UNIT 2 Memory Management Unit and Segment Description and Paging Microprocessor Architecture
Syllabus 80386Dx descriptor Tables GDT, LDT, IDT, descriptor cache, Code, data and stack descriptors, system descriptors, privilege levels, Segmentation in 80386DX, comparison of segmentation with 8086, paging, TSS, Nested Tasks, Operating in Real Mode, Protected Mode, Virtual 86 mode, Virtual addressing (10 Hrs)
Segment selector A segment selector is loaded into a segment register (cs, ds, etc.) to select one of the regular segments in the system as the one addressed via that segment register. 15 3 2 1 0 Index (13 bit) TI RPL TI : table indicator 0 – GDT 1 – LDT RPL : Request privilege level 00 – highest kernel 01 10 11 – lowest user Department of Computer Engineering
Segment Descriptor Register Segment descriptors describe the memory segment referred to in the logical address. Descriptors are those objects to which the segment selectors point. These attributes include the segment 32- bit base linear address, the segment's 20-bit length and granularity, the protection level, read, write or execute privileges, the default size of the operands (16- or 32-bit), and the type of segment. Segment descriptor register This registers are not available for programmers, rather they are internally used to store the descriptor information, like attributes, limit and base addresses of segments. The six segment registers have corresponding six 73 bit descriptor registers. Each of them contains 32 bit base address,32 bit base limit and 9 bit attributes. These are automatically loaded when the corresponding segments are loaded with selectors.
Segment Descriptor Segment descriptor System LDT TSS Gate Non system Code Stack Data
System descriptor LDT descriptor Gate Descriptor Gate descriptor format
Call Gate Descriptor format TSS descriptor
GDTR and IDTR: LDTR and TR: These registers hold the 32-bit linear base address and 16-bit limit of the GDT and IDT, respectively. The GDT and IDT segments, since they are global to all tasks in the system, are defined by 32-bit linear addresses (subject to page translation if paging is enabled) and 16-bit limit values. LDTR and TR: These registers hold the 16-bit selector for the LDT descriptor and the TSS descriptor, respectively. The LDT and TSS segments, since they are task specific segments, are defined by selector values stored in the system segment registers.
Descriptor Table Descriptor tables define all the segments used in the protected mode system. The 3 types of tables are: Global Descriptor Table (GDT) Local Descriptor Table (LDT) Interrupt Descriptor Table (IDT) Segment descriptors are stored in either a Global Descriptor Table (GDT) or Local Descriptor Table (LDT). Descriptor tables define all the segments used in the protected mode system. Descriptor tables are variable-length memory arrays, with 8-byte entries that contain descriptors. In the 80386+, they range in size from 8 bytes to 64K, and each table holds up to 8192 8-byte descriptors. The upper 13 bits of a selector are used as an index into the descriptor table.
GDT The Global Descriptor Table (GDT) contains descriptors which are possibly available to all of the tasks in a system. The GDT can contain any type of segment descriptor except for descriptors which are used for servicing interrupts. Every Intel386 DX system contains a GDT. Generally the GDT contains code and data segments used by the operating systems and task state segments, and descriptors for the LDTs in a system.
LDT LDTs contain descriptors which are associated with a given task. Generally, operating systems are designed so that each task has a separate LDT. The LDT may contain only code, data, stack, task gate , and call gate descriptors. LDTs provide a mechanism for isolating a given task's code and data segments from the rest of the operating system, while the GDT descriptors for segments which are common to all tasks. A segment cannot be accessed by a task if its segment descriptor does not exist in either the current LDT or the GDT. This provides both isolation and protection for a task's segments, while still allowing global data to be shared among tasks. Unlike the 6 byte GDT or IDT registers which contain a base address and limit, the visible portion of the LDT register contains only a 16- bit selector. This selector refers to a Local Descriptor Table descriptor in the GDT.
IDT The third table needed for Intel386 DX systems is the Interrupt Descriptor Table. The IDT contains the descriptors which point to the location of up to 256 interrupt service routines. The IDT may contain only task gates, interrupt gates, and trap gates. The IDT should be at least 256 bytes in size in order to hold the descriptors for the 32 Intel Reserved Interrupts. Every interrupt used by a system must have an entry in the IDT. The IDT entries are referenced via INT instructions, external interrupt vectors, and exceptions.
IDT
Real address mode Physical address calculation in real mode
After reset, the 80386 starts from memory location FFFFFFF0H under the real address mode. In the real mode, 80386 works as a fast 8086 with 32-bit registers and data types. In real mode, the default operand size is 16 bit but 32- bit operands and addressing modes may be used with the help of override prefixes. The segment size in real mode is 64k, hence the 32-bit effective addressing must be less than 0000FFFFFH. The real mode initializes the 80386 and prepares it for protected mode.
Memory Addressing in Real Mode: In the real mode, the 80386 can address at the most 1Mbytes of physical memory using address lines A0 -A19. Paging unit is disabled in real addressing mode, and hence the real addresses are the same as the physical addresses. To form a physical memory address, appropriate segment registers contents (16-bits) are shifted left by four positions and then added to the 16-bit offset address formed using one of the addressing modes, in the same way as in the 80386 real address mode. The segment in 80386 real mode can be read, write or executed, i.e. no protection is available. Any fetch or access past the end of the segment limit generate exception 13 in real address mode. The segments in 80386 real mode may be overlapped or nonoverlapped. The interrupt vector table of 80386 has been allocated 1Kbyte space starting from 00000H to 003FFH.
Protected mode of 80386 Protected mode addressing without paging
All the capabilities of 80386 are available for utilization in its protected mode of operation. The 80386 in protected mode support all the software written for 80286 and 8086 to be executed under the control of memory management and protection abilities of 80386. The protected mode allows the use of additional instruction, addressing modes and capabilities of 80386. ADDRESSING IN PROTECTED MODE: In this mode, the contents of segment registers are used as selectors to address descriptors which contain the segment limit, base address and access rights byte of the segment. The effective address (offset) is added with segment base address to calculate linear address. This linear address is further used as physical address, if the paging unit is disabled, otherwise the paging unit converts the linear address into physical address.
The paging unit is a memory management unit enabled only in protected mode. The paging mechanism allows handling of large segments of memory in terms of pages of 4Kbyte size. The paging unit operates under the control of segmentation unit. The paging unit if enabled converts linear addresses into physical address, in protected mode.
Linear to physical address translation + + +
Paging Paging is another type of memory management useful for virtual memory multitasking operating systems. Unlike segmentation which modularizes programs and data into variable length segments, paging divides programs into multiple uniform size pages. Pages bear no direct relation to the logical structure of a program. While segment selectors can be considered the logical ``name'' of a program module or data structure, a page most corresponds to only a portion of a module or data structure. The advantage of paging scheme is that the complete segment of a task need not be in the physical memory at any time. Only a few pages of the segments, which are required currently for the execution need to be available in the physical memory. Thus the memory requirement of the task is reduced, relinquishing the available memory for other tasks.
Whenever the other pages of task are required for execution, they may be fetched from the secondary storage. The previous page which are executed, need not be available in the memory, and hence the space occupied by them may be relinquished for other tasks. Linear address format Required byte PTE PDE
Paging Unit The paging unit of 80386 uses a two level table mechanism to convert a linear address provided by segmentation unit into physical addresses. The paging unit converts the complete map of a task into pages, each of size 4K. The task is further handled in terms of its page, rather than segments. The paging unit handles every task in terms of three components namely page directory, page tables and page itself. Paging Descriptor Base Register: The control register CR2 is used to store the 32-bit linear address at which the previous page fault was detected. The CR3 is used as page directory physical base address register, to store the physical starting address of the page directory. The lower 12 bit of the CR3 are always zero to ensure the page size aligned directory. A move operation to CR3 automatically loads the page table entry caches and a task switch operation, to load CR0 suitably.
Page Directory : This is at the most 4Kbytes in size Page Directory : This is at the most 4Kbytes in size. Each directory entry is of 4 bytes, thus a total of 1024 entries are allowed in a directory. The upper 10 bits of the linear address are used as an index to the corresponding page directory entry. The page directory entries point to page tables. Page Tables: Each page table is of 4Kbytes in size and many contain a maximum of 1024 entries. The page table entries contain the starting address of the page and the statistical information about the page. Page directory entry : Page table entry: 31 12 11 9 8 6 5 4 3 2 1 Page table address User A U/ S* R/W* P 31 12 11 9 8 6 5 4 3 2 1 Page frame address User D A U/ S* R/W* P
The upper 20 bit page frame address is combined with the lower 12 bit of the linear address. The address bits A12- A21 are used to select the 1024 page table entries. The page table can be shared between the tasks. The P bit of the above entries indicate, if the entry can be used in address translation. If P=1, the entry can be used in address translation, otherwise it cannot be used. The P bit of the currently executed page is always high. The accessed bit A is set by 80386 before any access to the page. If A=1, the page is accessed, else unaccessed. The D bit ( Dirty bit) is set before a write operation to the page is carried out. The D- bit is undefined for page director entries. The OS reserved bits are defined by the operating system software. The User / Supervisor (U/S) bit and read/write bit are used to provide protection. These bits are decoded to provide protection under the 4 level protection model. The level 0 is supposed to have the highest privilege, while the level 3 is supposed to have the least privilege. This protection provide by the paging unit is transparent to the segmentation unit.
Privilege Levels Protection mechanism Memory management Programming errors such as bad or illegal address generation, call/return stack corruption Privilege protection Catches more subtle errors and malicious attempts to compromise the integrity of the system.
When running in protected mode 80386 continuously checks that the application is privileged enough to Execute certain instructions(privileged instructions) Reference data other than its own Transfer control to code other than its own Defining privilege levels Descriptor privilege level(DPL) Current privilege level(CPL) Requestor privilege level(RPL) Privilege checking Privileged instructions Those that affect the segmentation and protection mechanisms (CPL=0 only).For example, LGDT, LTR, HLT. Those that alter the Interrupt flag (CPL <= IOPL field in EFLAGS).For example, CLI, STI (Note: only DPL 0 code can modify the IOPL fields.) Those that perform peripheral I/O (CPL <= IOPL field in EFLAGS).For example, IN, OUT.
Privileged data reference Two checks are made in this case: Trying to load the DS, ES, FS or GS register with a selector whose DPL is > the DPL of the code segment descriptor generates a general protection fault. Trying to use a data descriptor that has the proper privilege level can also be illegal, e.g. trying to write to a read-only segment. Privileged code reference Transferring control to code in another segment is performed using the FAR forms of JMP, CALL and RET. These differ from intra-segment (NEAR) transfers in that they change both CS and EIP. The following checks are performed: The new selector must be a code segment (e.g. with execute attribute). CPL is set to the DPL (RPL is of no use here). The segment is present. The EIP is within the limits defined by the segment descriptor.
Changing privilege level 2 ways Conforming code segment Call gate Changing privilege levels changing stacks
Microprocessor Architecture Virtual mode of 80386 Memory management in virtual mode Microprocessor Architecture