PAE PTE access

Programming, for all ages and all languages.
Post Reply
st0ne
Posts: 4
Joined: Wed Apr 07, 2010 2:13 pm

PAE PTE access

Post by st0ne »

Hello Everyone, I am totally new on this forum, just in here to enhance my knowledge. I decided to do some low level programming before trying to write a new OS. To do so I write simple LKMs (Loadable Kernel Module, I'm using Linux) containing asm code in their module_init function. This is a very convenient way to do ring 0 things. Write some code with your favourite editor, compile it, load the module, get text messages with dmesg (I'm using printk to send messages from the module), unload the module. It's very simple. I am aware that this is dangerous and can crash the system but this is test system and there is no problem to reinstall it.

I have read chapter 4 (Paging) of Intel's manual and successfully created a function returning a PTE value by given address. Here it is:

Code: Select all

__asm__ __volatile__ ( "movl	%%cr3, %%eax\n\t"
			 "andl	$0xfffff000, %%eax\n\t"
			 "addl	$0xc0000000, %%eax\n\t"

			 "movl	%1, %%ebx\n\t"
			 "shrl	$22, %%ebx\n\t"
			 "sall	$2, %%ebx\n\t"

			 "addl	%%ebx, %%eax\n\t"
			 
			 "movl	(%%eax), %%eax\n\t"
			 
			 "andl	$0xfffff000, %%eax\n\t"
			 "addl	$0xc0000000, %%eax\n\t"
			 
			 "movl	%1, %%ebx\n\t"
			 "andl	$0x003ff000, %%ebx\n\t"
			 "shrl	$12, %%ebx\n\t"
			 "sall	$2, %%ebx\n\t"
			 
			 "addl	%%ebx, %%eax\n\t"		 
			 "movl	(%%eax), %%eax\n\t" 
			 
			 "movl	%%eax, %0\n\t"
		
			 :"=r"(pte)
			 :"r" (addr)
			 :"%eax", "%edx"
		      );
But this function is working only for 32 bit paging and 4KB pages. Now I'm trying to do the same thing for PAE paging and I need some help. First, according to the manual CR3 references the base of a 32-Byte page-directory pointer table and bits 4:0 are ignored. What does this mean? The address is only 27 bits or something else? Second, let's suppose we have the address of page-directory pointer table in eax, to find the corresponding PDPTEi for a given address I will do something like this:

......
movl %1, %%ebx
shrl $30, %%ebx
movl (%%eax,%%ebx,0x8),%eax

:"=r"(pdpte_first32)
:"r" (addr)
:"%eax", "%ebx"

I need bits 51:12 from PDPTEi because they refer to the page directory. I can store these bits in two registers (32 in one and the remaining 8 in another) but I don't know how to use them to access the page directory. With 32 bit addresses I put the address in some register and use "(register)" to access the address but now I have 40 bits.

It will be great if you can provide some examples.
Gigasoft
Member
Member
Posts: 856
Joined: Sat Nov 21, 2009 5:11 pm

Re: PAE PTE access

Post by Gigasoft »

For CR3, the upper 20 bits contain the address. The lower bits are used for other purposes. In Linux, the PDPTE is always located at a low address, so the upper bits can be ignored. You use the same translation to virtual addresses as before.
st0ne
Posts: 4
Joined: Wed Apr 07, 2010 2:13 pm

Re: PAE PTE access

Post by st0ne »

According to "Understanding the linux kernel" CR3 contains a 27-bit Page Directory Pointer Table base address field, so I use bits 31:5 (Intel's manual). I tried to read the PS value of PDPTE1. I wrote this code:

Code: Select all

__asm__ __volatile__ ( "movl %%cr3, %%eax  \n\t"
			 "shrl $5, %%eax\n\t"
  
			 "movl $1, %%ebx  \n\t"
			 
			 "movl (%%eax,%%ebx,0x8), %%eax\n\t"
			 
			 "andl $0x80, %%eax  \n\t"
			 "movl %%eax, %0  \n\t"
			 
			 :"=r"(ps_flag)
			 :
			 :"%eax", "%edx"
                       );
But I get kernel oops - BUG: unable to handle kernel paging request at 01a82c08
st0ne
Posts: 4
Joined: Wed Apr 07, 2010 2:13 pm

Re: PAE PTE access

Post by st0ne »

I added "addl $0xc0000000, %%eax\n\t" after "shrl $5, %%eax\n\t" and it seems to work. Is my code correct?
Gigasoft
Member
Member
Posts: 856
Joined: Sat Nov 21, 2009 5:11 pm

Re: PAE PTE access

Post by Gigasoft »

Ah, you're right, again I read the manual too fast and looked at the wrong figure.

But you shouldn't shift the value from CR3. Just add 0xc0000000.
st0ne
Posts: 4
Joined: Wed Apr 07, 2010 2:13 pm

Re: PAE PTE access

Post by st0ne »

Thank you! I removed shrl $5, %%eax and now ps_flag equals 0. I think this result is correct because as far as I know 4-KByte paging is more common than 4 MB paging. I shifted the value to get bits 31:5. Why is this wrong?
Post Reply