Paging in PAE-mode – Virtual to Physical Address Translation

转自:http://blog.nandaka.io/paging-in-pae-mode-virtual-to-physical-address-translation/

Please go through the Paging in non-PAE mode before continuing to PAE mode. Also, the address translation explained here is in the context of 4K page size which is used by default in Windows.

PAE(Physical Address Extension) Mode was introduced in processor aiming to allow 32 bit OS to make use of more than 4GB memory.  Following are the changes in Paging Mechanism when we put the CPU in PAE mode.

1. Each Table Entry(Page Directory Entry & Page Table Entry) is expanded to 64 bits. This is the reason a running process have access to the memory above 4GB. However, at a given time it can only access 4GB only.
2. A new level of translation is added called ‘Page Directory Pointer Table(PDPT).
3. Base physical address of each table entry is extended to 24 bits. Add this to 12 bits of byte index from virtual address, you get 36 bits to address the physical memory. Total addressable memory may be as big as 64GB with 36 bits.

 

CR3 CPU register is 4 byte in size on x86 machine and contains the physical address of PDPT so PDPT should be located below 4GB physical memory .

PAE Mode can be enabled by setting up the bit 5 of CR4 CPU register in x86. You can check the content of the CR4 CPU register via ‘r’ command of WinDbg.

0: kd> r cr4
cr4=000406f9  >>>00000000 00000100 00000110 11111001

Before you enable PAE Mode you need to make sure that all the tables( PDPT, PDT, PT) are setup. Load CR3 CPU register with PDPT and Enable Paging.

When PAE mode is enabled on processor, MMU divides the  virtual address in the following fields:

1. Page Directory Pointer Table(PDPT) Pointer – 2 bits
2. Page Directory Index – 9 bits (can address 2^9 = 512 entries)
3. Page Table Index – 9 bits (can address 2^9 = 512 entries)
4. Byte Index – 12 bits (can address 2^12(4096) entries. i.e. all the bytes in a 4K page)

Keep in mind that it is not the additional level of translation that helps addressing above 4GB. It is the 64 bit size of the Table Entry which allows us to address greater then 4GB of physical memory.

 

Image taken from the book Windows Internals by M Russinovich, D A Solomon, A Ionescu.

 

Fig above explains how the address translation works when PAE mode is enabled.

Here is the layout for the 64 bit PTE when PAE mode is enabled. Access fields of PDE and PTE are mostly similar. Table below explains the meaning and usage of bits. NX bit is available in 64 bit PTE only(PAE Mode on x86 or x64 bit machine) and WSI is available in 64 bit PTE in 64 bit system. I will discuss these in upcoming blogs.