Where is the Linear Address Space located?

Asked 25/6, 2020 at 23:24 Answered 21/6, 2024 at 14:35

windows assembly x86 memory-address memory-segmentation

I'm reading the intel manual, and I see mentions of "Linear Address Space of the processor".

I'm confused as to where or what the linear address space actually is. Where in the processor is the linear address space?

The Physical Address Space is the actual RAM as I understand. A logical address is a "segment selector" + "offset", and it must be translated to a physical address. If I understand, if paging is not used, the linear address space is effectively the same as a physical address in execution. And I read that every process can have it's own linear address. So if paging is used multiple processes that are in RAM simultaneously can each have their own linear address space with paging.

But I still don't know what the linear address actually IS, or where it is. Is the linear address space, the addresses in an executable file?

Xiphoid answered 25/6, 2020 at 23:24 Comment(3)

I don't know what you mean by "where". It's not a place, it's a concept. – Enthronement 25/6, 2020 at 23:26

By where I meant how it is defined by the processor. Like the page tables for pages, and segment descriptors for segments. How does the processor define "linear address space" I know it doesn't need to represent a physical place in RAM. I see a lot of statements in the manual similar to this: "When a program attempts To ACCESS an ADDRESS LOCATION IN THE linear address space, the processor uses ... to translate the linear address into a physical address and then performs the requested operation on the memory location." "The LOCATION of the first byte of the segment IN THE linear address space" – Xiphoid 26/6, 2020 at 3:38

Linear addresses are located in the linear address space, but the linear address space isn't located anywhere. – Uretic 26/6, 2020 at 5:44

Linear addresses are one step in the translation from seg:off as part of an addressing mode to eventually a physical address. You can't use them directly.

Windows runs with paging enabled, so linear address space = the virtual address space of the current process. Address decoding goes seg:off => linear, then virtual => physical. (More details)

This is why segmentation can't let 32-bit code access more than 4GiB of address space in a single process. (Which also makes sense if you keep in mind that page tables would have to be larger or deeper to translate more virtual bits to physical)

Windows (like very other mainstream x86 OS) uses a flat memory model so the only time the segment base is non-zero is with a segment override for thread-local storage, like mov rax, [gs: 0]. The offset part is 0, but the GS base will be different for every thread in the same process that shares the same linear virtual address space.

If you're not talking about normal Windows executables, e.g. a DOS program running in a virtual-8086 environment, then its seg:off addresses will translate to linear and get used directly as guest-physical addresses, inside the emulated or virtualized guest machine.

You can also do unusual stuff like run 16-bit protected mode processes, in which case linear address space is wider (32-bit I think) than the 16-bit offset part of an addressing mode. In this case non-zero segment bases might well be used if you wanted to address more than 64k of total address space.

Artillery answered 25/6, 2020 at 23:32 Comment(2)

Note that you can run 16 bit protected mode executables as well as real mode executables on some versions of Windows. In those cases, the segment base is frequently not zero. Additionally, nothing stops you from modifying the LDT. – Polacre 26/6, 2020 at 0:13

@fuz: Fair enough, that's maybe a useful way to show what how linear addresses work in other cases than the simple base case of a native Windows 32-bit or 64-bit executable. IDK if that overcomplicates the explanation or helps, though. – Artillery 26/6, 2020 at 1:4

Linear addressing space is actually your physical memory space, when paging is not enabled in X86 processors.

But when paging is done, I think of the linear address space as an address of the memory location that can be addressed by the address bus.

But, This is not an actual Physical memory location in RAM (cause Paging is enabled) and a 2-level page translation is required to locate the memory location in the page frame of the Physical memory space.

Inapproachable answered 31/12, 2021 at 15:40 Comment(1)

With paging enabled, you won't see linear addresses on any external bus. Your 2nd sentence sounds very weird to me. It's one step of translation inside a load or store execution unit. – Artillery 31/12, 2021 at 21:5

All this memory types confusion is there because the hardware core of the CPU is not directly connected to the RAM memory (what we see as physical). When you look at the CPU chip you have to understand that there is more than a CPU in that package.

There is a MMU embedded in that chip and many other hardware nowadays (lots of MSRs for different settings - some CPUs use a MSR for setting the GDT and there is Intel Management Engine that can run microcode on the core without any RAM installed in the system). You can run code as well without any RAM. (I use to do BIOS reverse engineering, and I've tested this - you have only 65k space for doing this, but it works)

The memory that the CPU core can access is physical for that core, but this physical is inside the chip between the CPU core and the MMU or whatever other hardware is between the core and the RAM. From the point of view of the CPU core there will always be the 4Gb of address space to work with. When the CPU core comes out of reset there will be no RAM to access, but this CPU core will see a 4Gb of memory and will run BIOS code from this physical memory space. This is the physical address: the simulated memory at the CPU core data bus inside the CPU package. Think about the CPU core as a chip with physical connections for physical memory, all embedded in the package that we all call CPU. Other hardware in the CPU package like the MMU, can map the RAM, HDD, video card and the rest of the hardware inside the CPU core physical address space. You will never see this physical memory bus of a CPU core unless you smash a CPU package with a hammer

Thibeault answered 21/6, 2024 at 14:35 Comment(2)

Logical (segmented) vs. linear address is a concept that dates back to 8086 which didn't have an MMU. Logical to linear is the first step in address-translation, before paging (if enabled), and before mapping a physical address to DRAM or MMIO or whatever. "The MMU" normally refers to virt->phys, even though modern x86 has other things like MTRRs that can set write-back cacheable vs. uncacheable write-combining for regions of memory. And of course segment base and limit if you're not in 64-bit mode and not using a flat memory model. – Artillery 22/6, 2024 at 4:40

Yes, the 8086 has the "Bus Interface Unit" (20-bit physical address = 1.048.576 maximum physical addresses). The address pins of the CPU package (A0-A19) are multiplexed with data lines D0-D15 but the CPU core was directly working with this pins. Now with modern CPUs this pins are not accessible anymore, are internally connected to MMUs, but the CPU cores have kept the functionality from the 8086, and the addresses that they work with are still called physical. Most people look at the electrical lines between the CPU package and the RAM and they think that those represent the physical address. – Thibeault 22/6, 2024 at 11:58

Recommended topics

Hot tags