A virtual address identifies a location
in virtual memory. The virtual address space is divided into two ranges: user
space and system space.
User
space is the portion of the virtual address space
into which Windows maps user-mode processes, per-process data, and user-mode dynamic
link libraries (DLLs). Each process has its own context, that is, the code and
data that the process uses. While the process is running, a portion of the
context, called the working set, is resident in memory.
System
space, also called kernel space, is the portion of the address space in which the
operating system and kernel-mode drivers are resident. It is accessible only to
kernel-mode code.
The distinction between user space and
system space is important in maintaining system security. A user-mode thread
can access data only in the context of its own process. It cannot access data
within other process contexts or within the system address space. This
restriction prevents user-mode threads from reading and writing data that
belongs to other processes or to the operating system and drivers, which could
result in security vulnerabilities and possibly even a system crash.
Kernel-mode drivers are trusted by the
operating system and consequently can access both user space and system space. When
a driver routine is called in the context of a user thread, all of the thread’s
data remains in the user-mode address space. The driver can access the
user-space data for the thread—if it takes the necessary security precautions—in
addition to accessing system-space data. The user-mode thread, however, does
not have access to the system-space data of the driver.
The sizes of the system and user address
spaces depend on whether the hardware is 32-bit or 64-bit and on the options
applied to Boot.ini.
Virtual Address Space on 32-bit Hardware
On 32-bit machines, the lower 2 GB of the
virtual address space is user space and the upper 2 GB is reserved as system
space by default. If user-mode applications require additional virtual address
space, an administrator can reserve 3 GB for user space, thus leaving only
1 GB of system space, by applying the /3GB switch to Boot.ini and then
restarting the machine. This switch is also useful during testing to see how a
driver performs with limited system address space. The switch is supported on
Windows Server 2003 (all editions), Windows XP (all versions), Windows 2000
Advanced Server, and Windows 2000 Datacenter Server.
Figure 1 shows how the virtual address
space is organized on 32-bit systems. (The figure is not drawn to scale.)
Figure 1. Layout of virtual address space on
32-bit systems
As the figure shows, the user address
space occupies the lower range of the virtual address space and the system
address space occupies the upper range. By default, both user and system space
are 2 GB. When Windows is started with the /3GB switch, the size of the user
space increases to 3 GB. The remaining 1 GB of virtual address space contains
the system address space. The process page tables and hyperspace remain at the
same addresses, but other components do not. When the system address space is
limited to 1 GB, the maximum sizes of the paged and nonpaged pools are reduced and
less space is available for system page table entries (PTEs) and the file system
cache as well.
The file system cache, which is
implemented in software, is not the same as the processor cache, which is
implemented in hardware. Keep in mind, however, that this limit applies only to
the amount of the cache that is visible at any given time. The system uses all
the physical memory in the machine for caching.
The exact sizes of the paged and nonpaged
pools, PTEs, and file system cache vary widely from release to release.
On the Intel Pentium Pro and later
processors, which support PAE, Windows can support up to 128 GB of physical
memory. PAE provides only additional physical memory and does not increase the
size of the virtual address space. When PAE is enabled, the virtual address
space remains unchanged at 4 GB and the layout of the 2‑GB system space is
largely unchanged.
Operating system support for PAE is
provided by a special version of the Windows kernel, which is named
Ntkrnlpa.exe (single-processor version) or Ntkrpamp.exe (multi-processor
version). In this version of the kernel, PTEs and page directory entries (which
are involved in mapping virtual memory to physical memory) are 64 bits wide. If
the appropriate device and driver support is present, the PAE kernels support
direct I/O for the entire physical address space (including any physical memory
above 4 GB).
Virtual Address Space on 64-bit Hardware
On 64-bit machines, the virtual address
space is 16 terabytes, with 8 terabytes of user space and another 8 terabytes
of system space. The layout is similar to that for 32-bit Windows, except that
the sizes are proportionately larger. As with 32-bit hardware, the sizes vary
from release to release.
Currently, Windows runs on two 64-bit
architectures: Intel Itanium and x64, which includes the AMD64 and the Intel
Extended Memory 64 Technology. On x86 and x64 hardware, the page size is 4 KB.
On Itanium hardware, the page size is 8 KB. Pointers on both Itanium and x64
architectures are 64 bits long.
Types, Constants, and Macros Used in Addressing
Because of the differences between the
x86, x64, and Itanium architectures, drivers should not use hard-coded values
or make assumptions about the page size, pointer size, or address ranges of the
hardware. For example, on 64-bit hardware, a virtual address in which the
highest-order bit is set is not necessarily a system-space address. (The same is
true for 32-bit hardware when Windows is started with the /3GB switch.)
Instead, driver code should always use
the appropriate constants, types, and macros, which are defined in Wdm.h and
Ntddk.h. These include the following:
Constant, type, or macro
|
Usage
|
PVOID (or other
data-specific pointer type)
|
Virtual
addresses
|
PHYSICAL_ADDRESS
|
Physical
addresses
|
PAGE_SIZE
|
Number of bytes
in a page on the current hardware (used in memory allocation)
|
BYTES_TO_PAGES
macro
|
Number of pages
required to hold the input number of bytes on the current hardware
|
ULONG_PTR
|
Variables that
might hold either an address or data of a scalar type
|
PVOID64
|
Pointers on Itanium and x64 hardware only; does not return valid
information on x86 hardware
|
Code that uses these macros and types can
depend on Windows to do the right thing, regardless of the underlying hardware
platform.
Most drivers run on PAE systems without
modification. For PAE compatibility, drivers that perform DMA must use the
system’s DMA routines to ensure that address size issues are handled correctly.
In addition, drivers should not use ULONG, PVOID, or PVOID64 for physical
addresses. On PAE systems, the ULONG and PVOID types are only 32 bits long and
therefore cannot store physical addresses above 4 GB. The PVOID64 type does not
return valid information on the x86 architecture. Instead of using ULONG,
PVOID, or PVOID64, drivers should use ULONG_PTR. Additional limitations apply
for certain device types. For further details, see the Windows DDK, which is
listed in the Resources section at the end of this paper.
Mapping Virtual Memory to Physical Memory
This section provides a brief overview of
how the Windows memory manager maps pages in virtual memory to pages in
physical memory. A general understanding of this mapping is helpful in writing
a driver, but you do not need to understand the details. For a more detailed
explanation, see Inside Windows 2000,
which is listed in the Resources section at the end of this paper.
Every page in virtual memory is listed in
a page table, which in turn identifies the corresponding physical page. The
system and CPU use information from the virtual address to find the correct
entry in the page table for a specific page.
Figure 2 shows how the memory manager maps
virtual memory to physical memory. In the figure, a virtual address points to a
specific location on a virtual page. The virtual address contains a byte offset
and several index values that the system and the CPU use to locate the page
table entry that maps the virtual page into physical memory. After the memory
manager finds the page table entry, it uses the offset to find a byte in
physical memory, which is identified by a physical address.
Figure 2. Mapping Virtual to Physical Memory
The length and layout of a virtual
address depend on the hardware. Virtual addresses on x86 hardware are 32 bits
long and contain two page-table indexes: one is an index into a page directory,
which identifies the page table that maps the virtual address, and the other
index identifies the page table itself. In PAE mode, the address contains a third
index that is 2 bits wide.
Virtual addresses are 48 bits long on x64
hardware and 43 bits long on Itanium hardware, and the number of indexes is
also different. However, on all 64-bit hardware, Windows stores and manipulates
virtual addresses as 64-bit values. Drivers must not rely on the 43-bit and
48-bit internal address lengths (for example, by attempting to encode
additional information in pointers) because Microsoft might change these values
at any time.
0 komentar:
Posting Komentar