Menu
i was writing a kernel driver with the aim to dissect the Linux kernel page tables. I found that, whenever i read the CR3 register,from inside the driver, the contents of CR3 vary each time its read!
Why does this happen? S ince the driver executes in kernel mode, CR3 needs to point to the kernel page directory (right?), then why is CR3 changing every time?
If CR3 keeps changing, how would memory accesses by the driver happen correctly, as intended?
321
Kernel space is strictly reserved for running a privileged operating system kernel, kernel extensions, and most device drivers. In contrast, user space is the memory area where application software and some drivers execute.
User space refers to all of the code in an operating system that lives outside of the kernel. Most Unix-like operating systems (including Linux) come pre-packaged with all kinds of utilities, programming languages, and graphical tools - these are user space applications. We often refer to this as "userland."
The book uses the term "kernel address space" to refer to the partition of the virtual address space that is allocated for the kernel. Recently, Linux and other OSes have implemented page-table isolation (PTI) to mitigate the Meltdown security vulnerability.
Kernel space is where the kernel (i.e., the core of the operating system) executes (i.e., runs) and provides its services.” – Kernel Space Definition, The Linux Information Project 2005. As the quote above states, kernel space is a term used to describe a part of the computer's memory.
As others have mentioned, you are seeing the "pagetable" for the current process. With x86, entering a privilege level lower than 3 does not change the page table. This is why most operating systems reserve sections of the virtual address space for the kernel. The memory in that space is mapped into every process. Memory in the kernel address space can be hidden from user mode code by setting the u/s flag in the page frame to "0". That marks it as "system" memory rather than as user memory.
Changing the page table is usually done after transitioning Kernel mode, which is why kernel memory needs to be part of the process's address space. It wouldn't know where to find it's data structures otherwise. One exception is "systems management mode", which switches address spaces transparently. Howeve this can only occur in response to a "system management interrupt", requires special hardware support from the motherboard, and by design cannot be suppressed by or responded to by the operating system.
Othwise, in protected mode, manipulation of the page table is always done by the OS, after transition into Kernel Mode. That is part of why a "mode switch" is faster than a full context switch.
73
CR3 is the page directory pointer. It will change every time the address space changes at the very least. There is no single "kernel" memory space. In most (all?) memory models the CR3 value you see is going to be specific to the address space context you are in (e.g. which process you are handling a syscall from, etc...).
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
