CPU Modes and Physical Address
20 Oct 2020Operating System design relies heavily on CPU architecture, so it is important to understand what type of features does a CPU offer. This post discusses different operating modes of Intel x86 CPUs and what a physical address means for a CPU.
CPU Modes
Real Mode vs Protected Mode
Real Mode and Protected Mode are the two main modes of CPU Addressing Modes, which are x86 specific concepts that exists for the sole purpose of backwards compatibility. x86 CPUs switches between Real Mode and Protected Mode during the PC startup process.
Real Mode, also called Real Address Mode, is a legacy operational mode inherited from Intel 8086 processors.
In Real Mode, the processor runs in 16-bit mode and recognizes a 20-bit address space from 0x00000 to 0xfffff that adds up to a maximum of 1MiB of physical memory.
The processor in this mode utilizes two 16-bit registers, the segment register and the offset register, to generate a 20-bit address with the formula of:
Address = (Segment << 4) + Offset
# Example: with Seg=0x1111 and Offset=0x2222, we have address 0x11110 + 0x2222 = 0x13332
For backwards compatibility, all x86 processors start in Real Mode on reset where BIOS is run, and switches to Protected Mode before the Operating System starts. Occasionally, the processor switches back to Real Mode in order to access certain BIOS functionality, although some systems use a Virtual 8086 Mode instead to simulate Real Mode in the scenarios.
Protected Mode (Protected Virtual Address Mode), introduced since Intel 80286, is the main operating mode of modern x86 processors. Protected Mode increases security and stability with added features such as paging, segmentation, virtual memory, privilege levels, and multitasking.
The bit 0 of control register CR0 is dedicated to setting the processor mode, with 0 for real mode and 1 for protected mode.
Kernel Mode vs User Mode
Kernel Mode and User Mode refer to different Privilege Levels. In x86, Privilige Level is implemented with Segmentation. Privilege Level enables the OS to implement features to restrict certain processes from accessing illegal data or executing privileged instructions.
The privilege levels are privilege ring values ranging from 0 to 3, with 0 (Kernel Mode) being the most privileged, and 3 being the least privileged (User Mode). The remaining two levels are unused in most OSes.
Normally, the privilege level in CPU changes between 0 and 3 when a user-mode programming is interrupted (hardware interrupts, faults) or when it requests higher privilege services from the kernel (syscall).
On the CPU level, the lower 2 bits of the CS register (Code Segment) indicates the current execution privilege, also known as Current Privilege Level. CPL together with DPL and RPL, are used to ensure privilige protections.
Comparison
Although both are referred to as CPU Modes, they have many differences. For convenience, we will refer the first ones as Addressing Modes and the latter ones as Privilige Modes.
- Motivation: different addressing modes exist for x86 backwards compatibility, while privilige modes are created for protection;
- Change Frequency: addressing mode change mostly happen in the bootstrap process and are infrequent while privilige mode is updated frequently at user programs when requesting kernel services;
- CPU Indicator: addressing mode is encoded in CR0 register while privilige mode information is stored in CS register;
Physical Address
The definition of physical address is often overlooked. Physical address, or real address, is the conceptual address sent from the processor to the address bus that enables the transfer of bits on data bus between the processor and a memory device.
Memory devices include more than just the main memory, RAM - they can also be ROM (where BIOS is stored), memory mapped I/O devices, etc. To inspect how the memory is mapped in a Linux system:
We emphasized conceptual address in physical address’s explanation because the real world scenario is a little more complex than just sending the physical address down to address bus. The actual address sent on the bus for a physical address depends on CPU specification. AMD, for example, publishes DRAM control logic with respect to the public address (Section 2.10 and 3.5). Intel, on the other hand, doesn’t, and there are attempts (Section 4) to decipher the mystery. Many factors impacts the mapping: thrashing, memory locality, security to name a few. Lastly, to further complicate the mapping, memory holes are ‘dug’ for RAM in address ranges occupied by PCIe devices and ROM.
Throwback to processor modes, real mode produces physical addresses with segment and offset, while protected mode produces virtual addresses that requires further conversion to produce a legal physical address.
Building up from a high-level overview of JOS lab, we have our first dig into JOS in this post. We follow Lab 1 of JOS loosely, with our main goal to explore the PC start up process up until the kernel is loaded.