Presentation is loading. Please wait.

Presentation is loading. Please wait.

Venturing into 64-bit mode Examining the steps needed to take the processor into IA-32e mode -- and then back out again.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Venturing into 64-bit mode Examining the steps needed to take the processor into IA-32e mode -- and then back out again."— Presentation transcript:

1 Venturing into 64-bit mode Examining the steps needed to take the processor into IA-32e mode -- and then back out again

2 Two-Level Translation Scheme PAGE DIRECTORY CR3 PAGE TABLES PAGE FRAMES

3 Four-Level Translation Scheme CR3 PAGE FRAMES PAGE TABLES PAGE DIRECTORIES PAGE DIRECTORY POINTER TABLES PAGE MAP LEVEL 4 TABLES

4 2-level address-translation The CPU examines any virtual address it encounters, subdividing it into three fields offset into page-frame index into page-directory index into page-table 31 22 21 12 11 0 10-bits 12-bits This field selects one of the 1024 array-entries in the Page-Directory This field selects one of the 1024 array-entries in that Page-Table This field provides the offset to one of the 4096 bytes in that Page-Frame

5 4-level address-translation The CPU examines any virtual address it encounters, subdividing it into five fields offset into page-frame index into page-table 63 48 47 39 38 30 29 21 20 12 11 0 16-bits9-bits12-bits index into page- directory index into page- directory pointer table index into level 4 page-map table 9-bits sign- extension Any 48-bit virtual-address is sign-extended to a 64-bit “canonical” address Only “canonical” 64-bit virtual-addresses are legal in 64-bit mode

6 Format of a Page-Directory entry PAGE-TABLE BASE ADDRESSPWU PWTPWT PCDPCD A0 PSPS 0 3112 11 10 9 8 7 6 5 4 3 2 1 0 AVAIL LEGEND P = Present (1=yes, 0=no) W = Writable (1 = yes, 0 = no) U = User (1 = yes, 0 = no) A = Accessed (1 = yes, 0 = no) PWT = Page Write-Through (1=yes, 0 = no) PCD = Page Cache-Disable (1 = yes, 0 = no) PS = Page-Size (0=4KB, 1 = 4MB)

7 Reserved (must be 0) Format of 64-bit table-entries 63 62 52 51 40 39 32 31 12 11 9 8 7 6 5 4 3 2 1 0 Page-frame physical base-address[31..12] Page-frame physical base-address [39..32] EXBEXB PWU PWTPWT PCDPCD A avl Meaning of these bits varies with the table Legend: P = Present (1=yes, 0=no)PWT = Page Cache Disable (1=yes, 0=no) W = Writable (1=yes, 0=no)PWT = Page Write-Through (1=yes, 0=no) U = User-page (1=yes, 0=no) avl = available for user-defined purposes A = Accessed (1=yes, 0=no) EXB = Execution-disabled Bit (if EFER.NXE=1)

8 Extended Feature Enable Register This Model-Specific Register (MSR) was introduced in the AMD64 architecture and perpetuated by EM64T (for compatibility) SCESCE LMELME LMALMA NXENXE 63 11 10 8 0 Legend: SCE = SysCall/sysret is Enabled (1=yes, 0=no) LME = Long-Mode is Enabled (1=yes, 0=no) LMA = Long-Mode is Active (1=yes, 0=no) NXE = Non-eXecutable pages Enabled (1=yes, 0=no) NOTE: The MSR address-index for EFER = 0xC0000080, and this register is accessed using RDMSR or WRMSR instructions

9 RDMSR and WRMSR An assembly language code-fragment to turn on the LME-bit (‘Long-Mode’ Enable): # Each Model-Specific Register (MSR) is 64-bits wide and has a unique # 32-bit address-index which is first placed into register ECX. Then the # least-significant 32-bits of that MSR is accessed using register EAX, # while the most-significant 32-bits is accessed using register EDX. mov$0xC0000080, %ecx# setup EFER address-index rdmsr# read EFER into (EDX,EAX) bts$8, %eax# set the LME-bit’s image to 1 wrmsr# write (EDX,EAX) into EFER # NOTE: RDMSR and WRMSR must be executed at ‘Ring0’ privilege-level.

10 Control Registers CR4 and CR0 000000000000000000 VMXEVMXE 00 OSXMMExOSXMMEx OSFXCROSFXCR PCEPCE PGEPGE MCEMCE PAEPAE PSEPSE DEDE TSDTSD PVIPVI VMEVME PGPG CDCD NWNW 0000000000 AMAM 0 WPWP 0000000000 NENE ETET TSTS EMEM MPMP PEPE 31 13 5 0 31 0 Control Register CR4 Control Register CR0 Legend (for 64-bit mode): PE = Protected-mode Enabled (1=yes, 0=no) PG = Paging Enabled (1=yes, 0=no) PAE = Page-Addressing Extensions (1=enabled, 0=disabled)

11 Segment-Descriptor Format Base[31..24] (if L=0) GD L AVLAVL Limit [19..16] (if L=0) P DPLDPL SX C/DC/D R/WR/W A Base[23..16] (if L=0) Base[15..0] (if L=0) Limit[15..0] (if L=0) 6332 31 0 Legend: DPL = Descriptor Privilege Level (0..3) G = Granularity (0 = byte, 1 = 4KB-page)P = Present (0 = no, 1 = yes) D = Default size (0 = 16-bit, 1 = 32-bit)S = System (0 = yes, 1 = no) X = eXecutable (0 = no, 1 = yes)A = Accessed (0 = no, 1 = yes) code-segments: R = Readable (0 = no, 1 = yes)C = Conforming (0=no, 1=yes) data-segments: W = Writable (0 = no, 1 = yes)D = expands-Down (0=no, 1=yes) L = Long-mode (i.e., 64-bit addressing) (0=no, 1=yes) AVL = Available for user’s purposes

12 IA-32e Call-Gate descriptor Base[31..24] (if S=0) GD L AVLAVL offset[31..16]P DPLDPL 0 X C/DC/D R/WR/W Gate Type (=1100) Reserved (must be 0) code-segment selectoroffset[15..0] 12796 31 0 offset[63..32] Reserved (must be 0) offset[63..32] We can use a call-gate to ‘jump’ from 16-bit code-segment to a 64-bit code-segment

13 Summary of steps Transition from real-mode to IA-32e mode: –Build the table of global descriptors –Load GDTR with pseudo-descriptor for GDT –Build the 4-level page-mapping tables –Enable IA-32e mode (set EFER.LME=1) –Enable Page-Address Extensions (CR4.PAE) –Load Level4 page-map table address in CR3 –Activate IA-32e mode (CR0.PE and CR0.PG) –Transfer via call-gate to 64-bit code-segment

14 Notes on the transition Code-segment must be “identity-mapped” Interrupts have to be temporarily disabled All memory-addressing in 64-bit mode via CS, SS, DS or ES uses 0 as base-address (and checking of segment-limits is omitted)

15 For a return to ‘real-mode’ Processor must enter 16-bit code-segment in ‘compatibility-mode’ via indirect far jump –Load segment-registers DS, ES, and SS with ‘writable’ 16-bit segment-selectors (64K-limit) –Code-segment has to be “identity-mapped” –Deactivate IA-32e mode by clearing PG-bit –Leave ‘protected-mode’ by clearing PE-bit –Reload registers CS and SS with real-mode segment-addresses before enabling interrupts

16 Demo-program: ‘inandout.s’ We created a demo-program that starts in ‘real-mode’, enters 64-bit mode and draws a message, jumps to ‘compatibility mode’ and draws another message, then returns to real-mode and shows a final message It has to write directly to VRAM when it’s not executing in real-mode – because the ROM-BIOS routines use real-style code

17 How text-mode VRAM works The video memory resides at 0x000B8000 and in text-mode it is organized as a linear array of two-byte elements (i.e., ‘words’): Array-elements are arranged in “row- major” order (left-to-right, top-to-bottom) Attribute-code for the foreground and background colors Ascii code for character 15 8 7 0

18 Blue 1 Default color-programming Intense 1 Red 1 Blue 1 Green 1 Red 0 Green 0 Blinking 0 FORECOLORBACKCOLOR 7 6 5 4 3 2 1 0

19 Character-cell screen-locations 80 cells-per-row 25 rows for (row 0, column 0) the address-offset is (0*80+0)*2 for (row 2, column 79) the address-offset is (2*80+79)*2 for (row 24, column 40) the address-offset is (24*80+40)*2

20 In-class exercise #1 Can you modify the message-colors used in our ‘inandout.s’ demo-program so that: –the first message is bright-red against white –the second message is brown against cyan –The final message is magenta against black

21 In-class exercise #2 Can you modify the ‘inandout.s’ program so that it ‘skips’ entering 64-bit mode: i.e., so it transfers directly from real-mode to ‘compatibility’ mode, prints its confirmation message, and then transfers back to ‘real- mode’ to show a final message? 64-bit mode real-mode compatibility mode

Download ppt "Venturing into 64-bit mode Examining the steps needed to take the processor into IA-32e mode -- and then back out again."

Similar presentations

Processor Privilege-Levels

Processor Privilege-Levels
1 iAPX86 Systems Electronic Computers LM. 2 X86 Registers 0781531 ALAHAX BLBHBX CLCHCX DLDHDX SI DI BP SP EAX EBX ECX EDX ESI EDI EBP ESP 07815 CS SS.

1 iAPX86 Systems Electronic Computers LM. 2 X86 Registers ALAHAX BLBHBX CLCHCX DLDHDX SI DI BP SP EAX EBX ECX EDX ESI EDI EBP ESP CS SS.
Computer Organization and Assembly Languages Yung-Yu Chuang

Computer Organization and Assembly Languages Yung-Yu Chuang
Intel 80386 MP.

Intel MP.
Ring-transitions for EM64T How the CPU can accomplish transitions among its differing privilege-levels in 64-bit mode.

Ring-transitions for EM64T How the CPU can accomplish transitions among its differing privilege-levels in 64-bit mode.
OS Memory Addressing.

OS Memory Addressing.
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
Introduction to the Intel x86’s support for “virtual” memory

Introduction to the Intel x86’s support for “virtual” memory
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.

Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory.
Linux Memory Issues An introduction to some low-level and some high-level memory management concepts.

Linux Memory Issues An introduction to some low-level and some high-level memory management concepts.
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
Getting Ready to Enter x86 Protected Mode Survival tactics for enabling Protected-Mode with a minimum of supporting infrastructure.

Getting Ready to Enter x86 Protected Mode Survival tactics for enabling Protected-Mode with a minimum of supporting infrastructure.
EM64T ‘fast’ system-calls A look at the requirements for using Intel’s ‘syscall’ and ‘sysret’ instructions in 64-bit mode.

EM64T ‘fast’ system-calls A look at the requirements for using Intel’s ‘syscall’ and ‘sysret’ instructions in 64-bit mode.
IA-32 Processor Architecture

IA-32 Processor Architecture
Page-Faults in Linux How can we study the handling of page-fault exceptions?

Page-Faults in Linux How can we study the handling of page-fault exceptions?
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.

The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.

Similar presentations

Ads by Google