Linux paging mechanism started (X86)

Enabling the paging mechanism When Linux starts, it runs in real mode first, and then goes to protected mode. Because in the second chapter mechanism, we have introduced the Linux segmentation settings, here we mainly discuss the issues related to the paging mechanism. The entry point to the Linux kernel code is startup_32 in /arch/i386/kernel/head.S.

1. Initial initialization of the page table:

/*

* The page tables are initialized to only 8MB here - the final page

* tables are set Up later depending on memory size.

*/

.org 0x2000

ENTRY(pg0)

.org 0x3000< Br>

ENTRY(pg1)

/*

* empty_zero_page must immediately follow the page tables ! (The

* initialization loop counts Until empty_zero_page)

*/

.org 0x4000

ENTRY(empty_zero_page)

/*

* Initialize page tables

*/

movl $pg0-__PAGE_OFFSET,%edi /* initialize page tables */

movl $007,%eax /* "007" doesn't mean with right to kill, but

PRESENT+RW+USER */

2: stosl

Add $0x1000,%eax

cmp $empty_zero_page-__PAGE_OFFSET,%edi

jne 2b

This code is executed by the kernel because the page mechanism has not been enabled yet. Did not enter the protection mode, so the address in the instruction register EIP is still the physical address, but because pg0 stores the virtual ground (Think about the symbolic address formed by gcc after compiling the kernel is a virtual address), therefore, "$pg0-__PAGE_OFFSET", to obtain the physical address of pg0, it can be seen that pg0 is stored in the place relative to the starting point of the kernel code is 0x2000, that is, the physical address It is 0x00102000, and the physical address of pg1 is 0x00103000. The entries in the two page tables Pg0 and pg1 are set to 0x007, 0x1007, 0x2007, and so on. The lowest three bits are 1, indicating that the two pages are user pages, writable, and the contents of the page are in memory (see Figure 2.24). The base address of the mapped physical page is 0x0, 0x1000, 0x2000, etc., that is, pages 0, 1, 2, 3, etc. in physical memory, and a total of 2K pages, that is, 8 MB of storage space are mapped. It can be seen that the Linux kernel has a minimum physical memory requirement of 8MB. The empty_zero_page page (ie, zero page) is stored next. The zero page stores the system startup parameters and command line parameters. For details, see Chapter 13.

2. Enable paging mechanism:

/*

* This is initialized to create an identity-mapping at 0-8M (for bootup

* purposes) And another mapping of the 0-8M area at virtual address

* PAGE_OFFSET.

*/

.org 0x1000

ENTRY(swapper_pg_dir)

.long 0x00102007

.long 0x00103007

.fill BOOT_USER_PGD_PTRS-2,4,0

/* default: 766 entries */

.long 0x00102007

.long 0x00103007

/* default: 254 entries */

.fill BOOT_KERNEL_PGD_PTRS-2,4,0

/*

* Enable paging

*/

3:

movl $swapper_pg_dir-__PAGE_OFFSET,%eax

movl %eax,%cr3 /* set the page table pointer.. */

movl %cr0,%eax

orl $0x80000000,%eax

movl % Eax,%cr0 /* ..and set paging (PG) bit */

jmp 1f /* flush the prefetch-queue */

1:

movl $1 f,%eax

jmp *%eax /* make sure eip is relocated */

1:

we Let's look at the function of this code first. This code is to load the physical address of the page directory swapper_pg_dir into the control register cr3, and set the highest position in cr0 to 1, which opens the paging mechanism.

However, the paging mechanism is enabled, which does not mean that the Linux kernel really enters the protection mode, because at this time, the address in the instruction register EIP is still a physical address, not a virtual address. “jmp 1f” The instruction does not logically say anything, but functionally it acts to discard the contents of the instruction pipeline (this is suggested by Intel in the i386 technical documentation) because this is a short Jump, EIP is still a physical address. The next mov and jmp instructions load the second address, numbered 1, into the EAX register and jump there. During the execution of these two instructions, the EIP still points to the physical address <1MB+ somewhere". Because the compiler makes all the symbol addresses in the virtual memory space, the address of the second label 1 is somewhere in the virtual memory space ((PAGE_OFFSET+ somewhere), so after the jmp instruction is executed, the EIP points to the virtual An address in the kernel space, which causes the CPU to go into kernel space, thus completing a smooth transition from real mode to protected mode.

Then look at the contents of the page directory swapper_pg_dir. From the previous discussion we It is known that the starting physical addresses of the two page tables pg0 and pg1 are 0x00102000 and 0x00103000 respectively. As can be seen from Fig. 2?.22, the lowest 12 bits of the page directory entry are used to describe the attributes of the page table. Therefore, the first in swapper_pg_dir 0 and the first directory entry 0x00102007, 0x00103007, it means that the two page tables pg0 and pg1 are user page tables, writable and the contents of the page table are in memory.

Next, put the second in swapper_pg_dir ~767 A total of 766 directory entries are set to 0. Because the size of a page table is 4KB, each entry occupies 4 bytes, that is, each page table contains 1024 entries, and each page is also 4KB in size. , so these 768 directory entries are mapped The virtual space is 768?1024?4K=3G, that is, the first 768 directory entries in the swapper_pg_dir table map user space.

Finally, pg0 and pp are stored in the 768th and 769th directory entries. Pg1 addresses and attributes of the two page tables, and sets 254 directory entries of 770 to 1023 to 0. The virtual address space mapped by the 256 directory entries is 256?1024?4K=1G, which is the swapper_pg_dir table. The last 256 directory entries are mapped to kernel space.

It can be seen that in the initial page directory swapper_pg_dir, both user space and kernel space are available. Only the first two directory entries are mapped, that is, 8MB of space, and have the same mapping, as shown in Figure 6.6.

Figure 6.6 Mapping of the initial page directory swapper_pg_dir

Reader Q, the kernel runs in kernel space after it starts running. So why is the low space (8M) of the user space mapped as well, and the mapping to the low space of the kernel space is the same? In short, it is from real mode to protected mode. Smooth transition. Specifically, when the CPU enters the starting point of the kernel code startup_32, In this case, if the page directory only maps the kernel space and does not map the low space of the user space, once the page mapping mechanism is enabled, the execution cannot be continued. This is because the CPU at this time The instruction register EIP in the middle still points to the low area, and the instruction will still be fetched by the physical address until the absolute transfer or the subroutine is called for a symbol address. Therefore, the Linux kernel has adopted the above solution.