Paging – Virtual to Physical address translation

转自:http://blog.nandaka.io/paging-virtual-to-physical-address-translation/

I will start by recalling the first part of the address translation ‘Segmentation‘ which we have already covered. This post will expand further on

Paging Mechanism for translating the virtual address to physical address.





On x86 architecture, enabling paging is easy task. All we need to do is turn on the
paging bit. Paging bit is the 31st bit of
CR0 CPU register. You can use ‘r’ command to print the content of CR0 register in WinDbg to dump it content:
kd> r cr0
cr0=8001003b >> 10000000 00000001 00000000 00111011Before we enable paging, we need to initialize a couple of
tables first. In
Paging Introduction we learnt how paging mechanism helps translating the virtual address to physical address. On x86 processor, paging mechanism of Memory Management Unit(MMU) maps the memory through a series of tables.

Page Directory Table

Page Table

I will currently keep the discussion to non-PAE mode only and will cover
PAE separately to keep things simple to understand.

A Page by default is a 4K(2^12) size block of memory. Although, it could be of higher size but we will stick to the default page size during our discussion.

We already know that virtual address space is 4GB and if we map this virtual address space to Pages, we get around
2^32/2^12 = 2^20 Pages. We store the information for 2^20 pages in above mentioned tables.

2^20 pages are mapped in two levels of tables(for non-PAE). Both the tables above contain
1024 Entries with each entry size of
4 bytes size i.e. 1024*4 = 4096 (4K or 1 Page). So each table takes 1 page of memory.





Each Table entry(Page Directory Entry and
Page Table Entry) can be visualized in two parts as shown below:
Physical Address
Access
Bit 12 to 31(20 bits) of each Page Directory Entry( PDE – 4 byte) in Page Directory Table represents the
Physical Address of the base of a Page Table.

Bit 12 to 31(20 bits) of each Page Table Entry( PTE – 4 byte) in Page Table represents the
Physical Address of the base of a Page.

Access fields of PDE and PTE are mostly similar. Table below explains the meaning and usage of bits. NX bit is available in 64 bit

PTE only(PAE Mode on x86 or x64 bit machine) and WSI is available in 64 bit PTE in 64 bit system. I will discuss these in upcoming blogs.

 



 



If you just consider the 20 bits in
PTE in Page Table, you can call it
Page Frame Number(PFN). Append
PFN with remaining 12 bits, it would become the base address of the page represented by
PFN. 





Access bits defines the page protection and other settings per page. We will get into the details of it while exploring the PFNDatabase via WinDbg.

PFN Database: Page Frame Number(PFN) Database is the list that represents the physical pages in the memory.

Going back a bit, we know that 4GB virtual address space will be mapped into 2^20 pages. Each page is represented by a Page Table Entry(PTE) or carries a PFN. Each PTE is 4 bytes in size so your Page Tables would take around 2^20 * 4 = 4,194,304 (4MB) of
space. Don’t forget one page 1024 PDEs in addition.

Let’s take a step further in address translation and then we will put the whole thing together.

On x86 architecture, a virtual address is interpreted in 3 separate components:

Page Directory Index (10 bits)  – Can address 2^10(1024) entries
Page Table Index (10 bits) – can address 2^10(1024) entries
Byte Index (12 bits) – can address 2^12(4096) entries. i.e. all the bytes in a 4K page





Here is how the address translation works on non-PAE 32 bit machine:





Image taken from the book Windows Internals by M Russinovich, D A Solomon, A Ionescu.

So before enabling the paging we need to make sure we have our page tables setup done and CR3 CPU register is loaded with Page Directory physical address i.e. the base of the Page Directory.

 

mov eax, PageDirectoryBase
mov cr3, eax
mov eax, cr0
or eax, 0x80000000  ;Enable paging by turning on 31st bit of CR0 CPU Register
mov cr0, eax

During address translation:
CR3 register contains the
physical address of Page Directory Base of
PDT.

Bit 22 to 31 of the virtual address represent an index to
PDE in PDT.
PDE uniquely selects a Page Table(PT)
and points to the base(Physical Address) of PT.
Bit 12 to 21 of the virtual address represent an index to
PTE in selected PT.
PTE in the selected PT represents a page in physical memory and
points to the base address of the start of the physical page.

Bit 0 to 11 represent
byte index in the selects
physical page.

Base address of the
physical page and byte index
together uniquely locate an address(desired byte) in physical memory.

 
In the next article we will look into PAE mode which is by default enabled and will see address translation in practice via WinDbg