag VM Virtual-8086 mode PF Parity flag System flags AC Alignment check AF Auxiliary carry flag TF Trap flag VIF Virtual intr. flag ZF Zero flag IF Interrupt enable flag VIP Virtual intr. pending SF Sign flag IOPL I/O privilege level ID ID flag OF Overflow flag NT Nested task

28293031 19 15161718 56 01234

P C N A W N E T E M P CR0 G D W M P E T S M P E

PE Protection enabled ET Extension type NW Not write-through MP Monitor coprocessor NE Numeric error CD Cache disable EM Emulation WP Write protect PG Paging TS Task switched AM Alignment mask

31 0

CR2 Page fault virtual address

31 1112 5 0234

P P CR3 Page-Directory-Table Base Address C W D T

PWT Page-level writes transparent PCT Page-level cache disable

31 1011 56789 01234 O O P P M P P T P V S S D CR4 C G C A S S V M X F E E E E E E D I E M X

VME Virtual-8086 mode extensions MCE Machine check enable PVI Protected-mode virtual interrupts PGE Page-global enable TSD Time stamp disable PCE Performance counter enable DE Debugging extensions OSFXSR OS FXSAVE/FXRSTOR support PSE Page size extensions OSXMM- OS unmasked exception support PAE Physical-address extension EXCPT

15 0123

R CS/DS/ES T TI Table index (0=GDT, 1=LDT) Selector index P I FS/GS/SS L RPL Requester privilege level