Intel 80386 microprocessor Memory Management

I. Memory Management
Memory Management is a hardware mechanism. Microprocessor addressing physical memory on the bus address. However, in order to provide a program with a larger space than the physical storage capacity, the concept of virtual storage is introduced, which is implemented with the support of external storage (such as disks, generally, virtual addresses are called logical addresses. For MySQL 80386, there are both segment management and page management. Segment and page management is the responsibility of the operating system, and 80386 provides management mechanisms on hardware.

 

2. Three Ways for Intel 80386 microprocessor to work
Three working modes: real address mode, virtual address protection mode, and virtual 8086 mode.
1. Real address Method
80386 after the hardware is reset, In this mode, only the 20-bit low address of the 32-bit address bus can be used, and the addressing space is 1 MB. In this case, it is a 8086/8088 microprocessor. The difference is that it can not only run all the commands of 8086/8088, but also run 32-bit operation commands. The system initialization area is in the FFFFFFF0H-FFFFFFFFH storage area. This method is set to be 8086 compatible, and can also be changed from the real address mode to the protection of virtual addresses. The physical address is a low 20-bit address code sent from a 8386-bit chip address. After memory decoding, select a storage unit for read/write, a physical address can be expressed as a 20-bit address in a five-digit hexadecimal format. The address segment of the storage device divides the memory space of 1 MB into several segments. The maximum capacity of each segment is 64 KB, the high 16-bit binary code of the first segment address is the segment number (the base segment address) of the segment ). After the storage is segmented, the segment address is stored in the segment registers CS, DS, SS, and es, set different values for the segment register to direct the segment register of the microprocessor to different segments in the memory. The offset is the intra-segment offset relative to the first address of a segment. When the physical address is formed, the base address of the segment is obtained by moving the segment address four places to the left, and the offset address value is added to form a 20-bit physical address. The calculation format is as follows:
Segment address × 10 h + offset address = physical address
80386 address translation in real address Mode 1:

 

2. virtual address protection

When the priority of Intel 80386/486 control register Cr0 is PE (Protection enable) protection mode, it is used to enable the CPU to enter the virtual address protection mode. Pe = 0 indicates that the CPU is working in the real address mode, and PE = 1 indicates that the CPU is working in the virtual address protection mode.

80386/486 of memory management mechanisms adopt segment and paging management. The segmentation mechanism is to first convert the logical address into a linear address, and then use the paging mechanism to convert the linear address into a physical address. The logical address is composed of a segment address and an offset. It is a way to express the memory address in a program. The logical address = segment address: the offset address. When the paging mechanism is disabled, linear addresses become physical addresses.

(1) segment selection operator and segment register
Segment register is used to store segment Selection Characters. segment registers include CS, DS, SS, es, FS, and Gs. The segment selection character is 16 bits, and the offset bit is a 32-bit long field. The segment selector consists of 16 digits, which are further divided into three parts: they are 13-bit index fields, 1-bit indicator fields Ti, and 2-bit request privilege-level fields RPL. The index end specifies the entry of the corresponding segment descriptor in gdt or LDT. The well-known segment descriptor of the Ti mark is in gdt (Ti = 0) or LDT (Ti = 1. RPL indicates the current CPU privilege level when the current segment selector is loaded into the CS register. Segment selection character 2:

Figure 2-segment Selector

 

 

(2) segment descriptor
Each segment is represented by a 64-bit (8-byte) segment descriptor, which describes the features of the segment. Segment descriptors are stored in the Global Descriptor Table (gdt) or Local Descriptor Table (LDT. Because each segment descriptor is 8 bytes, the relative address of the segment descriptor in gdt or LDT is the maximum value of 13 bits of the segment selector multiplied by 8. The general format of the segment descriptor is three:

 

The meanings of fields and symbols in the segment descriptor are as follows:
1) base address field base (base address field): contains the linear address of the first byte of the segment.
2) segment length field limit (segment limit field): used to specify the segment length. If G = 0, the segment length limit range can be from 1 byte to 1 MB, in bytes; if G = 1, the segment length limit range can be from 4 kb ~ 4 GB. Unit: 4 kb.
3) grain mark G: If the bit is 0, the unit of the segment is byte; if the bit is 1, the unit of the segment is 4 kb. It can be understood by combining the limit field of the segment length limit.
4) segment type field type (Type field): describes the type features of a segment and its access permissions. The description of this field depends on the descriptor type Mark S, which is used to explain whether it is a code or data segment descriptor or a system descriptor. The encoding of the type field varies with the code, data, or system descriptor.

5) descriptor type flag S (descriptor type flag): If S = 0, a segment descriptor is a system segment descriptor, such as storing the key data structure such as LDT; if S = 1, stores the code or data segment descriptor.
6) descriptor privilege level field DPL (descriptor privilege level): the descriptor privilege level, used to control access to the segment, indicating the minimum priority required for CPU access to this segment. The privilege level ranges from 0 to 3. Level 0 has the highest privilege level and Level 3 has the lowest privilege level.
7) segment existence flag P (segment present): Used to indicate whether a segment is in memory (P = 1) or not in memory (P = 0 ). For Linux, this flag is always set to 1, so that it never exchanges the entire segment to the disk.
8) D/B (default operation size/default stack pointer size and/or upper limit) Sign (default operation size/default stack pointer size and/or Upper Bound ): the Description Based on the segment descriptor is an executable segment, an extended data segment, or a stack segment. This flag has different functions. For 32-bit code and data segments, this flag should always be set to 1; for 16-bit code and data segments, this flag is set to 0.
9) available and reserved bits: this field is used by the operating system, but is ignored in Linux.

 

(3) segment description table and segment description table register
80386/486 the microprocessor has Global Descriptor Table register GDTR, Local Descriptor Table register ldtr, and Interrupt Descriptor Table register idtr, they are used to find gdt, LDT, and IDT in the Global Descriptor Table.

 

(4) segmentation and paging mechanisms

The segment unit converts a logical address to a linear address. Because the 14-Bit High Segment identifier (13-bit index number and 1-bit Ti) is used for segment descriptor selection, therefore, the maximum number of segments in the virtual memory can be 16 K (14 to the power of 2). Because the offset length is 32 bits, the maximum address space of each segment can reach 4 GB, therefore, the capacity of the virtual address space is 640 Tb (16 K * 4 GB ). the Ti mark divides 64 TB address space into two spaces: Global Address Space and local address space, which are 32 TB respectively. When the Ti bit is 0, the global address space is accessed; when the Ti bit is 1, the local address space is accessed. Generally, a gdt is defined, and all tasks share the global address space. If each process needs to create additional segments in addition to the gdt storage segments, LDT can be created, occupies local address space independently. The gdt address and size in the memory are stored in the GDTR control register. The currently used LDT address and size are placed in the ldtr control register.

How can a logical address be converted to a linear address. The segmentation Unit performs the following operations:
1) Check the Ti field in the segment selection operator to determine which Descriptor Table the segment descriptor is stored in (gdt or LDT ).
2) Multiply the index field of the segment selection operator by 8, and calculate the relative address of the segment descriptor in the Descriptor Table (gdt or LDT, determined by the previous step. The first address of the descriptor table is stored in the GDTR control register or ldtr control register (which register is stored depends on the previous step ).
3) The value of the base field in the segment description is the base address of the segment, and the linear address is obtained by adding the logical address.
See Figure 5. convert a logical address to a linear address.

 

To speed up the conversion from a logical address to a linear address, the 80x86 processor provides an additional non-programmed register for 64-bit segment descriptors. When a segment selection character is loaded into the segment register, the corresponding segment descriptor is loaded from the memory into the corresponding non-programmed CPU register. As long as the inner of the segment register does not change, you do not need to perform the above steps (1) (2) to obtain the linear address. You only need to perform step (3.

The paging unit converts a linear address to a physical address. In the virtual address protection mode (the PE bit of the control register Cr0 is 1), the highest digit PG in the control register Cr0 determines whether to enable the paging mechanism. When Pg = 1, the paging mechanism is effective, you can convert a linear address to a physical address. When PG is 0, the paging mechanism is invalid and the linear address is directly used as a physical address. The 32-bit linear address is divided into three parts: the top 10 digits are the page Directory Index, the middle 10-bit page table index, and the lowest 12-bit offset. Linear address conversion is divided into two steps, both based on the conversion table. The first step of the conversion table is called the page Directory table, and the second step of the conversion table is called the page table ).

Linear addresses are divided into groups with a fixed length, called pages. Paging units divide all ram into groups with a fixed length, called page frames ). The length of each page is the same as that of a page. A page contains one page. A page box is a part of memory, while a page is a logical concept. It refers to a set of linear addresses and data contained in these addresses, the page contains data either in memory or on disk.

How can a linear address be converted to a corresponding physical address. The paging Unit performs the following operations:
(1) The base address register of the page Directory (such as the base address of the page Directory). The base address of the page Directory starts with the base address of the page directory, and the index value of the page directory in the linear address is added, find the page Directory item in the page Directory table. You can obtain the base address value of the page table from the page Directory item (its 12-bit low is 0 ).

2) start with the base address value of the page table, and add the index value of the page table in the linear address to get the physical address of the page box (that is, the first physical address of the page box ). When the physical address of the page is added with the offset of the linear address, the physical address of the linear address in the page is obtained.

Figure 6 shows the conversion process of two-level page tables.

Starting from 80386, Intel microprocessor's paging Unit processes 4 kb pages. The starting address of each page is always a linear address with a low 12-bit value of 0. Page Management maps any page in a linear address space to a page in a physical space. The main purpose of using the paging management mechanism to Realize linear address-to-physical address conversion and ing is to facilitate virtual memory. The second-level page table is used to reduce the number of Ram required for each process page table. If only the first-level page table is used, there are two 20-to-the-power table items to represent the page table of each process. Four mb ram is required for each table item to represent all the page table items.

In two-level page tables, there are page Directory table items and page table items. They have the same format and slightly different content, as shown in figure 7.

1) page box address: the start address of a page is called the page box address. Because the size of a page is 4 kb, a 20-bit high in a page table indicates the address of a page box, the low-end 12-bit is used to describe the page control and status. In the first-level page directory, the page box address points to the start address of the corresponding page table. In the second-level page table, the page box address points to the start address of the page in the memory.
2) P: P = 1 indicates that the page (page table item) is in the physical storage; P = 0 indicates that the page (page table item) is not in the physical storage. When the P value of the page table item or page Directory item required for a linear address conversion is 0, the paging unit stores the linear address in the control register Cr2 and generates an exception on the 14th: page missing exception.
3) read/write bit R/W: R/W = 1 write; otherwise, it is read. It indicates the access permission to a page (page table). It has nothing to do with address conversion.

4) User/monitoring program U/S: used to indicate the privileged level required to access pages (page tables.
5) Access Bit A: indicates whether the page specified by this item has been read or written. If a = 1 in the directory, it indicates that the page table specified by this item has been accessed. If a = 0 in the page table, indicates that the pages in the memory have not been accessed. The paging unit never resets this flag, but must be done by the operating system.
6) Dirty D: used only for page table items. This flag is set every time you write a page box.
7) Available domain AVL: three places in the domain for system software designers. Information related to page usage can be stored in this domain to help analysis determine which pages should be removed from memory.
8) PWT and PCD: control the hardware cache processing page (page table.

(5) converting the backup buffer TLB

From the above linear address conversion process, we can see that one address conversion requires two accesses to the memory: one access to the page Directory table and one access to the page table. To speed up the address translation process, 80386 sets a part inside the chip called the conversion back-aid buffer TLB (translation lookside buffer), as shown in. Each TLB item contains 32 linear address values (20-bit higher than the linear address, that is, the base address of the page) and the corresponding physical address values (20-bit higher than the physical address, is the base address of the page box), and also contains the page access and other attributes. When the linear address is being converted, the 20-bit high of the linear address is compared with the value of the linear address in TLB. If no physical address is found, the corresponding physical address is calculated using the preceding conversion method, and the physical address is included in a TLB table; if you can find it, you can get the base address of the page box, and the physical address can be obtained by adding 12 low digits of the linear address. Because TLB has 32 items, it can indicate the correspondence between the commonly used 32 pages and the page box, and each page is 4 kb, therefore, TLB actually represents the correspondence between K Linear addresses (32 * 4kb = KB) and physical addresses. Due to the limitations of programs and data, TLB can accommodate 98% K address conversion information. Using TLB for address conversion has a very high hit rate, generally up. When the value of the CPU control register is modified, the hardware automatically invalidates all TLB items because a new set of page tables are used. In this way, the transformation of the same linear address can be quickly obtained.

 

3. Virtual 8086 Mode
Compared with the real address method, it provides an optional paging function. In this mode, the base address in the segment register moves four digits left and then the offset address. The result is a linear address. If the paging function is enabled, you need to use the paging mechanism to convert it to a physical address. If the paging function is not enabled, the linear address is the physical address.

 

Iii. Protection Mechanism of Intel 80386

1. segment-level protection
(1) Protection between different tasks
To protect different tasks, you can place each task in a different virtual address space. The ing function defines virtual addresses to physical addresses in each task. After the task is switched, The ing function also switches. Each task has an independent ing table with different address conversion functions. When the processor switches and executes a new task, the conversion table for the new task switching task is an important part. For different tasks, they can have the same virtual address. Because of the ing functions, the physical addresses of different tasks are different.
(2) Protection within the same task
The protection mechanism within the same task is more suitable for protecting the operating system, so that the operating system is shared by all tasks, and access to each task is not damaged by the application. Each task can share the virtual address space used, which is called the Global address space. Only one task uses the virtual address space, that is, the virtual address space not shared by any other task, it is called a local address space. The operating system draws a public area in the virtual address space. Each task can use the virtual address space and map it to the same physical address.
In the virtual address protection mode, the segment-level protection of 80386/486 microprocessor is divided into four levels. Each task is separated. the privileged level 0 is the privileged level with the highest reliability, and the privileged level 3 is the privileged level with the lowest reliability. Each specific level has its own program stack to avoid protection issues related to the shared stack. When a program switches from one privileged level to another, the stack used by the program changes from the original privileged level stack segment to the new privileged level stack segment. For the stack segment register SS, the descriptor privilege level (DPL) must be equal to the privilege level (CPL) of the current Code segment ). Each storage segment is associated with a privileged level. A program can access the corresponding segment only when it has sufficient privileges. The privileged level is represented by numbers 0, 1, 2, and 3. A large number has a lower privilege. When comparing privileged levels, use terms such as "Inside" or "inner" to indicate a higher level of privilege. use terms such as "outside" or "outer" to indicate a lower level of privilege. The four levels of privileged levels are shown in figure 8.

 

 

 

In privileged level 0, the operating system kernel is usually configured, which mainly includes task and memory management, and communication between tasks and I/O devices. In privileged level 1, programs that do not belong to kernel system standard services, such as file sharing and data communication. In privileged level 2, user programs are usually configured to expand the Operating System. These are kernel-dependent services, such as database management programs or logical file access systems. Privileged Level 3 is assigned to user applications. applications at this level and between them and the operating system should be isolated from each other without affecting each other. Level 4 privilege levels are not required by the operating system.

2. Page Protection Mechanism

Intel 80386 provides page-level protection. The paging mechanism only distinguishes two types of privileged levels. The privileged levels 0, 1, and 2 are collectively referred to as the System privileged levels, and the privileged level 3 is called the user privileged level. R/W and U/s are used to protect pages in the directory items and table items.

(1) r/W indicates whether the page specified by this table item is readable, written, or executed. R/W Bit write protection only takes effect when the processor is at the user privilege level; if the processor is at the system privilege level, R/W Bit is ignored, it can be read, written, or executed. If R/W = 1, the specified page of the table item can be read, written, or executed. If R/W = 0, the specified page of the table item can be read or executed, however, the specified page cannot be written.
(2) U/s represents the user/system attribute bit, used to represent the privileged level required to access the page (page table. If u/S = 1, the page specified by the table item is a user-level page, which can be accessed by programs executed under any privileged level; if u/S = 0, the page specified by the table item is a system-level page and can only be accessed by programs executed at the system privilege level.

During the process of converting a linear address to a physical address, page-level protection is checked. If the page is accessed (read/write/execute) in violation of the page protection attribute ), this will cause a page exception. [6]

 

References:

[1] http://space.xingyang.org /? Viewnews-1196.html

[2] http://book.51cto.com/art/200812/103208.htm

[3] Chapter 2 memory addressing

[4] Chapter 4 CPU storage device management

[5] http://www.itgrass.com/a/compile/hbdyy/200705/21-2959.html

[6] http://hi.baidu.com/hyap/blog/item/28d8fc034142db713812bb7a.html