How to check out "TSEGMB" and "TOLUD"?

0

■ Origin of question Why does address range 0xC0000000 ~ 0xFFFFFFFF always give 0x00 or 0xFF after switching to protected mode before enabling paging?

■ Observed phenomenon

  • All physical memory values ranging from 0xC0000000 to 0xFFFFFFFF are printed 0x00 if executed by QEMU.
  • All physical memory values ranging from 0xC0000000 to 0xFFFFFFFF are printed 0xFF if executed by real hardware through legacy booting.

■ Conditions

  • CPU : i7-8700K (8th generation)
  • RAM : 32.0GB

  • Mode : Protected Mode

  • Paging : not enabled (switched to protected mode using cr0)

■ Answers given from last related question

  • The physical memory addresses ranging from 0xC0000000 to 0xFFFFFFFF are related to "Memory Mapped PCI Devices". Answer given by "Michael Petch". (in case of my hardware which is i7-8700K (8th generation))

  • The memory range for PCIe config space is in that area (on real hardware; perhaps not in qemu). Can find the exact address range for it in the ACPI MCFG table. Answer given by "prl".

Thanks to "Michael Petch" and "prl", I've googled further with the given answer for a while.

And conclusion is as below.

■ Comprehension

  • The physical memory addresses ranging from 0xC0000000 to 0xFFFFFFFF are above "Main Memory Range (= CPU Visible/Accessible Range)". (in case of my hardware which is i7-8700K (8th generation))
  • PCI Memory Mapped I/O Range is "a portion" of the memory range above "Main Memory Range". The memory range above "Main Memory Range" is also called "PCI Hole".
  • The physical memory address 0xC0000000 is TSEG_BASE/TSEGMB (Top of main memory SEGment Memory Base) or TOLUD (TOp of Low Usable Dram). (in case of my hardware which is i7-8700K (8th generation))

■ Attempt

  • To make sure my understanding is correct, check out my hardware's TSEGMB and TOLUD.
  • Therefore, I have tried to check out TSEGMB through Config Access Mechanism (CAM) using "in" and "out" assembly instruction (NASM).
  • By setting Bus, Device, Function, Register Offset (= 0xB8 according to Intel 8th gen datasheet), I've received 0x00000000 in eax.

■ Code

mov     ax, 8000h
or      al, byte 0x00
shl     eax, 16

mov     ax, word 0x0000
shl     ax, 11
mov     al, byte 0x00
or      ah, al
mov     al, byte 0xB8

cli
mov     dx, 0CF8h
out     dx, eax

mov     dx, 0CFCh
in      eax, dx
sti

■ Questions

  1. Is my comprehension correct?
  2. What is wrong with Config Access Mechanism code?
  3. Is there any simpler way to check out TSEGMB and TOLUD? (Something like Device Manager or FirmwareTablesView.)

■ References

Intel Main Memory Address Range

https://resources.infosecinstitute.com/system-address-map-initialization-in-x86x64-architecture-part-1-pci-based-systems/#gref

PCI Hole Wiki

TSEG 1

TSEG 2

memory
pci
asked on Stack Overflow Jul 11, 2019 by YoonSeok OH • edited Jul 11, 2019 by YoonSeok OH

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0