Analyze memory ing process in Linux x86-64 Mode

Analyze memory ing process in Linux x86-64 Mode
Preface

In the previous article, we analyzed the virtual memory ing process of Linux in x86-32 mode, this chapter mainly continues to analyze the virtual memory ing process of Linux in x86-64 mode.

The Platform discussed is x86-64, also known as AMD64, IA-32e, which is now widely used in a 64-bit architecture, can forward compatible with 16-bit and 32-bit x86. another independent 64-bit architecture IA-64 is different from the existing architecture and it seems that the development is not good, generally not exposed, we usually discuss the 64-bit basically refers to the x86-64.

The current CPU basically supports 64-bit, according to the strong compatibility of the processor, We can configureLong modeAndLegacy modeYou can use different modes based on the operating system mode.

We can see from wikipedia that the following test is the virtual memory ing process under Operating mode = Long mode and Operating sub-mode = 64-bit mode.

Brief description of the ing Process

The existence of segments is more for compatibility, so the 64-bit program in the x86-64 this function is similar to bypass. The base address of the CS, DS, ES, and SS segments is 0 by default, so we will not discuss the conversion from logical addresses to linear addresses, because the base address is 0, after calculation, the linear and logical addresses are the same as the flat mode in the previous chapter.

The paging process converts a 48-bit linear address to a 52-bit physical address, it can be seen that the 64-bit operating system does not provide a 2 ^ 64 access range at the processor level. The 48-bit linear address can be mapped to the following three types.

4-KByte page

2-MByte page

1-GByte page

We do not know which paging is used in linux yet, but we know the registers and the format of page structure entry in each mode. We can analyze it slowly below.

Format

Verification Scheme

The entire process in this Article refers to another article on the Internet. I will list links at the end of the article.

The entire verification process is the same as the previous test process under the x86-32, which is not described here.

Verification process compilation and Loading

Compile the file and load the sys_reg.ko and phy_mem.ko modules.

Run running-prog

The following output is displayed after running:

We can see variable a, which is the variable for finding the physical address. We assigned a special value to variable a for confirmation. Since both my operating system and running-prog are 64-bit, the address translation for a follows the mechanism under the x86-64. The logical address of a has been printed out, that is, the linear address of a. We first segment the linear address of 48 bits.

PML4

The control register stores the base address of PML4, bits 47 ~ 39 is the serial number of PML4E, and the corresponding PML4E address is:

0x275A1000 + 0 * 8 = 0x275A1000

The PML4E value is 0x275DA067.

PDPT

The base address of PDPT is 0x275DA000, bits 38 ~ 30 is the PDPTE number, and the calculated PDPTE address is:

0x275DA000 + 0 * 8 = 0x275DA000

The PDPTE value is 0x623A4067, and bit7 = 0 indicates that it points to page directory.

PD

The base address of PD is 0x623A4000, bits 29 ~ 21 is the sequence number of the PDE, and the calculated address of the PDE is:

0x623A4000 + 3 * 8 = 0x623A4018

The value of 'pge' is 0x692BB067. bit7 = 0' indicates that it is directed to the page table.

PT

The base address of PT is 0x692BB000, bits 20 ~ 12 is the sequence number of the PTE, and the calculated PTE address is:

0x692BB000 + 1 * 8 = 0x692BB008

The PTE value is 0x800000004AD6F867.

Page frame

The base address of the page frame is 0x4AD6F000, bits 11 ~ 0 is the offset in the page frame, and the physical address of the variable is calculated as follows:

0x4AD6F000 + 120 = 0x4AD6F078.

The familiar 0xA5A5AA550000FFFF indicates that the actual physical address of variable a is found.

End

I would like to thank the Linux kernel for its address ing in x86_64 CPU. I have referenced the original author's documents and Code for the entire process. I would like to thank the original author for sharing the article.

Below is the source code download. study-linux-vm-64bit

------------------------------------------ Split line ------------------------------------------

Free in http://linux.bkjia.com/

The username and password are both www.bkjia.com

Detailed download directory in/2015 documents/February/in Linux x86-64 mode to analyze the memory ing process/

For the download method, see

------------------------------------------ Split line ------------------------------------------

Usage

Make

Make install

Load Module

Sudo insmod./output/sys_reg.ko

Sudo insmod./output/phy_mem.ko

Running-prog

./Output/running-prog

Read-phy-mem

Use sudo for permission issues on the read/write/dev/phy_mem device.

Sudo./read-phy-mem addr len

Status

The program in x86-64 linux mint 17, kernel 3.small-24 mode test through.

This article permanently updates the link address: