I'm doing a bit of operating system development and here's my target. I've enabled paging and want to remove the identity mapping. Previously, I had two mappings, identity map of 0-4M and kernel at virtual address 0xC0000000 mapped to physical address 1M. My bootloader does this before the jump to the kernel and it's the kernel's responsibility to remove the identity map. My stack pointer has value 0x90000 now. My strategy is as follows:
After I enter the kernel, I use recursive page tables to have access (I get their virtual addresses: What happens when you lose the virtual address of the page directory?) to my page directory and all other page tables. Recursive page tables: The last entry of the page directory points to itself.
I want to remap the stack and give it a virtual address. Since 0xFFC00000-0xFFFFFFFF are used by the recursive page technique, I use 0xFFC00000 as the virtual address of the stack, which I map to 0x90000 physical.
I then re-initialize the gdt.
Now the state of my system is this:
(qemu) info registers
EAX=000241a0 EBX=c00019de ECX=00000001 EDX=000241a0
ESI=00008137 EDI=00103800 EBP=ffc00000 ESP=ffc00000
EIP=c00019de EFL=00000087 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
CS =0008 00000000 ffffffff 00cf9a00 DPL=0 CS32 [-R-]
SS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
DS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
FS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
GS =0010 00000000 ffffffff 00cf9300 DPL=0 DS [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT= c0004100 00000027
IDT= 00000000 000003ff
CR0=80000011 CR2=00000000 CR3=0009c000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
DR6=ffff0ff0 DR7=00000400
EFER=0000000000000000
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
stack remapping code:
STACK equ 0xFFC00000
STACK_PHY equ 0x90000
global refresh_stack ;A solution for switching stacks
refresh_stack:
mov ebx,[esp] ;Return address
mov esp,STACK
mov ebp,STACK
jmp ebx
I want to remove identity mapping as such:
void remove_identity_map() //This would remove the 4M identity map
{
if (entry_is_present(_page_directory[0]))
_page_directory[0] = 0; //Unmapping the whole of 4M
flush_tlb();
}
Where flush_tlb:
flush_tlb:
mov eax,cr3
mov cr3,eax
ret
A minimal reproducible example (roughly)
void kmain()
{
set_recursive_map();
refresh_stack();
install_gdt(); //The standard 4 entries Data/Code * User/kernel
remove_identity_map();
.......
.......
}
The place it goes wrong is when I flush_tlb(). If I comment out that line, the code works as expected, but we would be seeing cached copies. However, when I keep it, the system(emulator) restarts from BIOS! (Triple fault???)
Also, I'm using qemu, and after I flush tlb, I've tried for(;;); to use the qemu-monitor to info tlb... It doesn't seem to be flushed. All the entries from before are present..
Where could I be going wrong?
Note: When I was debugging (single-stepping) with gdb, access to address 0xFFC00000 was not possible after I'd flushed the tlb... But that does make sense, I just deleted the page directory entry corresponding to page table 0..
Update: One remapping I haven't done is of video memory! For text mode I'm still accessing 0xB8000. Since my exception handler also prints to screen, this is a sure source of triple fault!!!
Well, looks like I forgot to remap video memory! I was still accessing 0xb8000 for VGA text mode. The reason for the question was that I hadn't identified this access below 1M. If I had, I wouldn't have asked a question ;).
Therefore this can be a good lesson for people looking to remove their identity map after they enable paging: