OSDev.org

iman wrote:Hi.

I have some misconceptions in using physical memory allocator to be used in virtual memory allocation and paging.

The code for the physical memory allocator resides in kernel (below 1 MB) and would be mapped to every process address space, but the physical address that the allocator assigns as 4KB frames of memory is in the range of 0x01000000 to 0xC0000000. It does not matter who is asking for a frame of memory, it only passes a void* to address a 4KB memory block somewhere in this range.

Here comes the mixing up of concepts.
- You turn on paging after you've set up your initial page directory and identically mapped your kernel and passed the address to cr3 register.
- Every time you create a new process, you will need a page_directory and possibly page_table to be allocated by your physical allocator. By the time you call your allocator and it wants to access an address in the range of 0x01000000 to 0xC0000000, there will be a page fault and it has to be mapped. Additionally, if the process itself internally calls for memory, once again physical memory allocator faces a page fault.

In principle, in this design, will you get a page fault whenever your physical memory manager (or allocator) gets called?

Best.
Iman.

thewrongchristian wrote:You get page faults when a page isn't mapped. If you've already identity mapped your kernel, it shouldn't, therefore, page fault. When you create your new page table, make sure you set up the shared kernel mappings in it before switching to it.

#define PHYS_MEM_BASE 0xA0000000 //for instance
void* alloc_phys_frame(void)
{
    return (void*)(PHYS_MEM_BASE + next_free_frame);
}

#include <inttypes.h>
#if defined CONFIG_PAE || defined __x86_64__
typedef uint64_t phys_addr_t;
#else
typedef uint32_t phys_addr_t;
#endif

iman wrote:- You turn on paging after you've set up your initial page directory and identically mapped your kernel and passed the address to cr3 register.

iman wrote:- Every time you create a new process, you will need a page_directory and possibly page_table to be allocated by your physical allocator. By the time you call your allocator and it wants to access an address in the range of 0x01000000 to 0xC0000000, there will be a page fault and it has to be mapped. Additionally, if the process itself internally calls for memory, once again physical memory allocator faces a page fault.

nullplan wrote:... It is the corresponding virtual address which is a pointer and can be dereferenced, but not the physical address. In particular, further statements from you indicate you are in 32-bit mode, in which physical addresses don't even need to have the same size as virtual ones. So I have a special type for this, but you probably want something like this:

Code: Select all

#include <inttypes.h>
#if defined CONFIG_PAE || defined __x86_64__
typedef uint64_t phys_addr_t;
#else
typedef uint32_t phys_addr_t;
#endif

And then exclusively use that type when referring to physical addresses.

nullplan wrote:

iman wrote:- You turn on paging after you've set up your initial page directory and identically mapped your kernel and passed the address to cr3 register.

Yes, that is also something I first had to learn. You can use a temporary environment. Allocate some memory to house the initial page directory and page tables, create a linear map of kernel memory, and activate paging. Now what? Now you are stuck with a linear mapping of kernel memory to the higher half. You can create new paging structures and switch to those instead. As long as they contain the same linear map (that is, a "mov cr3,xxx" instruction must always be at an address that translates to the same physical address in both the old and new address spaces. Turning on paging is merely a special case of this, where the old address space is "identity map everything").
...[
And this is where we get into territory where I changed my mind, but it doesn't really matter to me. I saw that the Linux kernel will just linearly map a lot of memory (like 768MB, which is most of the 1GB the kernel reserves for itself) to the 3GB line. I used to think this was a hack, but it is actually really clever. It allows the kernel to always look at all physical memory below a certain line, and it keeps complexity in check. Now, you can only deal with 768 MB of RAM with this approach, but that is justifiable, given that these days, you either have a lot of RAM and a 64-bit machine, or little RAM and a 32-bit machine. Little RAM and 64-bits might happen as well, but lots of RAM and 32-bits is a combination not really seen in the wild anymore. And yes, 768MB of memory is still plenty, especially for a hobby OS. And the reason it isn't 1 GB is because you also need to map I/O memory somewhere.

nullplan wrote: The "hack" part I changed my mind about is this: This model means you must hardcode the location your kernel will be loaded to into the linker script, because that plus 3GB is where the kernel will end up being mapped. And it always bothered me to do it this way. Ideally, with virtual addressing, it shouldn't matter where the binary is located in physical memory, or even if it is contiguous. But in 32-bit mode, there is simply no space for a linear mapping and an additional "correct" kernel mapping. And doing this the "proper" way means adding temporary mappings to kernel space, where you end up mapping in a physical page for a short time, changing something, mapping it out again, and so forth. Which ends up complicating all memory management from the PMM down, and once multiple CPUs get into the mix you start tearing your hair out.

thewrongchristian wrote:once I decided to move my kernel boundary to 0xf0000000,

thewrongchristian wrote:What's wrong with temporary mappings?

reapersms wrote:That won't page fault unless you actually dereference the pointer you constructed

nullplan wrote:And I keep telling people that physical addresses are not pointers. This is why.

nullplan wrote:BTW, did you know that it is undefined behavior in C to be having any single object on a 32-bit system that is larger than 2GB? Because that means that pointer differences within that object no longer work.

nullplan wrote:Since they are no longer always mapped in, you have to map in the PDT, find the PT, map out the PDT, map in the PT, mark the PT as not present, map out the PT.

nullplan wrote:But when you remove or change a mapping, now you have to do a TLB shootdown (and with temporary mappings, you have to remove mappings as often as you add them).

nullplan wrote:Do I add a timeout to the process? That would leave the possibility that one CPU was somehow blocked for too long and didn't get the shootdown request, and is still accessing the wrong memory. Leading to fun times debugging the issue.

nullplan wrote:If I end up changing the virtual memory of a process with multiple threads, I can simply tell the other CPUs to schedule a new process once I am done.

nullplan wrote:It is just fire-and-forget.

Octocontrabass wrote:Taking the difference between two pointers to such a large object is undefined, but I don't see any reason why other operations wouldn't work.

Octocontrabass wrote:I haven't tried it myself, but I have wondered if it's possible to map the page tables all the time specifically for situations like this. Page tables are relatively small, so there might be enough virtual address space to make it work.

Octocontrabass wrote:The VMware hypervisor panics if not all CPUs respond to a TLB shootdown before the timeout.

Octocontrabass wrote:Huh, that's really clever. What happens if there are no other processes available to be scheduled?

Octocontrabass wrote:As long as you ensure the TLB and paging structure caches have been flushed before you reuse the memory.

nullplan wrote:

thewrongchristian wrote:once I decided to move my kernel boundary to 0xf0000000,

Why would you do that? BTW, did you know that it is undefined behavior in C to be having any single object on a 32-bit system that is larger than 2GB? Because that means that pointer differences within that object no longer work. Giving userspace this much virtual memory only means it can violate this rule more often.

nullplan wrote:

thewrongchristian wrote:What's wrong with temporary mappings?

The added complexity. I am sharing as much as possible of the paging structures on the kernel side. With 32-bit PAE paging, this would mean the kernel-side PDP is the same in all threads (on 64-bit, it means the second half of the PML4T is copied to be the same everywhere). Any change of the kernel memory mapping table must therefore be synchronized. So, anything that touches on kernel-VM must grab a spinlock. With temporary mappings, you end up having to do that for a whole lot of things you didn't in the past. Example: Examining a foreign paging structure. People love to use recursive page tables to examine their own structures, but when you have identified a memory block to be swapped out, the whole point of that is that the memory block is in possession of another process. So you end up having to mark those page table entries as "not present". Since they are no longer always mapped in, you have to map in the PDT, find the PT, map out the PDT, map in the PT, mark the PT as not present, map out the PT.

nullplan wrote: But that is not the worst of it. The worst is when multiple CPUs get into the mix. Now when you add a kernel-side mapping, you actually don't have to do anything. The mapping will propagate to the other CPUs with page faults. But when you remove or change a mapping, now you have to do a TLB shootdown (and with temporary mappings, you have to remove mappings as often as you add them). So you have to send IPIs to all other CPUs and make them invalidate a TLB, and then you have to wait for all of them to actually do that, and if you thought a spinlock was a bottleneck, try looking at CPU barriers. These things also don't scale. The current threadripper has 128 threads or so. How long am I supposed to wait for? And then there is the thorny issue of timeouts. Do I add a timeout to the process? That would leave the possibility that one CPU was somehow blocked for too long and didn't get the shootdown request, and is still accessing the wrong memory. Leading to fun times debugging the issue.

nullplan wrote: Or, you could just avoid all of this, and map all memory linearly to the start of kernel space. Now TLB shootdowns are no longer necessary. If I end up changing the virtual memory of a process with multiple threads, I can simply tell the other CPUs to schedule a new process once I am done. Userspace mappings are not global, so they will be flushed out of the TLB once scheduling happens. And for the schedule IPI, I don't need any additional memory or any synchronization. It is just fire-and-forget.

nullplan wrote:When I suggested to also stop the loop on overflow, that was rejected by saying that such large objects are generally undefined. Musl's allocator also prohibits allocating anything larger than PTRDIFF_MAX for the same reason.

nullplan wrote:But user memory can only be accessed while interrupts are enabled, so those fire-and-forget IPIs will either immediately interrupt anything that might access user memory, or will do so once interrupts are re-enabled when the CPU is finished doing whatever as the interrupts are disabled. Even if there are still TLBs open on other processors when the memory is reused, the TLB flush will happen before they could be used.