I'm doing operating system lab on QEMU. I found that read/write is allowed when accessing physical address after paging which is larger than RAM. Is it the same condition on a real x86 machine? Will x32 or x64 cause different results?
Asked
Active
Viewed 272 times
0
-
Sure, physical address space include MMIO, not just the DRAM, and that can be at a higher address than the RAM. (This is typical for systems with under 1GiB; IIRC, MMIO space is typically just below 1GiB). Paging or not is irrelevant (although PAE allows accessing higher physical addresses than without, and x86-64 requires paging.) – Peter Cordes Dec 07 '21 at 15:49
-
@PeterCordes you could probably just copy-paste your comment into an answer. – Marco Bonelli Dec 07 '21 at 18:20
-
@PeterCordes Thanks for answering! So If the physical address is not mapped to DRAM, MMIO etc, can it be accessed? – cyyzero Dec 08 '21 at 00:43
-
I think so, although IDK what value you'd read; probably 0 or -1 or something. (With writes having no effect.) I don't think there's a standard fault for physical addresses, unlike like #GP, #SS, or #PF for certain kinds of bad linear addresses. – Peter Cordes Dec 08 '21 at 03:27
1 Answers
1
The physical address space contains RAM, ROM, memory mapped devices (some PCI and some built into the chipset) and unused space.
An OS can access all of it, including unused space (even though there's no sane reason to deliberately access unused space).
The total amount of physical address space depends on the CPU, and is a "size in bits" (which you can obtain from the CPUID instruction) that ranges from 32 bits to 52 bits, but is often in the 36 to 48 bits range. If you try to use paging to access a "too high, not supported by the CPU" physical address you will get a General Protection Exception (because the "not supported by CPU physical address bits" are treated as reserved and the CPU checks if reserved bits are set in page table entries, etc).
Note that when writing an OS (for modern CPUs) it's easier to assume that physical addresses are 64 bits (regardless of what the CPU supports) and that the physical address space includes a reserved area that can't be accessed (where the size of the reserved area depends on what the CPU supports); as this simplifies code and data structures used for physical memory management (e.g. C has a uint64_t type but nothing has a uint52_t).
I'm doing operating system lab on QEMU. I found that read/write is allowed when accessing physical address after paging which is larger than RAM. Is it the same condition on a real x86 machine?
Yes; both Qemu and real hardware work the same.
Will x32 or x64 cause different results?
The CPU supports several types of paging structures - "plain 32-bit paging", PSE36, PAE (Physical Address Extensions), and long mode. For x32 you can't use long mode paging, but PAE normally has the same layout and the same physical address restrictions (the only case where it doesn't is some Xeon Phi accelerator cards).
If x32 is using "plain 32-bit paging" physical addresses will be restricted to 32 bits; and if it's using PSE36 physical addresses will be restricted to 36 bits.
The other possibility is that x32 isn't using any paging at all. In this case addresses are masked so that only 32 bits can be used (e.g. if you create a segment with a base address of 0xFFFFF000 and "high enough" limit; then use an offset within the segment that's 0x00001000 or more, the result will be masked causing physical addresses to wrap around; like (0xFFFFF000 + 0x00001234) & 0xFFFFFFFF = 0x00000234).
Apart from that, it still works the same (you can still accessed unused parts of the physical address space, there's just less of it, and you might not be able to access all RAM).
Brendan
- 35,656
- 2
- 39
- 66
-
The only thing this answer doesn't have which Martin's answers on [What happens with a processor when it tries to access a nonexistent physical address?](https://stackoverflow.com/q/21820814) has is a mention of what value is actually read (typically all-one bits, 0xFF...). I'm tempted to reopen this and close the older question as a duplicate of this, since you have more detail. Although that question specifies paging disabled, which makes PAE or other ways to access >32-bit phys addresses impossible, thus no #GP exception possible in 32-bit mode with paging disabled. – Peter Cordes Dec 08 '21 at 10:11