1 / 40 Implementation of Paging in uCOS-II Ke, Dian Chia

2 / 40 Outline uCOS-II Application Model uCOS-II Application Model x86 Operating Mode x86 Operating Mode x86 Interrupt x86 Interrupt Disk I/O Disk I/O Testing Result Testing Result Q & A Q & A Appendix Appendix

3 / 40 uCOS-II Application Model (1 / 2) OS_STK TaskStk[N_TASKS][STK_SIZE]; … main(){ … OSInit(); … OSTaskCreate(task, (void *)0, &TaskStk[0][STK_SIZE - 1], 0); OSStart(); } task(){ … } OS_InitTCBList(); OS_MemInit(); … OS_TCB OSTCBTbl[] in os_core.c OSTCBStkPtr OSTCBFreeList OSTCBPrio

4 / 40 uCOS-II Application Model (2 / 2) ……… tick 1 10 TaskStart ready main starts main ends TaskStart starts tick ISR and rate set other tasks ready ………..

5 / 40 x86 Operating Mode (1 / 11) real mode real mode All start up in real mode at power-on; and earlier had only real mode. All start up in real mode at power-on; and earlier had only real mode. protected mode protected mode The foundation for all subsequent enhancements to the x86 architecture. The foundation for all subsequent enhancements to the x86 architecture. virtual 8086 mode virtual 8086 mode and later, virtual real mode, V86-mode or VM86 is whereby the CPU (in protected mode) is running an “ emulated" 16bit “ segmented ” model (real mode) machine and later, virtual real mode, V86-mode or VM86 is whereby the CPU (in protected mode) is running an “ emulated" 16bit “ segmented ” model (real mode) machine.

6 / 40 x86 Operating Mode (2 / 11) unreal mode unreal mode unreal mode, big real mode, huge real mode, or flat real mode, is a variant of real mode in which one or more data segment registers have been loaded with 32-bit addresses and limits. unreal mode, big real mode, huge real mode, or flat real mode, is a variant of real mode in which one or more data segment registers have been loaded with 32-bit addresses and limits. system management mode system management mode First released with 386SL, a mode in which all normal execution (including OS) is suspended, and special separate software (firmware or hardware-assisted debugger) is executed in high-privilege mode. First released with 386SL, a mode in which all normal execution (including OS) is suspended, and special separate software (firmware or hardware-assisted debugger) is executed in high-privilege mode. long mode long mode x86-64 x86-64

7 / 40 x86 Operating Mode (3 / 11) real mode 20 bit segmented memory address space, 2 20 = 1 MB of addressable memory 20 bit segmented memory address space, 2 20 = 1 MB of addressable memory direct software access to BIOS routines and peripheral hardware direct software access to BIOS routines and peripheral hardware no memory protection, multi-tasking or code privilege levels no memory protection, multi-tasking or code privilege levels A20 line A20 line Gate-A20 of IBM Personal Computer AT Gate-A20 of IBM Personal Computer AT

8 / 40 x86 Operating Mode (4 / 11) real mode

9 / 40 x86 Operating Mode (5 / 11) protected mode virtual memory, paging, multi-tasking, … virtual memory, paging, multi-tasking, … first released with first released with bit offset, 64KB segments 16-bit offset, 64KB segments 24-bit address bus, 16MB 24-bit address bus, 16MB only resetting to enter real mode only resetting to enter real mode extended with extended with bit offset, 4GB segments 32-bit offset, 4GB segments 32-bit address bus, 4GB 32-bit address bus, 4GB security and stability security and stability

10 / 40 x86 Operating Mode (6 / 11) protected mode entering entering GDT created with a minimum of three entries: null, code and data segment descriptor GDT created with a minimum of three entries: null, code and data segment descriptor load GDT load GDT disable interrupt disable interrupt 21st address line (A20) enabled 21st address line (A20) enabled ; set PE bit mov eax, cr0 or eax, 1 mov cr0, eax ; set PE bit mov eax, cr0 or eax, 1 mov cr0, eax ; far jump (cs = selector of code segment) ; Now we are in PM. ; far jump (cs = selector of code segment) ; Now we are in PM. exiting exiting loading segment registers with real mode values, disabling A20 line, clearing PE bit in the CR0 register loading segment registers with real mode values, disabling A20 line, clearing PE bit in the CR0 register

11 / 40 x86 Operating Mode (7 / 11) protected mode privilege levels privilege levels

12 / 40 x86 Operating Mode (8 / 11) protected mode segment addressing segment addressing

13 / 40 x86 Operating Mode (9 / 11) protected mode segment descriptor entry segment descriptor entry G = 0 G = 1 limit granularity 1 byte 4KB

14 / 40 x86 Operating Mode (10 / 11) unreal mode 64 K CS Too big object Where to put ?

15 / 40 x86 Operating Mode (11 / 11) unreal mode cli; interrupts off push ds; save segment lgdt [gdtinfo]; load gdt mov eax, cr0; switch to pmode by or al, 1; set pmode bit mov cr0, eax mov bx, 0x08; some descriptor mov ds, bx; cache set and al, 0xFE; back to real mode mov cr0, eax; by toggling bit again pop ds; get back old segment sti; interrupts on mov bx, 0x0f01; attrib/char of smiley mov eax, 0x0b8000; note 32 bit offset mov word [ds: eax], bx cached 8 Bytes

16 / 40 x86 Interrupt (1 / 4) ISR stores information about interrupts that are being serviced. IRR saves information about all interrupt requests to be serviced. IMR stores the information which interrupt request to be masked. PR resolves which interrupt request has the highest priority.

17 / 40 x86 Interrupt (2 / 4) system timer keyboard serial port 2 or 4 serial port 1 or 3 LPT port 2 or sound card floppy disk controller LPT port 1 or sound card real-time clock primary ATA channel secondary ATA channel PS/2 connector mouse

18 / 40 x86 Interrupt (3 / 4)

19 / 40 x86 Interrupt (4 / 4)

20 / 40 Disk I/O (1 / 2) PortRead/WriteMisc f0r/wdata register, the bytes are written/read here 1f1rerror register (look these values up yourself) 1f2r/wsector count, how many sectors to read/write 1f3r/wsector number, the actual sector wanted 1f4r/wcylinder low, cylinders is f5r/wcylinder high, this makes up the rest of the f6r/wdrive/head bit 7 = 1 bit 6 = 0 bit 5 = 1 bit 4 = 0drive 0 select = 1drive 1 select bit 3-0head select bits

21 / 40 PortRead/WriteMisc f7rstatus register bit 7 = 1controller is executing a command bit 6 = 1drive is ready bit 5 = 1write fault bit 4 = 1seek complete bit 3 = 1sector buffer requires servicing bit 2 = 1disk data read corrected bit 1 = 1index - set to 1 each revolution bit 0 = 1previous command ended in an error 1f7wcommand register 50hformat track 20hread sectors with retry 21hread sectors without retry 22hread long with retry 23hread long without retry 30hwrite sectors with retry 31hwrite sectors without retry 32hwrite long with retry 33hwrite long without retry

22 / 40 Testing Result (1 / 3) OS tick rate100 #tasks8 OTimeDly1 attempts range0x1000 #attempts per tick5 sw/sec902

23 / 40 Testing Result (2 / 3)

24 / 40 Testing Result (3 / 3)

25 / 40 Q & A

26 / 40 Appendix Linux Booting Involved (1 / 5) hardware RESET hardware RESET BIOS POST … BIOS POST … boot device chosen, copy MBR (512 Bytes, stage 1 LILO) into memory 0x7c00 (also check /arch/i386/boot/bootsect.S) boot device chosen, copy MBR (512 Bytes, stage 1 LILO) into memory 0x7c00 (also check /arch/i386/boot/bootsect.S) visible selector 0xf000 hidden base addr. 0xffff0000 0xffff xfff0 = 0xfffffff0 (BIOS, mapped by hardware into RAM)

27 / 40 Appendix Linux Booting Involved (2 / 5) cs: ip = 0x7c0: 0x0 = 0x7c00 cs: ip = 0x7c0: 0x0 = 0x7c00 ss = es = ds = cs, sp = 0x7c00 ss = es = ds = cs, sp = 0x7c00 MBR 512 Bytes First 512 Bytes of kernel 512 Bytes stage 2 LILO decompressed kernel 0x7c00 0x x x96a00 0x969ff 0x96c00 0x x (1 M) move jump real mode stack

28 / 40 Appendix Linux Booting Involved (3 / 5) setup() (/arch/i386/boot/setup.S) setup() (/arch/i386/boot/setup.S) reinitialize all hardware reinitialize all hardware set A20 line set A20 line switch to protected mode with a temp GDT switch to protected mode with a temp GDT cs = 0x9020  cs = a 4G code segment cs = 0x9020  cs = a 4G code segment

29 / 40 Appendix Linux Booting Involved (4 / 5) startup_32() (start of compressed image, /arch/i386/boot/compressed/he ad.S) startup_32() (start of compressed image, /arch/i386/boot/compressed/he ad.S) decompress kernel to 0x decompress kernel to 0x ljmp $(__BOOT_CS), $0x ljmp $(__BOOT_CS), $0x100000

30 / 40 Appendix Linux Booting Involved (5 / 5) startup32() (uncompressed, /arch/i386/kernel/head.S) startup32() (uncompressed, /arch/i386/kernel/head.S) initialize segment reg. initialize segment reg. fill bss segment of kernel with zeros fill bss segment of kernel with zeros set page directory into cr3, enable paging set page directory into cr3, enable paging lgdt and lidt with the final GDT lgdt and lidt with the final GDT

31 / 40 Appendix A Simple Segmentation Sample (1 / 3)

32 / 40 Appendix A Simple Segmentation Sample (2 / 3) ecx = original esp + 4 original esp espebp original esp original ebp especx esp 20 j = 0 8 k = &j 12points to

33 / 40 Appendix A Simple Segmentation Sample (3 / 3)

34 / 40 Appendix Process Address Space (1 / 6)

35 / 40 Appendix Process Address Space (2 / 6) pgd_t * pgd

36 / 40 Appendix Process Address Space (3 / 6)

37 / 40 Appendix Process Address Space (4 / 6)

38 / 40 Appendix Process Address Space (5 / 6) text 0x x80bd482 0x80be000 0x80be484 0x80bec20 0x80bf000 0x80e3000 0xb xb xb xbf xbf data 0x80c1000 0xbf8180e0 stack mmap bss

39 / 40 Appendix Process Address Space (6 / 6)

40 / 40 0x80be46c = DirTableOffset 0 0x80be46c gloInitData 0x2fe4b067 pgd at 0xeff3a080 pte at 0xefe4b2f8 0x1def0067 __USER_DS, 0x7b CR3 0xeff3a000 0x2fe4b000 0x1def0000 0x1def046c content in 0x1def046c is 0x1e