i was writing a kernel driver with the aim to dissect the Linux kernel page tables. I found that, whenever i read the CR3 register,from inside the driver, the contents of CR3 vary each time its read!
Why does this happen? S ince the driver executes in kernel mode, CR3 needs to point to the kernel page directory (right?), then why is CR3 changing every time?
If CR3 keeps changing, how would memory accesses by the driver happen correctly, as intended?
As others have mentioned, you are seeing the "pagetable" for the current process. With x86, entering a privilege level lower than 3 does not change the page table. This is why most operating systems reserve sections of the virtual address space for the kernel. The memory in that space is mapped into every process. Memory in the kernel address space can be hidden from user mode code by setting the u/s flag in the page frame to "0". That marks it as "system" memory rather than as user memory.
Changing the page table is usually done after transitioning Kernel mode, which is why kernel memory needs to be part of the process's address space. It wouldn't know where to find it's data structures otherwise. One exception is "systems management mode", which switches address spaces transparently. Howeve this can only occur in response to a "system management interrupt", requires special hardware support from the motherboard, and by design cannot be suppressed by or responded to by the operating system.
Othwise, in protected mode, manipulation of the page table is always done by the OS, after transition into Kernel Mode. That is part of why a "mode switch" is faster than a full context switch.
CR3 is the page directory pointer. It will change every time the address space changes at the very least. There is no single "kernel" memory space. In most (all?) memory models the CR3 value you see is going to be specific to the address space context you are in (e.g. which process you are handling a syscall from, etc...).