在x86 32位中禁用分页 [英] Disabling Paging in x86 32bit

问题描述

我试图直接写到物理内存位置，所以我正在使用汇编函数首先禁用分页，写入值，然后重新启用分页，但是由于某些原因，尝试时仍会触发页面错误写值.

I am trying to write directly to a physical memory location, so I am using an assembly function to first disable paging, write the value, and then re-enable paging, but for some reason a page fault is still triggered when trying to write the value.

据我了解，在x86-32bit中，通过翻转cr0中的第32位来打开和关闭分页，所以这是我的汇编函数:

As I understand it, in x86-32bit, paging is set on and off by flipping bit 32 in cr0, so here is my assembly function:

mov 4(%esp), %ecx //address
mov 8(%esp), %edx //value

mov %cr0, %eax
and $0x7fffffff, %eax
mov %eax, %cr0

mov %edx, (%ecx) //this line still triggers a page fault somehow

or $0x80000000, %eax
mov %eax, %cr0

ret

这是实现我想要做的正确方法吗?如果是这样，为什么在cr0中的位被翻转时仍会触发页面错误?

Is this the correct way to achieve what I am wanting to do? If so, why is a page fault still being triggered with the bit in cr0 flipped?

推荐答案

The Intel 64 and IA-32 Architectures Software Developer's Manual System Programming Guide describes how to disable paging as part the procedure for switching from protected mode back to real mode:

9.9.2切换回实地址模式

处理器从保护模式切换回实地址模式 如果软件清除CR0中的PE位 用MOV CR0指令注册.重新输入的程序 实地址模式应执行以下步骤:

9.9.2 Switching Back to Real-Address Mode

The processor switches from protected mode back to real-address mode if software clears the PE bit in the CR0 register with a MOV CR0 instruction. A procedure that re-enters real-address mode should perform the following steps:

1. 禁用中断. CLI指令禁用可屏蔽的硬件中断. NMI中断可以通过外部电路禁用.

2. 如果启用了分页，请执行以下操作:

1. Disable interrupts. A CLI instruction disables maskable hardware interrupts. NMI interrupts can be disabled with external circuitry.

2. If paging is enabled, perform the following operations:

• 将程序控制权转移到线性映射的地址，线性映射的标识映射到物理地址(即线性 地址等于物理地址).
• 确保GDT和IDT位于身份映射页面中.
• 清除CR0寄存器中的PG位.
• 将0H移入CR3寄存器以刷新TLB.

• Transfer program control to linear addresses that are identity mapped to physical addresses (that is, linear addresses equal physical addresses).
• Insure that the GDT and IDT are in identity mapped pages.
• Clear the PG bit in the CR0 register.
• Move 0H into the CR3 register to flush the TLB.

您似乎错过了最后一步. TLB(转换后备缓冲区)是CPU缓存页表条目的位置，在清除PG位后仍处于活动状态.您需要清除TLB，否则CPU将继续使用它.

It seems you've missed the last step. The TLB (translation lookaside buffer) is where the CPU caches page table entries and is still active after clearing the PG bit. You need to clear the TLB or the CPU will continue to use it.

请注意，您必须在重新设置PG位之前重新加载CR3.另外，由于您的操作非常不寻常，因此您可能会遇到模拟器的错误和兼容性问题.在切换回实模式的过程中，它可能只能正确地禁用分页，因为这可能是唯一经过测试的场景.甚至物理CPU都可能在该区域出现问题.

Note that you'll have to reload CR3 before setting the PG bit again. Also because what you're doing is very unusual you may run into bugs and compatibility problems with your emulator. It may only be able to handle disabling paging correctly as part of the process of switching back to real mode, as that's likely the only scenario where it's been tested. Even physical CPUs may have issues in this area.

这篇关于在x86 32位中禁用分页的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！