Presentation is loading. Please wait.

Presentation is loading. Please wait.

Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure."— Presentation transcript:

1 Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure

2 A need for Diagnostics Upon entering protected-mode, the “rules” change regarding the allowed CPU actions Memory-addresses are computed using a different set of circuitry within the CPU Restrictions are enforced by generating a variety of “exceptions” which interrupt the CPU’s normal fetch-execute cycle We will need to “diagnose” their causes

3 Memory-addresses The first change programmers encounter when the CPU is switched into Protected Mode concerns the way in which the CPU constructs its memory-addresses (i.e., the segment registers play a different role) Some formerly “hidden” aspects of those segment-registers will come to the fore! (Some terminology also gets revised)

4 Real-Mode Addresses segment Logical Address: offset Operand’s effective address Physical Address: + x16 While in Real-Mode, the memory-segments are all 64-kilobytes in size (and readable/writable)

5 Protected-Mode Addresses segment-selector Logical Address: segment-offset Operand’s effective address Physical Address: descriptor Segment Descriptor Table + Segment Base-address (also Segment-Limit and Access Rights) Validity is checked by CPU

6 Segment-Descriptor Format Base[31..24]GD RSVRSV AVLAVL Limit [19..16] P DPLDPL SX C/DC/D R/WR/W ABase[23..16] Base[15..0]Limit[15..0] 6332 31 0 Several instances of this basic ‘segment-descriptor’ data-structure will occur in the Global Descriptor Table (and maybe also in some Local Descriptor Tables)

7 “Hidden” part of segment-registers selectorsegment basesegment limit access rights The programmer-visible part of a segment-register The “invisible” parts of a segment-register

8 Segment-Register “cache” The “hidden” portions of any segment- register will automatically be modified whenever any instruction places a new value in a segment-register’s visible part Examples (some obvious, some not): mov %ax, %ds# new value from a general register pop %es# new value from a word in memory lss tos, %esp# new value from a memory-pointer ljmp$0x07C0, $main# new value from “immediate” data int$0x13# new value from interrupt vector table lret# new value from the stack’s memory

9 Illegal segment-values In Real-Mode, any 16-bit value was ‘legal’ to be loaded into any segment-register But in Protected-Mode, the CPU doesn’t allow certain 16-bit values to be placed in particular segment-registers For example: the selector for a descriptor that isn’t ‘executable’ cannot go into CS, and one that’s legal for CS can’t go in SS

10 Special ‘system’ registers In protected-mode the CPU needs quick access to its important data-structures: –Memory-Segment Descriptors –Interrupt-Gate Descriptors –Call-Gate Descriptors –Task-State Descriptors –Page-Directory and Page-Table Descriptors So special CPU registers exist which are dedicated to locating these crucial items

11 GDT and IDT The two most vital system registers for protected-mode execution are: –GDTR (Global Descriptor Table Register) –IDTR (Interrupt Descriptor Table Register) Each of these is 48-bits wide and contains the base-address and segment-limit for an array of descriptors (the GDT and the IDT) Special instructions allow access to these registers: SGDT/LGDT and SIDT/LIDT

12 48-bit Register-Format Segment Base-Address Segment Limit 4716150 16 bits 32 bits

13 System Relationships descriptor Interrupt Descriptor Table Global Descriptor Table GDTR IDTR

14 LDT and TSS For protected-mode multitasking, the CPU needs to access two other data-structures: –The current Local Descriptor Table (LDT) –The current Task-State Segment (TSS) Again, special registers tell the CPU where to find these data-structures in memory (assuming protected-mode is enabled) And special instructions afford access to them: SLDT/LLDT and STR/LTR

15 Indirection Registers LDTR and TR are like segment- registers: they have a visible part (16-bits) and a “hidden” descriptor-cache part The programmer-visible portion of these two registers holds a “segment-selector” (i.e., an array-index into the GDT array) The hidden portion is updated from the GDT whenever these register get loaded

16 System Relationships Task State Segment descriptor GDTR descriptor Local Descriptor Table descriptor LDTR TR Global Descriptor Table

17 Reading LDTR and TR The LDTR and TR registers are not able to be accessed while executing in real-mode An “Undefined Opcode” exception (INT-6) will be generated if SLDT or STR opcodes are encountered in a “real-mode” program So to obtain the values in these registers, any bootsector program must temporarily enable protected-mode

18 Control Register 0 Register CR0 is the 32-bit version of the MSW register (Machine Status Word) It contains the PE-bit (Protection Enabled) –when PE=0 the CPU is in real-mode –when PE=1 the CPU is in protected-mode PGPG CDCD NWNW AMAM WPWP NENE ETET TSTS EMEM MPMP PEPE Machine Status Word

19 Using the LMSW instruction You can use the LMSW instruction to turn on the PE-bit (enables protected-mode) But you cannot use LMSW to turn off PE (i.e., PE was a “sticky bit” in the 80286) The Intel 80386 processor introduced a new name and enlarged size for the MSW Special version of the ‘MOV’ instruction can either enable or disable the PE-bit

20 How to enter protected-mode This instruction-sequence turns on PE-bit: Warning: you have to do this with interrupts temporarily disabled -- since the real-mode Interrupt Vector Table won’t work any more mov %cr0, %eax# get current machine status bts $0, %eax# set the image of its PE-bit mov %eax, %cr0# now enter protected mode

21 How to leave protected-mode This instruction-sequence turns off PE-bit Warning: you need to make sure that all of the segment-registers have proper access- rights and segment-limits in their caches to function correctly once back in real-mode! mov %cr0, %eax# get current machine status btr $0, %eax# set the image of its PE-bit mov %eax, %cr0# now leave protected mode

22 An observation If we can enter protected-mode, but NOT do anything to alter any segment-register, then we won’t need to construct Tables of Segment-Descriptors The left-over ‘real-mode’ descriptor-values will still be in any segment-register’s cache Let’s pursue this idea in a program ‘demo’

23 Hexadecimal Display To display values in registers or memory locations, we need to convert from binary numbers to character-strings that consist of ascii-codes for hexadecimal numerals Why? Because hexadecimal values are easier for human programmers to grasp and to mentally convert into the actual bit- patterns represented in the computer -- thereby giving us a way to “see” inside it

24 Conversion Algorithm The easiest algorithm to understand uses a “lookup table” for converting ‘nybbles’ to ascii numerals: 0000→ ‘0’ (=0x30) 1010→ ‘A’ (=0x41) 0001→ ‘1’ (=0x31) 1011→ ‘B’ (=0x42) 0010→ ‘2’ (=0x32) 1011→ ‘C’ (=0x43) 1001→ ‘9’ (=0x39) 1111→ ‘F’ (=0x46)

25 Our Lookup-Table algorithm This algorithm converts the lowest ‘nybble’ in AL to a hexadecimal numeral in DL, but it ‘clobbers’ the contents of the BX register #------------------------------------------------------------------------------------------ hexlist:.ascii “0123456789ABCDEF”# array of hex numerals #------------------------------------------------------------------------------------------ # Algorithm assumes DS was already is setup to address ‘hexlist’ mov%al, %bl# copy byte-value from AL into BL and$0x0F, %bx# clear all but lowest 4-bits in BX movhex(%bx), %dl# use BX as array-index for lookup

26 Alternative avoids data-table A clever machine-algorithm (by Tim Lopez) that exploits subtle aspects of some x86 instructions: No lookup-table is required here – just some “immediate data” within the instruction-stream -- but it may take some effort to comprehend! and $0x0F, %al # isolate lowest nybble in AL cmp $10, %al # sets up the carry-flag for SBB sbb $0x69, %al# sets up auxiliary-flag for DAS das # decimal adjustment to result

27 Unmodified segment-registers If you can arrange for your program not to change any segment-registers while PE=1 then your code can safely enter and leave protected-mode without creating GDT/IDT This means you will have to have to make sure no interrupts or exceptions can occur while the PE-bit is set for protected-mode Can use cli and sti to control interrupts Avoid exceptions by doing nothing illegal

28 In-class Exercise The ‘sysregs.s’ bootsector demo-program displays the current value found in the two 48-bit system registers: GDTR and IDTR Your job is to add modifications that demo Modify the ‘sysregs.s’ bootsector program so it will display registers LDTR and TR in addition to displaying GDTR and IDTR Can you enter and leave protected-mode without causing a system “crash”?

Download ppt "Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure."

Similar presentations

Processor Privilege-Levels

Processor Privilege-Levels
Unit 4 Chapter-1 Multitasking. The Task State Segment.

Unit 4 Chapter-1 Multitasking. The Task State Segment.
Intel 80386 MP.

Intel MP.
Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.

Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.
Lecture 6 Machine Code: How the CPU is programmed.

Lecture 6 Machine Code: How the CPU is programmed.
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
Task-Switching How the x86 processor assists with context-switching among multiple program-threads.

Task-Switching How the x86 processor assists with context-switching among multiple program-threads.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.

Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Intel x86’s support for “virtual” memory.
Processor Exceptions A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts.

Processor Exceptions A survey of the x86 exceptions and mechanism for handling faults, traps, and aborts.
Getting Ready to Enter x86 Protected Mode Survival tactics for enabling Protected-Mode with a minimum of supporting infrastructure.

Getting Ready to Enter x86 Protected Mode Survival tactics for enabling Protected-Mode with a minimum of supporting infrastructure.
IA-32 Processor Architecture

IA-32 Processor Architecture
Page-Faults in Linux How can we study the handling of page-fault exceptions?

Page-Faults in Linux How can we study the handling of page-fault exceptions?
Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?

Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.

The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.
Defining protected-mode segment-descriptors An example of a protected-mode bootsector application that draws a message to the video display.

Defining protected-mode segment-descriptors An example of a protected-mode bootsector application that draws a message to the video display.
Processor Privilege-Levels How the x86 processor accomplishes transitions among its four distinct privilege-levels.

Processor Privilege-Levels How the x86 processor accomplishes transitions among its four distinct privilege-levels.

Similar presentations

Ads by Google