Http://www.haogongju.net/art/578426

Orange's implementation of an operating system 3. Protection Mode 2 ---- awareness protection mode B Author: aoysme | Source: blog | 3:11:30 | read 64 times

1. Detailed explanation of gdt (reprinted http://blog.csdn.net/zdwzzu2006/archive/2009/03/27/4030882.aspx)

In protected mode, an important and essential data structure is gdt (Global Descriptor
Table ).
Why does gdt exist? Let's first consider the programming model in real mode:

In real mode, we use the segment: Offset method to access a memory address. The segment is the base address of a segment, and the maximum length of a segment is 64.
KB, which is the maximum length that a 16-bit system can represent. Offset is the offset relative to the segment base address. Base Address + offset is an absolute memory address. From this, we can see that a segment has two factors: Base
Address and limit (the maximum length of segments), and the access to a memory address needs to be pointed out: Which segment is used? And the offset relative to the base address of this segment, this offset should be less than the limit of this segment. Of course, for a 16-bit system, do not specify the limit. The default value is the maximum length of 64 KB, and the 16-bit offset can never be larger than this limit. In actual programming, we use the 16-bit segment register CS (code segment), DS (Data Segment), and SS (stack segment) to specify the segment, the CPU shifts the value in the block memory to 4-bit on the left and places it on the 20-bit address line to form a 20-bit base.
Address.
In the protected mode, the memory management mode is divided into two types: Segment mode and page mode. In this mode, the page mode is also based on the segment mode. That is to say, the memory management mode of protected mode is actually pure segment mode and segment page mode. Further, the segment mode is indispensable, while the page mode is optional-if the page mode is used, it is a segment-page mode; otherwise, it is a pure segment mode.

In this case, we will not consider the page mode. For the segment mode, the segment: Offset method is still used to access a memory address, which is natural. Because protected mode runs on a 32-bit system, the two factors of segment: base address and limit are also 32-bit. The IA-32 allows the base address of a segment to be set to any value that 32-bit can represent (limit can be set to 32-bit to represent, in multiples of 2 ^ 12), rather than real
In mode, the base address of a segment can only be a multiple of 16 (because its low 4-bit is obtained through the left shift operation, it can only be 0, in this way, the 16-bit segment register is used to indicate 20-bit base address), while the limit of a segment can only be a fixed value of 64 KB. In addition, the protected mode, as its name implies, provides a protection mechanism for the segment mode, that is, the descriptor of a segment needs to specify its own access permissions ). Therefore, in protected
In mode, the description of a segment includes three factors: [base address, limit, access], which are put together in a 64-bit long data structure, it is called a segment descriptor. In this case, if we use a 64-bit segment descriptor to reference a segment, we must use a 64-bit long segment memory to mount the segment descriptor. However, to maintain backward compatibility, Intel still sets the CIDR block to 16-bit (although each CIDR Block actually has a 64-bit invisible part, but for programmers, the block memory is 16-bit. Obviously, we cannot directly reference the 64-bit segment descriptor through the 16-bit length block memory.

What should I do? The solution is to put these 64-bit segment descriptors into an array, and indirectly reference the values in the segment register as subscript indexes (in fact, is to set the height of 13 in the segment register
-Bit content as an index ). The global array is gdt. In fact, gdt stores not only segment descriptors, but also other descriptors. They are all 64-bit long and will be discussed later.

Gdt can be placed anywhere in the memory. When a programmer uses a segment register to reference a segment descriptor, the CPU must know the gdt entry, that is, where the base address is located, therefore, Intel designers provide a register GDTR to store the gdt entry address. After the programmer sets the gdt to a location in the memory, you can use the lgdt command to load the gdt entry address into the memory generator. From then on, the CPU will access the gdt according to the content in the memory generator as the gdt entry.

Gdt is the data structure required by protected mode and is unique-no, and there cannot be multiple. In addition, as shown in its Global Descriptor Table, It is globally visible, which is true for any task.

In addition to gdt, IA-32 also allows programmers to build data structures similar to gdt, known as LDT (Local Descriptor Table), but unlike gdt, LDT can exist in multiple systems, and it can be known from the LDT name that LDT is not globally visible. They are only visible to the tasks that reference them, and each task can have up to one LDT. In addition, each LDT itself acts as a segment and its segment descriptor is placed in gdt.

The IA-32 also provides a register ldtr for the LDT entry address, because only one task can be running at any time, so the LDT register also needs only one global. If a task has its own LDT, when it needs to reference its own LDT, it needs to load its LDT segment descriptor into this register through lldt. When the lldt command is different from the lgdt command, the operation of the lgdt command is a 32-bit memory address, which stores a 32-bit gdt entry address, and 16-bit gdt limit. The operand of the lldt command is a 16-bit selector. The main content of this selection is: the index value of the mounted LDT segment descriptor in gdt -- this is the same as the pattern used to Reference segments through the segment memory just discussed.

Ii. 07c00h (reproduced in http://blog.chinaunix.net/u/15262/showart_253979.html)

Ffff0h and 07c00h are the default memory addresses accessed after the machine is started. I was so dizzy that I couldn't figure out the relationship between them. Now, I finally figured it out and wrote it to the blog department to share it with you.

First, you must know that BIOS is the underlying software used to initialize the hardware (and then the operating system). Therefore, the computer must be executed first after it is started. In addition, we all know that the CPU can only execute the content in the memory, while the data in the memory is generally volatile, and the content will disappear after power failure. The engineer's solution is to compile the ROM chip that stores the bios and the memory chip in a unified manner (if you do not understand it, you will understand the principles and interfaces of the microcomputer ). In this way, we can regard the ROM chip that stores the BIOS as data that will never disappear and cannot be changed.

The default cs = ffffh IP = 0000 h after startup. This address is the BIOS address. This memory space is very small, so it cannot accommodate large programs such as the operating system.

Compared with the bios, the operating system has more powerful functions and faster updates, but more space is required, which is usually stored on the hard disk. However, if there is no bios, it will not be available to the hard disk. How can I start the operating system stored in the hard disk? Because of this, the BIOS is automatically executed after the machine is started, so that other hardware devices, including the hard disk, can work ). After the BIOS completes the hardware initialization task, it is necessary to hand over the power to the operating system.

The engineer made a mandatory rule: Go to 07c00h in the memory to find the system boot program, that is, cs = 0000 h IP = 7c00h. In other words, the boot program of any system must be arranged at the beginning of 07c00h, otherwise it cannot be properly guided. After the boot program is complete, we enter
Linux
Windows and other systems.

3. A20 address line

Address redirection

In the early 8086 s, there were only 20 address lines and only 1 MB of address space could be accessed. CPU addressing is performed by segment + offset. The possible range of 16-bit segment and 16-bit offset is 0 ~ 0x10ffef (0xffff0 + 0 xFFFF), that is, the range of 1 m + 65520 bytes. Because there are only 20 address lines ~ During access within the range of 1 m + 65520, "address redirection" will occur, that is, the actual access to 0 ~ 65520. It is said that a famous/notorious software exploits this feature. In 80286,386 and so on
On the CPU, it will fail, because these CPUs have more than 20 address lines, and there is no "address rewind" phenomenon. In order to maintain full compatibility, IBM decided to add a logic to the PC at system to imitate the above bypass features. Their method is to make and an output of A20 and the keyboard controller, so as to control the opening and closing of A20. At the beginning, A20 was blocked (always 0) until the system software opened it.

A20 address lineIn August 1981, IBM initially launched its personal computer ibm pc with an Intel 8088 CPU. In this microcomputer, there are only 20 IP address lines (A0-A19 ). At that time, when the Memory RAM was only several hundred kb or less than 1 MB, the 20 address lines were enough to address the memory. The maximum address it can address is 0 xFFFF: 0 xFFFF, that is
0x10ffef. Addressing addresses that exceed 0x100000 (1 MB) are surrounded by 0x0ffef by default. When IBM introduced the at machine in 1985, it used an Intel 80286 CPU with 24 address lines and a maximum addressing capacity of 16 Mb, and there is a fully compatible real-mode running mode with 8088. However, when the addressing value exceeds 1 MB, it cannot wrap the address addressing like 8088. However, at that time, some programs used this address wrap mechanism to work. To achieve full compatibility, IBM invented the use of a switch to enable or disable
0x100000 address bit. Because the 8042 keyboard controller had an idle Port Pin (output port P2, pin p21.) at that time, the pin was used as the address bit for the door control. This signal is called A20. If it is zero,The bits 20 and above are cleared.. Therefore, compatibility is achieved. Because the A20 address line is disabled by default when the machine is started, the operating system must enable it in an appropriate way. However, it is very troublesome to achieve this because the chips used by various compatible machines are different. Therefore, you must select among several control methods.

A common method to control the A20 signal line is to set the port value of the keyboard controller. Some operating systems enable and disable A20 as part of the standard process of switching between the real mode and the protection mode.
Because the keyboard controller is slow, you cannot use the keyboard controller to operate the A20 line. Therefore, an A20 fast gate A20 option is introduced. It uses I/O port 0x92 to process the A20 signal line, avoiding the use of a slow keyboard controller. For systems without a keyboard controller, only port 0x92 can be used for control, but this port may also be used by other devices compatible with computers (such as display chips, this may cause system errors.
Another way is to enable the A20 signal line by reading the 0xEE port. Writing this port will disable the A20 signal line.

4. gdt and sub-legend Selection

High Address ................................................................................. Low address

; | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
; | 7654321076543210765432107654321076543210765432107654321076543210 | <-8 bytes in total

; | -------- ===========-------- ============ -------- ========== -------- =========|
; When there are too many threads, there are too many threads, too many threads
; Segment 31 .. 24 (SEE) Segment Base Address (23 .. 0) segment limit (15 .. 0) Limit
; Too many other users
; Base address 2 │ ① base address 1B │ base address 1A segment boundaries 1 Limit
; When there are too many threads, there are too many threads, too many threads
; Percent % 6 percent % 5 percent % 4 percent % 3 percent % 2 percent % 1 percent
; When there are too many threads, there are too many threads, too many threads
; │ \_________
; │ \__________________
; │ \________________________________________________

; │ \

; When there are too many threads.
; Listen 7 then 6 then 5 then 4 then 3 then 2 then 1 then 0 then 7 then 6 then 5 then 4 then 3 then 2 then 1 else 0 then

; When there are too many threads.
; Limit g limit D limit 0 limit AVL segment limit 2 (19 .. 16) limit P limit DPL limit s limit Type Limit

; When there are too many threads.
; Comment ③: attribute 2 comment ②: Segment Boundary 2 comment ①: attribute 1 comment

; When there are too many threads.
; High address and low address

;
;

Select Sub-

Cr0

Segment addressing

Gdt

V. descriptor attributes

; │ \_________
; │ \__________________
; │ \________________________________________________

; │ \

; When there are too many threads.
; Listen 7 then 6 then 5 then 4 then 3 then 2 then 1 then 0 then 7 then 6 then 5 then 4 then 3 then 2 then 1 else 0 then

; When there are too many threads.
; Limit g limit D limit 0 limit AVL segment limit 2 (19 .. 16) limit P limit DPL limit s limit Type Limit

; When there are too many threads.
; Comment ③: attribute 2 comment ②: Segment Boundary 2 comment ①: attribute 1 comment

; When there are too many threads.
; High address and low address

1. P bit: bit. p = 1 indicates that the segment exists in the memory; P = 0 indicates that the segment does not exist in the memory.

2. DPL descriptor privileged level. It can be 0, 1, 2, 3. the smaller the number, the larger the privilege level.

3. S bit indicates whether the descriptor is a data segment/code segment descriptor (S = 1) or a system segment/gate Descriptor (S = 0)

4. type descriptor type

Type Value	Data Segment and code segment descriptor	System segment and gate Descriptor
0	Read-Only	<Undefined>
1	Read-only, accessed	286tss available
2	Read/write	LDT
3	Read/write, accessed	Busy 286tss
4	Read-only, downward Scaling	286 call door
5	Read-only, extended down, accessed	Task Gate
6	Read/write, downward Scaling	286 broken doors
7	Read/write, extended down, accessed	286 traps
8	Run only	<Undefined>
9	Run only, accessed	Available ipvtss
A	Execution/read	<Undefined>
B	Executed/read, accessed	Busy javastss
C	Only run, consistent code	386 call door
D	Only executed, consistent code, accessed	<Undefined>
E	Execute/read, consistent code	386 broken doors
F	Execute/read, consistent code, accessed	386 traps

 

5.G bit segment boundary granularity bit. When G = 0 is byte G = 1, it is 4 kb.

6. d/B

In the descriptor describing the executable segment, the D bit determines the address used by the instruction and the default size of the operand. D = 1 indicates that the command uses a 32-bit address and 32-bit or 8-bit operands by default. Such a code segment is also known as a 32-bit code segment; D = 0 indicates that by default, use a 16-bit address and a 16-bit or 8-bit operand. Such a code segment is also known as a 16-bit code segment, which is 80286 compatible. You can use the address size prefix and the operand size prefix to change the default address or operand size respectively.

In the descriptor of the extended data segment, the D bit determines the upper boundary of the segment. D = 1 indicates that the upper boundary of the segment is 4G; D = 0 indicates that the upper boundary of the segment is 64 K, which is compatible with 80286.

In the segment descriptor that describes the SS register addressing, the D-bit determines the stack pointer registers used by the implicit stack access commands (such as the push and pop commands. D = 1 indicates using 32-bit Stack pointer register ESP; D = 0 indicates using 16-bit Stack pointer register sp, Which is 80286 compatible.

7. AVL bit reserved space, which can be used by system software