IA32 Intel 32-bit Architecture

Similar documents
Tutorial 10 Protection Cont.

PROTECTION CHAPTER 4 PROTECTION

MICROPROCESSOR MICROPROCESSOR ARCHITECTURE. Prof. P. C. Patil UOP S.E.COMP (SEM-II)

IA32/Linux Virtual Memory Architecture

iapx Systems Electronic Computers M

Introduction to IA-32. Jo, Heeseung

Hardware and Software Architecture. Chapter 2

INTRODUCTION TO IA-32. Jo, Heeseung

Complex Instruction Set Computer (CISC)

6/17/2011. Introduction. Chapter Objectives Upon completion of this chapter, you will be able to:

Chapter 2: The Microprocessor and its Architecture

MICROPROCESSOR MICROPROCESSOR ARCHITECTURE. Prof. P. C. Patil UOP S.E.COMP (SEM-II)

Lecture 15 Intel Manual, Vol. 1, Chapter 3. Fri, Mar 6, Hampden-Sydney College. The x86 Architecture. Robb T. Koether. Overview of the x86

Basic Execution Environment

Microkernel Construction

Darshan Institute of Engineering & Technology

The x86 Architecture

We can study computer architectures by starting with the basic building blocks. Adders, decoders, multiplexors, flip-flops, registers,...

Microkernel Construction

MOV Move INSTRUCTION SET REFERENCE, A-M. Description. Opcode Instruction 64-Bit Mode. Compat/ Leg Mode

MICROPROCESSOR ALL IN ONE. Prof. P. C. Patil UOP S.E.COMP (SEM-II)

Assembler Programming. Lecture 2

The Microprocessor and its Architecture

Addressing Modes on the x86

Low Level Programming Lecture 2. International Faculty of Engineerig, Technical University of Łódź

Unit 08 Advanced Microprocessor

Machine-level Representation of Programs. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Part I. X86 architecture overview. Secure Operating System Design and Implementation x86 architecture. x86 processor modes. X86 architecture overview

3.6. PAGING (VIRTUAL MEMORY) OVERVIEW

Assembly Language. Lecture 2 - x86 Processor Architecture. Ahmed Sallam

Code segment Stack segment

IA-32 Architecture COE 205. Computer Organization and Assembly Language. Computer Engineering Department

x86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

EXPERIMENT WRITE UP. LEARNING OBJECTIVES: 1. Get hands on experience with Assembly Language Programming 2. Write and debug programs in TASM/MASM

Computer Organization (II) IA-32 Processor Architecture. Pu-Jen Cheng

Computer Processors. Part 2. Components of a Processor. Execution Unit The ALU. Execution Unit. The Brains of the Box. Processors. Execution Unit (EU)

x86 Assembly Tutorial COS 318: Fall 2017

Assembly Language. Lecture 2 x86 Processor Architecture

Moodle WILLINGDON COLLEGE SANGLI (B. SC.-II) Digital Electronics

Scott M. Lewandowski CS295-2: Advanced Topics in Debugging September 21, 1998

SYSC3601 Microprocessor Systems. Unit 2: The Intel 8086 Architecture and Programming Model

Information Security II Prof. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras

EEM336 Microprocessors I. The Microprocessor and Its Architecture

iapx86 Protection Electronic Computers M

Architecture of 8086 Microprocessor

ICS143A: Principles of Operating Systems. Midterm recap, sample questions. Anton Burtsev February, 2017

The Pentium Processor

MICROPROCESSOR TECHNOLOGY

UNIT 2 PROCESSORS ORGANIZATION CONT.

UMBC. contain new IP while 4th and 5th bytes contain CS. CALL BX and CALL [BX] versions also exist. contain displacement added to IP.

The Instruction Set. Chapter 5

CHAPTER 3 BASIC EXECUTION ENVIRONMENT

MODE (mod) FIELD CODES. mod MEMORY MODE: 8-BIT DISPLACEMENT MEMORY MODE: 16- OR 32- BIT DISPLACEMENT REGISTER MODE

CS 16: Assembly Language Programming for the IBM PC and Compatibles

6/20/2011. Introduction. Chapter Objectives Upon completion of this chapter, you will be able to:

Lecture (02) The Microprocessor and Its Architecture By: Dr. Ahmed ElShafee

Introduction to The x86 Microprocessor

Memory Models. Registers

Interfacing Compiler and Hardware. Computer Systems Architecture. Processor Types And Instruction Sets. What Instructions Should A Processor Offer?

Northern India Engineering College, Delhi (GGSIP University) PAPER I

2.5 Address Space. The IBM 6x86 CPU can directly address 64 KBytes of I/O space and 4 GBytes of physical memory (Figure 2-24).

3. Process Management in xv6

Advanced Microprocessors

BOOTSTRAP, PC BIOS, AND IA32 MEMORY MODES. CS124 Operating Systems Winter , Lecture 5

MICROPROCESSOR TECHNOLOGY

Module 3 Instruction Set Architecture (ISA)

EC-333 Microprocessor and Interfacing Techniques

Mechanisms for entering the system

x86 architecture et similia

ADVANCED PROCESSOR ARCHITECTURES AND MEMORY ORGANISATION Lesson-11: 80x86 Architecture

icroprocessor istory of Microprocessor ntel 8086:

COS 318: Operating Systems. Overview. Prof. Margaret Martonosi Computer Science Department Princeton University

CS 31: Intro to Systems ISAs and Assembly. Martin Gagné Swarthmore College February 7, 2017

Dr. Ramesh K. Karne Department of Computer and Information Sciences, Towson University, Towson, MD /12/2014 Slide 1

Protection and System Calls. Otto J. Anshus

X86 Addressing Modes Chapter 3" Review: Instructions to Recognize"

143A: Principles of Operating Systems. Lecture 6: Address translation. Anton Burtsev January, 2017

BASIC INTERRUPT PROCESSING

Assembly Language for Intel-Based Computers, 4 th Edition. Chapter 2: IA-32 Processor Architecture Included elements of the IA-64 bit

Assembly Language for Intel-Based Computers, 4 th Edition. Kip R. Irvine. Chapter 2: IA-32 Processor Architecture

Program controlled semiconductor device (IC) which fetches (from memory), decodes and executes instructions.

Instruction Set Architectures

Lab 2: Introduction to Assembly Language Programming

Operating Systems Engineering Recitation #3 (part 2): Interrupt and Exception Handling on the x86. (heavily) based on MIT 6.

Reverse Engineering II: Basics. Gergely Erdélyi Senior Antivirus Researcher

Chapter 3: Addressing Modes

UMBC. A register, an immediate or a memory address holding the values on. Stores a symbolic name for the memory location that it represents.

Reverse Engineering II: The Basics

143A: Principles of Operating Systems. Lecture 5: Address translation. Anton Burtsev October, 2018

Assembly Language Each statement in an assembly language program consists of four parts or fields.

W4118: interrupt and system call. Junfeng Yang

CS3210: Booting and x86. Taesoo Kim

For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to

16.317: Microprocessor Systems Design I Fall 2013

CS3210: Booting and x86

Chapter 11. Addressing Modes

16-Bit Intel Processor Architecture

Assembly I: Basic Operations. Jin-Soo Kim Computer Systems Laboratory Sungkyunkwan University

Registers. Ray Seyfarth. September 8, Bit Intel Assembly Language c 2011 Ray Seyfarth

CMSC Lecture 03. UMBC, CMSC313, Richard Chang

Transcription:

1 2 IA32 Intel 32-bit Architecture Intel 32-bit Architecture (IA32) 32-bit machine CISC: 32-bit internal and external data bus 32-bit external address bus 8086 general registers extended to 32 bit width EAX, EBX, ECX, EDX, ESP, EBP, ESI, EDI, EIP Expanded code set (32-bit instructions) Many Load + ALU instructions Hardware support for Operating System functions: Task management Virtual memory and paging Local data and protection 3 4 Operating Modes Real Mode Like a fast 8086 Only recognizes 8086 instruction set 16-bit integers and address s 20-bit physical address (can access lowest 1 MB of RAM) All IA32 processors initialize into real mode Protected Mode Uses full 32-bit features Can process new 32-bit instructions 32-bit integers and physical addresses (can access 4 GB of RAM) Hardware support for Operating System functions Windows/Linux/UNIX/OS2 run in protected mode Virtual 86 Creates a virtual 8086 environment as a task Can run multiple V86 tasks at one time DOS window under Windows runs in V86 mode General Purpose Registers AH AL EAX Accumulator BH BL EBX Base CH CL ECX Counter DH DL EDX Data 31 16 15 8 7 0 SP ESP stack pointer BP EBP base pointer SI ESI source index DI EDI index IP EIP instruction pointer 31 16 15 0

5 6 Segment Registers Segmentation in IA32 Protected Mode Segment Registers Segment Shadow Registers Code Segment Selector CS Code Segment Descriptor Data Segment Selector DS Data Segment Descriptor Stack Segment Selector SS Stack Segment Descriptor Extra Segment Selector ES Extra Segment Descriptor Data-F Segment Selector FS Data-F Segment Descriptor Data-G Segment Selector GS Data-G Segment Descriptor 15 0 63 0 New data segment registers: FS, GS Selector Pointer to segment location in memory In Real Mode, Selector = upper 16 bits of physical segment base address In Protected Mode, Selector = index to a Descriptor Table Descriptor Information about the segment Descriptor = Segment base address, Segment Size, Segment Type Segment Register Holds a pointer to a segment Pointer is called a Segment Selector Selector contains an index into a look-up table Descriptor Table is built in Main Memory (RAM) A Descriptor Table may be global or local Table entries are called segment Descriptors Each Descriptor defines one segment Descriptor contains segment base address, segment limit, access rights, and other properties 7 8 linear address + segment base address Segment Address Translation RAM linear address segment base address + descriptor selector Linear Address Space descriptor table Tasks in IA32 Each activity under OS is defined as a Task (process) Each task is allocated a Task State Segment (TSS) Holds information about Task (context) Defines Local (private) Segments for task: Data/Code/Stack Every Task May access (public and unique) Global Descriptor Table (GDT) May access its (private) Local Descriptor Table (LDT) Selector contains Table Indicator (TI) to choose LDT or GDT Index to choose entry (Descriptor) from Descriptor Table TSS1 task1 LDT1 TSS2 GDT task2 LDT2 TSS3 task3 LDT3

9 10 Addressing Table Registers GDT Register (Global Descriptor Table) GDT linear base address GDT limit 31 0 15 0 IDT Register (Interrupt Descriptor Table) IDT linear base address IDT limit 31 0 15 0 LDT Register (Local Descriptor Table) Shadow Register LDT Segment Selector LDT Segment Descriptor 15 0 63 0 TSS Register (Task State Segment) Shadow Register TSS Segment Selector TSS Segment Descriptor 15 0 63 0 Context Switch Enter new Selector in TSS Register CPU saves old context in TSS for old task CPU uses new TSS Selector to fetch new TSS Descriptor TSS Descriptor points to new Task State Segment (TSS) Hardware fetches information from new TSS: Selectors for CS, DS, ES, SS, FS, GS, and LDT Values for EAX EDX, EIP, EDI, ESI, EBP, ESP, Flags Hardware adjusts segment registers: CPU uses LDT Selector to fetch LDT Descriptor LDT Descriptor points to Local Descriptor Table CPU uses CS Selector to fetch CS Descriptor CS Descriptor points to Code Segment CPU uses DS Selector to fetch DS Descriptor DS Descriptor points to Data Segment CPU fetches remaining 4 Segment Descriptors Context for new task is loaded and new task can run 11 12 Selector Format Segment Address Translation Index Table Index (TI) Request Privilege Level (RPL) 16-bit selector 13 bits 1 bit 2 bits 13-bits 1 bit 2 bits index TI RPL 13-bit Index to Descriptor in table 2 13 = 2 3 2 10 = 8 1 K Descriptor table holds 8 K (8192) Descriptors GDT Descriptor Address = Table Base Address + Descriptor Offset Descriptor is 8 bytes in length Descriptor Offset = Index 8 = Index 1000 2 = Selector AND FFF8 LDT 8 K Descriptors/table 8 Bytes/Descriptor = 64 KB/table Table Index TI = 0 for GDT TI = 1 for LDT Request Privilege Level (RPL): used for protection mechanism + Address 32-bit segment base address 32-bit 32-bit linear address 64-bit descriptor

13 Segment Types Segment type is written in segment descriptor Code Segments Program instructions May be fetched as instructions May be local (to a task) or global Data Segments Holds data May be loaded or stored May be local or global System Segments GDT/LDT/IDT/TSS Occupy separate segments No access by user programs 14 Descriptor Format 8 4 4 8 24 16 Base Access Limit Access Base Limit 31... 24 11... 8 19... 16 7... 0 23... 0 15... 0 63 56 55 52 51 48 47 40 39 16 15 0 Access 11 10 9 8 7 6 5 4 3 2 1 0 G D 0 0 P DPL S = 1 TYPE A User Segment G 0 0 0 P DPL S = 0 TYPE System Segment Base: 32-bit segment base address Limit: 20-bit limit Segment Size = [1 + Limit] (4096) G Bytes G= 0 Byte Granularity: 2 20 bytes = 1 MB maximum segment size G= 1 4 KB Granularity: 2 20 4 KB = 4 GB maximum segment size Code Type: D = 0 sets default 16-bit code and 16-bit effective address Required for DOS and runs under Windows D = 1 sets default 32-bit code and 32-bit effective address Runs under Windows 9x/NT/2000/XP and Linux/UNIX Present: P = 1 for segment in memory or P = 0 for swapped-out segment DPL: Descriptor Privilege Level System: S = 0 for system segment or S = 1 for user segment Type: Segment type code Access: A = 0 until segment is accessed; A = 1 after access 15 16 Type Fields for User Segments (S = 1) 3-bit Type Field Code Segment Type = 1 C R C = 1 for Conforming code (protection scheme) R = 1 for Readable Code (MOV AX,CS:EA legal) Data Segment Type = 0 ED W ED = 1 for Expand Down (stack segment) W = 0 for Read-Only segment 8 4 4 8 24 16 Base Access Limit Access Base Limit 31... 24 11... 8 19... 16 7... 0 23... 0 15... 0 63 56 55 52 51 48 47 40 39 16 15 0 Access 11 10 9 8 7 6 5 4 3 2 1 0 G D 0 0 P DPL S = 1 TYPE A User Segment Type Fields for System Segments (S = 0) 4-bit Type Field LDT Segment Type = 0010 Task State Segment Busy task: Type = 1011 Not busy: Type = 1001 8 4 4 8 24 16 Base Access Limit Access Base Limit 31... 24 11... 8 19... 16 7... 0 23... 0 15... 0 63 56 55 52 51 48 47 40 39 16 15 0 Access 11 10 9 8 7 6 5 4 3 2 1 0 G 0 0 0 P DPL S = 0 TYPE System Segment

17 18 Gate Type System Segments (S = 0) Defines indirect access for system calls CPU finds Gate in descriptor table instead of normal descriptor Gate supplies new logical address as SEG:OFFSET 4-bit Type Field Task Gate Type = 0101 Interrupt Gate Type = 0110 Call Gate Type = 1100 Word Count Number of 32-bit words to copy from User Stack to Privileged Stack Privileged Stack user stack reserved for system calls Gate Format 16 8 3 5 16 16 access 0 word count selector Segment Level Memory Protection Access bit 7 bit 6,5 bit 4 bits 3, 2, 1, 0 P DPL S = 0 type 19 20 For every RAM access: Hardware Enforcement Hardware compares and segment limit Access denied if > segment limit Can be no accidental segment overflow Hardware checks segment type Cannot write to a segment defined as code Cannot fetch from a data segment Cannot read, write or fetch from a system segment Access Restrictions by Privilege Every segment has a classification: privilege level required for access Classification is Descriptor Protection Level (DPL) in access field of segment descriptor Every code segment has access rights: privilege level it may access Selector in CS register points to current code segment Current Privilege Level (CPL) = DPL of current CS Instruction in the current code segment cannot: Access data if data segment's DPL < CPL Jump to (or call) a new code segment with DPL < CPL

21 22 Protection Rings Access Rules Ring 0 is for the OS kernel Ring 1 is for less sensitive OS functions Ring 2 is for protected user functions Ring 3 is for user programs CS selector points to Code Segment descriptor Code Segment descriptor has access rights CPL All selectors contain Request Privilege Level (RPL) Usually a copy of the CPL An instruction in current Code Segment can: 1. Access a Data Segment with DPL, 2. Jump to (or call) a new Code Segment with DPL, 0 1 2 3 If DPL max (CPL, RPL) Access Granted Access Denied 0 1 2 3 23 24 The Trojan Horse Problem Paging Address Translation User program denied access to a protected segment (DPL < user CPL). User program passes a pointer (selector) to that segment in a system call. The OS can access the protected segment. user protected data OS call gate The selector has a Request Protection Level (RPL) field. The OS sets RPL = user CPL in the selector (pointer). Access is permitted if and only if DPL max (CPL, RPL). 0 1 2 3 page table directory base directory page byte entry + + page table directory entry page table + page main memory byte page base address page table base address directory base address

25 26 Virtual Address to Physical Address segment shadow register index SEGMENT:OFFSET cache descriptor in CPU descriptor table paging enabled directory page descriptor Linear Base Address + Offset Linear Address paging not enabled Physical Address Linear Address 10 bits 10 bits 12 bits directory page table directory = index into directory (4 bytes per entry) 2 10 =1024 = 1K page table entries per directory 4 bytes per entry 4 KB per directory page table = index into selected page table 4 bytes per entry 4 KB per page table = index (of byte) into selected page 2 12 =4096 = 4K byte per page Linear Address Physical Address Translation Lookaside Buffer (TLB) (address cache) 2 10 page tables 2 10 page/page table 2 12 bytes/page = 2 32 bytes 27 28 Entries in Page Directory and Page Table Translation Lookaside Buffer (TLB) upper 20 bits of page table physical address OS reserved 0 D A 0 U/S R/W P 31 12 11 9 8 7 6 5 4 3 2 1 0 D dirty bit A accessed P = 0 = swapped-out P = 1 = present Segments with DPL = 0,1,2 inherit U/S = 0 (supervisor) Segments with DPL = 3 inherit U/S = 1 (user) Supervisor code has Read/Write permission for User Read/Write permission for Supervisor data pages User code has No access to supervisor data pages Read-only access to data pages with R/W = 0 Read/write access to data pages with R/W = 1 Cache of 32 last accessed linear to physical address translations CPU begins directory/pt/page access in parallel to TLB access If linear address is in TLB, TLB responds first and cancels RAM access TLB catches 98-99% of linear address accesses

29 30 Paging Options in P6 Architecture New flags in processor control registers PSE (page size extensions) Bit 4 of CR4 Enables large page sizes 4 MB pages or 2 MB pages (with PAE flag set) PAE (physical address extension) Bit 5 of CR4 Enables 36-Bit Physical Addressing 32-bit linear address 36-bit physical address Enables 64-Bit Physical Addressing 32-bit linear address 64-bit physical address Status Registers Control Registers CR0: Options CR1: Reserved CR2: Last Page Fault CR3: Directory Base Address EFLAG Registers 31 32 CS:EIP Call Gate Format 16 8 3 5 16 16 access 0 word selector count access byte bit 7 bit 6,5 bits 4,3,2,1,0 P DPL 01100 system call selector CS Shadow Register (CS descriptor) access 0 word count selector call gate GDT System Calls User program makes a system call through a Call Gate Current code jumps or calls to a new CS:EIP in the OS CS selector points to a special descriptor (Call Gate) in the GDT or LDT Call Gate is loaded to CS Shadow Register The hardware: 1. Recognizes the descriptor as a Call Gate 2. Loads the Destination Selector from the Call Gate to CS 3. Loads the Destination Offset from the Call Gate to EIP 4. Copies parameters according to the Word Count 5. System Call runs, with its address hidden from the user

33 34 Interrupt Service Interrupt Handling CS:EIP Instruction INT n IDT Interrupt Gate points to the Interrupt Service Routine (ISR) CS Shadow Register (CS descriptor) access 0 word count selector Instruction INT n is executed. CS:EIP of the next instruction is pushed onto stack. Interrupt Gate at address = IDT base + n 8 loaded to CS Shadow Register. Selector and Offset from Interrupt Gate loaded to CS:EIP CS:EIP is the address of the ISR (interrupt handler) ISR finishes with IRET, which pops the previous CS:EIP interrupt gate access 0 word count selector bit 7 bit 6,5 bits 4,3,2,1,0 P DPL 01110 The Interrupt Descriptor Table (IDT) contains the Interrupt Gates The IDT linear base address and limit is in the IDT register P6 family introduces APIC (Advanced PIC) Message Service 35 36 Hardware Task Creation Task defined by writing a Task State Segment (TSS) TSS holds task context All register values LDT Selector Status Word Other OS information Back link to a previous task TSS descriptor (normal descriptor) placed in GDT or LDT TSS Selector (points to TSS descriptor) written in Task Gate Task Gate placed into GDT, LDT, or IDT TSS Contents back link stacks and stack pointers for CPL = 0, 1, 2 task switch to higher privilege level causes switch to a separate stack CR3 EIP EFLAGS EAX, ECX, EBX, EDX ESP, EBP, ESI, EDI ES, CS, SS, DS, FS, GS LDT Selector OS specific information

37 38 Task Gate Task Switching by Jump access 0 word count selector bit 7 bit 6,5 bits 4,3,2,1,0 P DPL 00101 CS:EIP JMP selector CS Shadow Register (CS descriptor) access 0 word count selector task gate GDT TSS descriptor TSS Register TSS Shadow Register All CPU Registers Task Context TSS 39 40 Task Switching by Jump No nesting back link not set Current code executes JMP to CS:EIP CS selector points to Task Gate in GDT or LDT Descriptor (Task Gate) loaded to CS Shadow Register Hardware Recognizes descriptor as Task Gate Copies context of current task to its TSS Loads Destination Selector from Task Gate to TSS Register Selector in TSS Register points to TSS descriptor Loads TSS descriptor to TSS Shadow Register Loads new context from new TSS Runs new task from CS:EIP from new task context Task Switching by Call Instruction Current code executes CALL to CS:EIP Pushes CS:EIP of next instruction onto stack CS selector points to Task Gate in GDT or LDT Descriptor (Task Gate) loaded to CS Shadow Register Hardware Recognizes descriptor as Task Gate Copies context of current task to its TSS Makes temporary copy of current TSS Register Loads Destination Selector to TSS Register Selector in TSS Register points to TSS descriptor Loads TSS descriptor to TSS Shadow Register Loads context from new TSS to run called task Writes old TSS Selector into back link of new TSS

41 42 Task Switching by Call Instruction Called task ends with an IRET instruction (or preemption) The hardware Copies context of new task to TSS Loads back link into TSS Register Selector in TSS Register points to previous TSS descriptor Loads previous TSS descriptor to TSS Shadow Register Loads context from previous TSS to restore previous task New Instructions for IA32 Instruction Description ARPL r/m16,r16 Adjust RPL of r/m16 to not less than RPL of r16 LAR r16,r/m16 Load Access Rights: r16 r/m16 masked by FF00H LSL r16,r/m16 Load: r16 segment limit, selector r/m16 LSL r32,r/m32 Load: r32 segment limit, selector r/m32 SGDT, SIDT m Store GDTR to m, Store IDTR to m SLDT r/m16 Stores segment selector from LDTR in r/m16 STR r/m16 Stores segment selector from Task Register in r/m16 VERR r/m16 Set ZF=1 if segment specified with r/m16 can be read VERW r/m16 Set ZF=1 if segment specified with r/m16 can be written CLTS Clears Task Switch flag in CR0 LGDT m16&32 Load m into GDTR LIDT m16&32 Load m into IDTR LLDT r/m16 Load segment selector r/m16 into LDTR LTR r/m16 Load r/m16 into task register r = register m = memory pointer 16/32 = length in bits r16={ax, CX, DX, BX, SP, BP, SI, DI} r32={eax, ECX, EDX, EBX, ESP, EBP, ESI, EDI} 43 44 Real Mode Start up mode for every Intel IA 32 processor Processor runs as very fast 8086 Can access only lowest 1 MB of memory OS boot code (BIOS) must be in low memory Uses protected mode hardware in a special way Shadow Registers On Selector load, build pseudo-descriptor: Load Base Address field with Selector 10h Load Limit with FFFFh Load CS Access word with G D 0 0 P DPL S CODE C R A 0 0 0 0 1 00 1 1 0 1 1 Load DS Access word with G 0 0 0 P DPL S CODE ED W A 0 0 0 0 1 00 1 0 0 1 1 SS, ES, FS, GS created as data segments

45 46 Before Switching To Protected Mode Build a GDT At least one Data Segment At least one Code Segment Convert 8086 ISR vectors to IA-32 IDT Build a TSS for OS scheduler Put Task Gate for TSS into GDT Build Page Tables and Directory Linear Address = Physical Addresses Write Directory Physical Address into TSS Entering Protected Mode Set flag PE to enter protected mode JMP to Task Gate in GDT Loads Task Register Selector points to TSS Descriptor CPU loads scheduler context from TSS Set flag PG to enable Paging (optional) OS scheduler is running in Protected Mode with paging Can create new processes by writing TSSs and GDT entries Load GDT register and IDT register 47 48 Virtual 86 Mode Create TSS for VM86 task Clear flag PE (protected mode off real mode) Pseudo-Descriptors (real mode type) Can access 1 MB of address space Programs run as in 8086 Set flag PG (Paging Enabled) 8086 20-bit addresses get re-mapped All VM86 processes same address space 00000h to FFFFFh Separate Page Table Directory for each VM86 task 20-bit address space re-mapped to individual 32-bit locations Use of IA32 Resources Under Linux Hardware/Software issues Most Linux code Written in C Compiled for platform independence PC-specific aspects of Linux source code located in arch/i386 Principal Linux strategies with IA32 Ignore hardware segmentation Migration away from hardware task management Full use of hardware paging

49 50 IA32 Segmentation in Linux Linux prefers a flat 4 GB memory space Create a pseudo-flat address space: Linux writes 4 normal segment descriptors in GDT Code Segment for kernel mode, with DPL = 0 Data Segment for kernel mode, with DPL = 0 User Code Segment, with DPL = 3 User Data Segment, with DPL = 3 Each descriptor points to entire address range 00 00 00 00 to FF FF FF FF Each base address = 00 00 00 00 Each segment limit = F FF FF with granularity G = 1 Each segment size is 4 GB Task Management in Linux Early Linux kernel For every task, two system segment descriptors TSS segment descriptor LDT descriptor Hardware-based task switching Uses TSS Register pointing to TSS Descriptor to load context from TSS Places TSS Selector directly into TSS Register Does not use Task Gate mechanism 51 52 Task Management in Linux 2.2 For each task LDT descriptor TSS segment descriptor Only 4090 processes may be created: GDT has room for 8192 entries (8192 8 = 64 KB) 12 entries required for user and system segment descriptors 2 entries are created for every task: (8192-12) / 2 = 4090 Task Management in Linux 2.4 Software-based task switching Does not use IA32 tasks for process creation Defines tasks in UNIX-style task PID tables (no limit on task number) Does not write TSS segment descriptors in the GDT Only defines an LDT if the task requires one Does not use the Task Gate mechanism Performs UNIX-style software-based context switching

53 54 Paging in Linux Linux uses the full paging mechanism of IA32 Maintains page tables, using a different directory base address (CR3) for each task Address compatibility with 64-bit architectures Defines a "middle directory" On 64-bit machines Linear address divided into 3 table fields and 1 field On IA32 machines Middle directory field has 0-length (entry points to page table) Kernel code and data are never swapped out Begin at 2 nd megabyte Physical base address 00 10 00 00 New instruction encoding for IA-32 Instruction Types Instruction prefix changes width of default instruction Code Type Operand Width Address Width 16-bit code 16 bits 32 bits 16 bits 32 bits No Prefix 0x66 No Prefix 0x67 32-bit code No Prefix 0x66 No Prefix 0x67 32-bits 16 bits 32-bits 16 bits Example for 16-bit code With prefix 66B844332211 Without prefix B844332211 dl,[bx+di] mov eax,0x11223344 B84433 mov ax,0x1122 1122 and 55 56 New instruction encoding for IA-32 Addressing Modes Intel 80386 Microprocessor Flexible addressing in IA-32 Example of legal address on 386 mov eax,[eax+4*edi+11223344h] On Pentium family processors, index = 1, 2, 3, 4, 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback