feature article
Subscribe Now

How To Implement Virtual Memory, Part 4

Cut and Paste Code to Set Up Your x86 MMU

Fiddly little bit-twiddling. Nobody likes it, but if you’re writing boot ROMs, device drivers, or low-level system functions, you’ve got to roll your sleeves up and do it. That’s especially true when you’re tweaking your processor’s MMU to create and enable virtual memory, paging, or protections. To make life easier, we herewith present Little Chunks o’ Code to help with that. 

Most of what we’ve discussed so far applies to most any processor, but today’s code snippets are obviously x86-specific. The same virtual memory concepts may apply to ARM, MIPS, RISC-V, and other CPU families, but the code presented here sure won’t. 

The first bit of code creates your page directory and two page tables. Both tables are minimal, with just a few entries apiece. It’s written as a function or subroutine that you can call from somewhere else, although you don’t have to. It also makes some assumptions about where your RAM is located, but that’s a hard-coded number that’s easy to tweak.

The first program relies on the second program, which is a little function to create new segment descriptors in the GDT. And it, in turn, relies on the third program to find an unused GDT entry it can use. All three pieces can be used standalone, or together. 

; This program creates page directory and page tables and enables paging.

; No address translation is performed (i.e., identity-mapped).  

; Assumptions:

; 1) Physical memory from 0x00001000 through 0x00003FFF is not already in use.




; Define some useful descriptor type values… 

DRO EQU 0 ;data, read-only

DRW EQU 1 ;data, read/write

SRO EQU 2 ;stack, read-only

SRW EQU 3 ;stack, read/write

CEO EQU 4 ;code, execute-only

CER EQU 5 ;code, execute/read

CEOC EQU 6 ;code, conforming, execute-only

CERC EQU 7 ;code, conforming, execute/read




page_enable PROC FAR




; Create a page directory

MOV EAX, 1000h ;base address = 0x00001000

MOV EBX, 1000h ;size = 4096 bytes

NOV CL, DRW ;type = read/write data segment

MOV CH, 0 ;privilege = level 0

CALL make_descriptor

OR EAX, EAX

JL error ;failed, couldn't make descriptor




MOV ES, AX ;ES gets new segment selector

MOV EDI, 0

MOV EAX, 0

MOV ECX, 1024

REP STOSD ;start by zeroing out the table




MOV DWORD PTR ES:[0], 00002003h ;1st PDE -> 1st page table

MOV DWORD PTR ES:[0FFCh], 00003003h  ;1024th PDE -> 2nd page table





; Create first page table...

MOV EAX, 2000h ;base address = 0x00002000 

MOV EBX, 1000h ;size = 4096 bytes

MOV CL, DRW ;type = read/write data segment

MOV CH, 0 ;privilege = level 0

CALL make_descriptor

OR EAX, EAX

JL error ;couldn’t make descriptor




MOV ES, AX ;ES gets new segment selector

MOV EDI, 0

MOV EAX, 00000003h ;first page frame address = 0

MOV ECX, 1024

table1:

STOSD ;write one PTE

ADD EAX, 1000h ;increment page frame address

LOOP table1 ;repeat 1024 times




; Create second page table

MOV EAX, 3000h ;base address = 0x00003000

MOV EBX, 1000h ;size = 1024 bytes

MOV CL, DRW ;type = read/write data segment

MOV CH, 0 ;privilege = level 0

CALL make_descriptor

OR EAX, EAX

JL error ;couldn’t make descriptor




MOV ES,AX ;ES gets segment selector

MOV EDI, 0

MOV  EAX, 0

MOV ECX, 1008

REP STOSD ;zero first 1008 PTEs

MOV EAX, 0FFFF0003h ;1009th page frame address = 0xFFFF0000

MOV ECX, 16

table2:

STOSD ;write one PTE

ADD EAX, 1000h ;increment page frame address

LOOP table2 ;repeat 16 times




;Enable paging

MOV EAX, 1000h ;physical address of page directory = 0x1000

MOV CR3, EAX ;load into Control Register 3




PUSHFD ;save EFLAGS register

CLI ;disable interrupts temporarily




MOV EAX, CR0 ;copy CR0 into EAX

BTS EAX, 31 ;set bit 31

MOV CR0, EAX ** enable paging **

JMP flush ;flush prefetch queue

flush:

NOP

POPFD ;restore EFLAGS

RET

Listing 1: Sample program to create an x86 page directory and two page tables.

This second program creates a new segment descriptor based on the parameters you pass to it. It moves the input data around to conform to the somewhat convoluted format that x86 MMUs require. It also does one small security check, ensuring that the privilege level of the new segment it creates is not any more privileged than the program that’s calling it.

; Create a segment descriptor in the GDT. 

; All information is passed in registers. 

; Returns 16-bit selector in AX, or -1 if error. 

; Assumptions: 

; 1) Segment register DS holds selector to GDT alias as writable data segment

; 2) Base address is passed in EAX 932 bits)

; 3) Segment length (not limit) is passed in EBX (32 bits)

; 4) Segment type is passed in CL (3 bits)

; 5) Segment privilege level is passed in CH (2 bits)




make_descriptor PROC FAR

PUSH EDX ;save work registers

PUSH EAX

CALL find_first_GDT ;find the index of the first available slot

MOV EDX, EAX ;EDX gets free slot, or -1 if none

POP EAX

OR EDX, EDX

JL error ;sorry, no free GDT slots available




base_address:

MOV DWORD PTR DS:[EDX*8]+2, EAX ;write base address bits 23-00

ROL EAX, 8

MOV BYTE PTR DS”[EDX*8]+4, AL ;write base address bits 31-24

ROR EAX, 8

DEC EBX ;segment length becomes segment limit

CMP EBX, 0FFFFFh ;is limit under 1 MB? 

JA page_granular ;no, go to page-granular setup

byte_granular:

MOV WORD PTR DS:[EDX*8]+0, BX ;write limits bits 15-00

ROL EBX, 16

MOV BYTE PTR DS:[EDX*8]+6, BL ;write limit bits 19-16

ROR EBX, 16

AND BYTE PTR DS:[EDX*8]+6, 0Fh ;drop G, D, X, U bits

OR BYTE PTR DS:[EDX*8]+6, 40h ;set D bit

JMP segment_type

page_granular:

SHR EBX, 12 ;shift limit right 12 bits

MOV DWORD PTR DS:[EDX*8] +0, BX ;write limit bits 15-00

ROL EBX, 16

MOV BYTE PTR DS:[EDX*8]+6, BL ;write limit bits 19-16

ROR EBX, 16

AND BYTE PTR DS:[EDX*8]+6, 0Fh ;drop G, D, X, U bits

OR BYTE PTR DS:[EDX*8]+6, 0CDh ;set G and D bits

segment_type:

MOV BYTE PTR DS:[EDX*8]+5, 0 ;clear Access Rights byte

CMP AL, CERC

JA error ; sorry, invalid segment type

SHL CL, 1 ;shift ot make room for A bit

OR BYTE PTR DS:[EDX*8]+5, CL ;write Type bits and A bit

priv_level:

MOVZX AX, CH ;AX gets requested privilege level

MOV BX, WORD PTR SS:[ESP]+4 ;BX gets caller’s CPL

ARPL AX, BX ;adjust AX if necessary

SHL AL, 5 ;move DPL field into position

OR BYTE PTR DS:[EDX*8]+5, AL ;set DPL bits

OR BYTE PTR DS:[EDX*8]+5, 90h ;set Present and System bits

MOV AX, DX ;AX gets GDT index

SHL AX, 3 ;index * 8 = selector

ARPL AX, BX ;adjust RPL field if necessary

POP EDX

RET

error:

POP EDX

MOV EAX, 0

DEC EAX

RET ;return -1

Listing 2: Sample program to create an x86 segment descriptor in the GDT based in input parameters.  

This little guy simply searches through the Global Descriptor Table (GDT) looking for an unused slot it can use. If there are none, it returns –1, otherwise you get the index of the free slot in EAX. It needs no input parameters. As above, this assumes that you can both read and write the GDT via data segment DS. 

; Return in to the first free GDT descriptor in EAX, or -1 if none.

; Assumptions: 

; 1) Segment selector in DS points to an alias of the GDT as writable data. 




find_free_GDT: 

PUSH EBX ;save work registers

PUSH ECX

MOV BX, DS ;BX gets alias selector

MOVZX EBX, BX ;extend BX to all 32 bits

LSL ECX, EBX ;ECX gets alias segment limit

SHR ECX, 3 ;limit / 8 = number of slots

JECXZ not_found ;null length GDT; exit

MOV EAX, 0 ;start at GDT(1)

next:

INC EAX

CMP BYTE PTR DS:[EAX*8]+5, 0 ;Access Rights byte = 0? 

LOOPNZ next ;repeat as necessary

JNZ not_found

found:

POP ECX

POP EBX

RET ;return value in EAX

not_found:

POP ECX

POP EBX

MOV EAX, 0

DEC EAX

RET ;return -1 in EAX

Listing 3: Sample program to locate the first unused descriptor slot in the GDT.

Leave a Reply

featured blogs
Nov 30, 2021
Have you ever wondered why Bill is a common nickname for William and Dick is a common nickname for Richard?...
Nov 30, 2021
Explore the history of the chip design process, from the days of Integrated Device Manufacturers (IDMs) to EDA tools and today's era of democratized design. The post Just What Is Democratized Design Anyway? appeared first on From Silicon To Software....
Nov 30, 2021
The demand for smaller electronics devices can be achieved by high-density layers in multi-layer build-up substrates or multi-layered printed circuit boards (PCB). Vias are essential in the design... [[ Click on the title to access the full blog on the Cadence Community site...
Nov 8, 2021
Intel® FPGA Technology Day (IFTD) is a free four-day event that will be hosted virtually across the globe in North America, China, Japan, EMEA, and Asia Pacific from December 6-9, 2021. The theme of IFTD 2021 is 'Accelerating a Smart and Connected World.' This virtual event ...

featured video

Architecture All Access: Modern FPGA Architecture

Sponsored by Intel

In this 20-minute video, Intel Fellow Prakash Iyer takes you on a journey within the architecture of an FPGA, starting with simple logic gates and then moving up through architecture, design, and applications. Along the way, he answers many questions you might have about FPGAs, even if you’ve worked with FPGAs for years.

Click here for more information

featured paper

4 questions to ask before choosing a Wi-SUN stack

Sponsored by Texas Instruments

Scalability, reliability, security, and speed—these are the advantages that the Wireless Smart Ubiquitous Network (Wi-SUN®) offers to smart cities and the Internet of Things. But as a developer, how can you maximize these advantages in your software design? In this article, TI addresses four questions to help you save development cost and get to market faster with a more streamlined design cycle for your IoT application.

Click to read more

featured chalk talk

IEC 62368-1 Overvoltage Requirements

Sponsored by Mouser Electronics and Littelfuse

Over-voltage protection is an often neglected and misunderstood part of system design. But often, otherwise well-engineered devices are brought down by over-voltage events. In this episode of Chalk Talk, Amelia Dalton chats with Todd Phillips of Littelfuse about the new IEC 623689-1 standard, what tests are included in the standard, and how the standard allows for greater safety and design flexibility.

Click here for more information about Littelfuse IEC 62368-1 Products