Kernel mode transition

Hi there.

Taking your example of the virtual memory manager, it never actually runs in user space. To allocate memory, user mode applications make calls to the Win32 API (NTDLL.DLL as one example) to routines such as VirtualAlloc.

With regards to address translation, here's a summary of how it works (based on the content from Windows Internals 5th Edition).

The VMM uses page tables which the CPU uses to translate virtual addresses to physical addresses. The page tables live in the system space. Each table contains many PTE's (page table entries) which stores the physical address to which a virtual address is mapped. I won't go into too much detail here, but the point is that all of the VMM's work is performed in system space and not in user space.

As for context switching - when a thread running in user space needs to run in the system space, then a context switch will occur. Since the memory manager lives in system space, it's threads never need to make a context switch, since it already lives in the system space.

Apologies for the simplistic explanation, this is quite a complicated topic of discussion in depth. I would highly recommend that you pick up a copy of Windows Internals 5th Edition as this sounds like it would come in handy for you.

Hope this helps. Jas.

Typically, there's 2 parts involved.The MMU(Memory manage unit) which is a hardware component that does the translation from virtual addresses to physical addresses. And the operating system VM subsystem.

The operating system part needs to run in privileged mode (a.k.a. kernel mode) and will set up/change the mapping in the MMU based on the the user space needs.

E.g. to request more (virtual) memory, or map a file into memory, a transition to kernel mode is needed and the VM subsystem can change the mapping of the process.

Around this there's often a ton of tricks to be made - e-g. map the whole address space of the kernel into the user process virtual space, but change its access so the process can't use that memory - this means whenever you transit to kernel mode you don't need to reload the mapping for the kernel.

Hi jas, I agree that VMM's work is performed in the system space. Lets take an example. Lets say a page fault occurs, and the trap handler will call the MmAccessFault method in VMM, whicn runs in the context of the thread that incurred the fault. However, the MmAccessFault method is located in system space and if the processor needs to execute it, the processor needs to be in kernel mode. So, the question is, will the transation happen here just before the method is called? I do have a copy of Windows Internals (4th edition though). Thanks.

Suresh 2009-11-11 21:49:46

Even in case of valid address in page table, since the page table resides in the system space, does swtiching to kernel mode is required since the address translation occurs in the context of the user thread?Similarly, when any component running in kernel mode runs in the context of a user mode thread, does switcing into kernel mode is required just before they start to execute? Thanks.

Suresh 2009-11-11 21:50:19

Admittedly I won't be able to answer your question fully, since the depth to which you require help is a bit beyond my reach. I gave it a go, but perhaps a more knowledgeable Windows expert could help out here.

Jason Evans 2009-11-11 22:10:24

Windows bifurcates memory into two pieces - on 32bit OS's, you have 2G of address space which is per-process and 2G of address space which is mapped in all processes. The code for the kernel is located in that common 2G of RAM (so is the filesystem cache, kernel data, paged pool, non paged pool, etc). The pages for the kernel space are protected by the processor so user mode code can't access that memory. When the page fault occurs, the processor switches to kernel mode and then the pages become accessable. I can go into more detail if you need it, but Windows Internals should cover this.

Larry Osterman 2009-11-12 07:28:35

Thanks Larry. I understand it better now. I'm reading Windows Internals again and will sure post if I get any more questions. Again, thanks for your time.

Suresh 2009-11-13 00:24:03

Do you say whenever any piece of code residing in system space is executed (be it VMM or Thread dispatcher), a transition must be made to kernel mode? Thanks.

Suresh 2009-11-12 00:58:19

Yes. Just be aware that things like translating memory addresses is done by a hardware unit, it does not require code to execute(unless it results in a page fault)

nos 2009-11-12 08:19:42

Ok Thanks. I agree that translating an adress is done by hardware, but it still requires access to page tables which reside in system space right? So, to access the page table, should the processor be switched to kernel mode or this is completely handled by the hardware without the involvement of processor? Thanks.

Suresh 2009-11-12 20:03:14

On x86 processors this is done soly in hardware (unless it can't find a page table entry, in which case a trap is issued - and a kernel transition is needed).

nos 2009-11-12 22:26:21

Thanks. I understand it bwtter now.

Suresh 2009-11-13 00:25:16

ansaurus

tags:

views:

answers:

Kernel mode transition

related questions