EE314 Summer 2003

Summer 2003 Lecture 28 07/29/03

Protected Mode System In , an interrupt number is used to index into the Interrupt Vector table to determine the address of the interrupt service routine. The Interrupt Vector Table is an array of far pointers to the interrupt service routines and is stored beginning at address 0 in memory.

In , the interrupt number is used to select a descriptor from the Interrupt Descriptor Table. The IDTR contains the address of the current interrupt descriptor table, and the interrupt number is used to index into this descriptor table to select a descriptor. The selected descriptor contains the information describing the location of the interrupt service routine.

The descriptors in the interrupt descriptor table are only allowed to be gate descriptors.

Only Interrupt Gates, Trap Gates, and Task Gates are allowed to be in the interrupt descriptor table. The gate descriptor selected by the interrupt number will contain the code segment selector and offset for the entry point of the interrupt service routine.

If the gate descriptor is an Interrupt Gate, the interrupt enable flag will be cleared (turning off) before entry to the ISR.

If the gate is a Trap Gate, the interrupt flag will be left unchanged.

This interrupt flag behavior is the only difference between interrupt gates and trap gates.

If the selected descriptor is a Task gate, a task switch will occur on entry to the interrupt service routine, and the ISR will execute in the context of whatever task is specified by the gate. On return from an ISR entered through a task gate, and task switch back to the original task will occur.

The primary difference between interrupt servicing in protected mode vs. real mode is the vectoring through the IDT via gate descriptors in protected mode, rather than through the interrupt vector table as in real mode.

In the processors that support protected mode operation (‘286 and later) there are many more interrupts used to signal exceptions than in earlier processors. These are use used to signal various kinds of faults that indicate EE314 Summer 2003

error conditions or conditions requiring extra operating system support (such as ).

Gate Descriptors In addition to restricting access to data, the privilege level mechanism is used to restrict access to code as well.

The basic rule is that it is only possible to transfer control (jump or call) to code at the same privilege level as the current privilege level. This prevents code from either inadvertently or intentionally transferring control to arbitrary locations in memory.

The gate mechanism was introduced to allow the operating system to control how control can be transferred between privilege levels.

There are four kinds of gates: · Call Gates, · Interrupt Gates, · Trap Gates, · and Task Gates.

Each of these is defined by a system descriptor. · Descriptors for Interrupt and Trap gates can only appear in the IDT. · Call gate descriptors can only appear in the GDT or LDT, · and Task gate descriptors are allowed in either the GDT, LDT, or IDT.

In general, a gate descriptor specifies the code segment selector and offset of the subroutine that is the target of the gate.

Transferring control through a gate is the only way that control can be transferred to a different privilege level, and the transfer can only occur to a higher privilege level than the current privilege level. This allows the operating system to completely control what entry points can be called from lower level code to higher level code. In this way, operating system code can only be entered at defined entry points specified by the O/S. The O/S can create a gate descriptor for each defined entry point, and have complete control over how it is entered.

Enhanced Programmer’s Model of the Machine The programmer’s model of the machine was expanded to include several new registers to support protected mode operation. Page 582-583 of textbook.

EE314 Summer 2003

FS - new segment register GS - new segment register GDTR - Global Descriptor Table Register. Contains the address of the global descriptor table. LDTR - Local Descriptor Table Register. Contains the address (selector) of the local descriptor table IDTR - Interrupt Descriptor Table Register. Contains the address of the interrupt descriptor table. TR - Task Register. Contains the selector for the current Task State Segment. CR0 - Control Register 0. This contains a number of mode control bits that control the operation of the processor. In particular, the PE (protected mode enable) and PG (paging enable) bits are contained in this register. CR1 - Control Register 1. Not used, reserved for future use. EE314 Summer 2003

CR2 - Control Register 2. Page fault linear address. When a page fault occurs, the linear address that caused the fault is stored in this register. The page fault handler would use this to determine what to do to handle the fault. CR3 - Control Register. This is the paging control register. It contains the PDBR (page directory base register) and various control bits that control operation of the paging mechanism. DR0-3 - Debug address registers. These registers are used to set breakpoint addresses for the four hardware breakpoints. DR4-7 - Debug control registers. These register control the four hardware breakpoints. They specify the breakpoint modes and control operation of the four hardware breakpoints. TR6-7 - Test registers. These registers are used by diagnostic software to test operation of the translation look-aside buffer (TLB) in the hardware.

With the exception of FS and GS, access to all of these new registers is only available through privileged instructions, and so to the application programmer, these registers are not accessible.

Paging

The paging mechanism provides a very flexible was of mapping addresses between a 32 bit logical address space and a 32 bit physical address space. This is primarily used to implement virtual memory systems, but it can also be used in other ways to change the relationship between logical addresses in a program and physical addresses in memory.

In x86 processors, a page is always a 4k (4096) byte chunk of address space. Twelve address bits are used to specify one of 4k locations (212 = 4096), so the low twelve bits of any address specify a location within a page. The upper twenty bits of the 32 bit address are used to select which page is being accessed.

The page management hardware maps the upper twenty bits of a logical address into the upper twenty bits of the corresponding physical address. The lower twelve bits are never mapped.

The x86 paging hardware uses a two level scheme for mapping logical page addresses into physical page addresses.

The root of the page mapping system is the Page Directory Base Register. The PDBR is contained in the upper 20 bits of control register CR3, and specifies the physical address of the Page Directory. EE314 Summer 2003

The Page Directory is an array of 1024 Page Director Entries (PDE). Each PDE is a 32 bit quantity (4 bytes).

The page directory occupies one page of memory. The upper twenty bits of each PDE contains the physical address of a . The lower twelve bits contain status flags and control bits that define the state of the Page Table.

A Page Table, similarly to a page directory, is an array of 1024 Page Table Entries. Each page table entry is, again, four bytes long (32 bits).

Again, each page table occupies a single memory page. The upper twenty bits of the PTE specify the physical address of a memory page, and the lower twelve bits contain status flags and control bits that define the state of the page.

See page 593 in the text for diagrams showing the format and descriptions of the various fields in the page directory and page table entries.

EE314 Summer 2003

The mapping of a logical address into a physical address is accomplished in the following way: · The upper ten bits of the logical address are used to select one of the PDE’s from the page directory. Ten bits are required, as 210 = 1024. The selected PDE specifies a page table. · The next ten bits of the logical address are used to select a PTE from the page table selected by the upper ten bits. This PTE specifies the address of the physical memory page. · The lower twelve bits of the logical address are combined with the upper twenty bits taken from the PTE to form the complete address.

This address mapping mechanism is described graphically on pages 590 and 591 of the text.

Physical Address Generation Using Segmentation and Paging

In x86 processors, a complete memory address always involves a segment and an offset. The segment portion of the address always comes from the current value in some segment register.

In protected mode, segment registers will contain segment selectors. The complete translation of a program address into an actual physical address in memory involves both the translation of the segment-offset pair into a linear (or virtual) address via the segment mechanism, and then the translation of the linear address into a virtual address by the paging mechanism.

The segment selector taken from a segment register is used to index into the appropriate segment descriptor table (as specified by the TI bit in the selector) and select a segment descriptor. The offset is then added to the segment base address field taken from the segment descriptor to yield the linear address. The linear address is then translated to the physical address as described above in the section on paging.

EE314 Summer 2003

Graphically, this appears as follows:

16 bit Selector 32 bit Offset

Descriptor Table

32 bit Base Address +

32 bit Linear Address

10 bits 10 bits 12 bits

Physical Memory Pages Page Page Directory Table

The address of the descriptor table will be specified by either the GDTR or the LDTR. The address of the page directory will be specified by the PDBR in CR3.

EE314 Summer 2003

Switching an X86 Processor Into Protected Mode

Bit 0 of control register CR0 is the protected mode enable bit. When this bit is set, the processor will begin executing in protected mode. When this bit is cleared, it will begin executing in real mode.

Before switching the processor into protected mode, a number of tasks must be completed. · Segment descriptors must be initialized in the global descriptor table, the interrupt descriptor table and the local descriptor table. · If paging is going to be used, a page directory and page tables must have been created and the address of the page directory stored in the page directory base register (PDBR) in CR3. o These tables must be set up so that the code that turns paging on has the same address in both the physical address space and the linear address space. (The pages are identity mapped).

Once these tasks have been accomplished, the protected mode bit and paging bit (if paging is being used) can be turned on. These bits are set by loading a new value with these bits set into CR0.

Interrupts should be turned off while switching into protected mode.

After turning off interrupts, load the GDTR with the address of the global descriptor table, and immediately before enabling protected mode, load the IDTR with the address of the protected mode interrupt descriptor table.

Immediately after enabling protected mode, a NEAR JMP instruction must be executed to flush the instruction pre-fetch queue and remove any potentially invalid real mode instructions from the queue.

Following this, it is necessary to reload the stack pointer and stack segment registers with new protected mode values, and the load the other segment registers with valid protected mode selectors.

Finally, reload the CS register with a valid protected mode value by executing a FAR JMP instruction.

Once this has been done, it is safe to turn interrupts back on, and the machine is then running in protected mode.