Vol. 3A 4-1
CHAPTER 4
PAGING
Chapter 3 explains how segmentation converts logical addresses to linear addresses. Paging (or linear-address
translation) is the process of translating linear addresses so that they can be used to access memory or I/O
devices. Paging translates each linear address to a physical address and determines, for each translation, what
accesses to the linear address are allowed (the address’s access rights) and the type of caching used for such
accesses (the address’s memory type).
Intel-64 processors support three different paging modes. These modes are identified and defined in Section 4.1.
Section 4.2 gives an overview of the translation mechanism that is used in all modes. Section 4.3, Section 4.4, and
Section 4.5 discuss the three paging modes in detail.
Section 4.6 details how paging determines and uses access rights. Section 4.7 discusses exceptions that may be
generated by paging (page-fault exceptions). Section 4.8 considers data which the processor writes in response to
linear-address accesses (accessed and dirty flags).
Section 4.9 describes how paging determines the memory types used for accesses to linear addresses. Section
4.10 provides details of how a processor may cache information about linear-address translation. Section 4.11
outlines interactions between paging and certain VMX features. Section 4.12 gives an overview of how paging can
be used to implement virtual memory.
4.1
PAGING MODES AND CONTROL BITS
Paging behavior is controlled by the following control bits:
•
The WP and PG flags in control register CR0 (bit 16 and bit 31, respectively).
•
The PSE, PAE, PGE, PCIDE, SMEP, SMAP, and PKE flags in control register CR4 (bit 4, bit 5, bit 7, bit 17, bit 20,
bit 21, and bit 22, respectively).
•
The LME and NXE flags in the IA32_EFER MSR (bit 8 and bit 11, respectively).
•
The AC flag in the EFLAGS register (bit 18).
Software enables paging by using the MOV to CR0 instruction to set CR0.PG. Before doing so, software should
ensure that control register CR3 contains the physical address of the first paging structure that the processor will
use for linear-address translation (see Section 4.2) and that structure is initialized as desired. See Table 4-3,
Table 4-7, and Table 4-12 for the use of CR3 in the different paging modes.
Section 4.1.1 describes how the values of CR0.PG, CR4.PAE, and IA32_EFER.LME determine whether paging is in
use and, if so, which of three paging modes is in use. Section 4.1.2 explains how to manage these bits to establish
or make changes in paging modes. Section 4.1.3 discusses how CR0.WP, CR4.PSE, CR4.PGE, CR4.PCIDE,
CR4.SMEP, CR4.SMAP, CR4.PKE, and IA32_EFER.NXE modify the operation of the different paging modes.
4.1.1
Three Paging Modes
If CR0.PG = 0, paging is not used. The logical processor treats all linear addresses as if they were physical
addresses. CR4.PAE and IA32_EFER.LME are ignored by the processor, as are CR0.WP, CR4.PSE, CR4.PGE,
CR4.SMEP, CR4.SMAP, and IA32_EFER.NXE.
Paging is enabled if CR0.PG = 1. Paging can be enabled only if protection is enabled (CR0.PE = 1). If paging is
enabled, one of three paging modes is used. The values of CR4.PAE and IA32_EFER.LME determine which paging
mode is used:
•
If CR0.PG = 1 and CR4.PAE = 0, 32-bit paging is used. 32-bit paging is detailed in Section 4.3. 32-bit paging
uses CR0.WP, CR4.PSE, CR4.PGE, CR4.SMEP, and CR4.SMAP as described in Section 4.1.3.
•
If CR0.PG = 1, CR4.PAE = 1, and IA32_EFER.LME = 0, PAE paging is used. PAE paging is detailed in Section
4.4. PAE paging uses CR0.WP, CR4.PGE, CR4.SMEP, CR4.SMAP, and IA32_EFER.NXE as described in Section
4.1.3.