Yep. I tried all that, even instruction decoding. However it seems that there is no ‘perfect’ solution.
For your information, there is one case specially difficult: try your code on a Centrino.
You will realize that the double-memory-access problem is specially difficult to avoid in these machines.
-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]En nombre de Andy Jung
Enviado el: jueves, 22 de septiembre de 2005 4:53
Para: Windows System Software Devs Interest List
Asunto: Re:[ntdev] There is a problem to work with DTLB in PageFault
Handler.
you could choose a boundary, so when the accessed memory was occured at that
area, I pre-read into DTLB.
however, that could solve all situation, if you wanna solve it more elegant,
you could decode the instuction and then you pre-read that memory into DTLB.
also, the other important technique, you must try to keep the memory with
DTLB as long as possible.
“I?aki Castillo” wrote in message
news:xxxxx@ntdev…
Yes, you might have a problem of cycling failures when you access two pages
at the same time, like in your example.
Actually it may happen whenever you use a double memory access.
By the way, how have you solved this problem, if I can ask ?
Inaki.
-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]En nombre de Andy Jung
Enviado el: mi?rcoles, 21 de septiembre de 2005 4:28
Para: Windows System Software Devs Interest List
Asunto: Re:[ntdev] There is a problem to work with DTLB in PageFault
Handler.
Thanks for your good advice.
that could be, but in that case, the address always accessed aligned 4byte,
so that always accessed within one page, but your advice also could be
happen by a program.
Actually, I could the what was the problem , the problem happen, when the
one instruction access with 2pages on the same time.
for instance, push dword ptr [ebp+0x8].this instruction want to read the
addresss to ebp + 0x8, and write esp. but if ebp 0x12eff0, and esp
0x12f010, it could access two pages.
anyway, I solved that problem, it’ve been working find. :).
Thanks again ,I?aki , for your concerning
Actually, the address my code accessed was stack for the
“I?aki Castillo” wrote in message
news:xxxxx@ntdev…
For starters I can see a failure in your code that could justify the ‘access
violation’ problem you are finding.
The problem is that you read a full DWORD from the involved address to
validate the entry in the TLB. This is wrong because the faulting address
might be in the border of two pages and so you might fault again in the next
page.
To validate the DTLB you MUST read only ONE byte, for example in your code
it would be:
invlpg [ebx]
//memory read
mov cl, BYTE PTR[ebx]
Inaki.
-----Mensaje original-----
De: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]En nombre de Andy Jung
Enviado el: martes, 13 de septiembre de 2005 10:26
Para: Windows System Software Devs Interest List
Asunto: [ntdev] There is a problem to work with DTLB in PageFault
Handler.
I’m implementing the test code to prevent executing the code in the stack in
Windows XP, based on concept of Pax
the code actually, works. but sometimes, it makes the computer stuck.
I assume, because the problem is the capicity of DTLB,
if the DTLB would be full ,after the page-fault handler return to user level
code access-violation occured.
the access-violation will occur again and again…
so, to resolve my assumption, I tried to return the fault code as much as I
can to reduce wasting the entries of DTLB
but it still have the problem which make my computer be stuck.
here is the part of code
… (Page Fault Handler) …
1. change the PTE’s UserSupervisor flag into USER LEVEL
2. Invalide the TLB
3. access memory to load the address into DTLB
4. change the PTE’s UserSupervisor flag into Kernel Level
5. and then almost immediately it return to the USER code which was been
faulted (IRET).
pop eax //pPTE
pop ebx //AccessAddress
//*pPTE |= PT_BIT_US;
mov ecx, [eax]
or ecx, PT_BIT_US
mov [eax], ecx
invlpg [ebx]
//memory read
mov ecx, [ebx]
//
//*pPTE &= ~PT_BIT_US
mov ecx, [eax]
and ecx, ~PT_BIT_US
mov [eax], ecx
//
POP EBP
POP ES
POP DS
POP FS
//
POPFD
POPAD
ADD ESP, 4 //pop Error code
IRETD
Has anyone have similar experience, if there is, how to solve the problem.
do you think my assumption is right ? but I expect the Pentium4 has almost
124 entires of DTLB, so
when I return into the user code, there must be the address in DTLB.
Thanks
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@pandasoftware.es
To unsubscribe send a blank email to xxxxx@lists.osr.com