Compilation Tutorial: Control Transfer (1)

Control transfer can basically be divided into two main categories: control transfer within the same task and control transfer between tasks (task switching). In the same task, the control transfer can be divided into: the transfer between segments, the change of privilege level and the transition between segments. Intra-paragraph transfers are similar to real mode and do not involve privilege-level transformations and task switching. Only inter-segment transfers involve privilege level transformations and task switching. This paper introduces the control transfer under the protection mode, focusing on the privilege level transformation within the task and the switching between tasks.

< a transfer of no privilege level transformations within the task

The transitions in various segments are similar to real mode, and certainly do not involve privilege level transformations and task switching. Only the various forms of segment transfer involve privilege level transformations and task switching.

1. Inter-paragraph transfer instruction

As in real mode, instruction JMP, call, and RET have the function of transferring between segments, and instruction int and iret are always transferred between segments. In addition, interrupts/exceptions will also result in transfer between segments. Sometimes these commands, which have the function of transferring between segments, are collectively referred to as the transfer instruction between segments.

In protected mode, the target location of the transition between segments is represented by the address of the selector and the offset, often referred to as the destination address pointer. In a 32-bit code snippet, the offset in the above pointer uses a 32-bit representation, which is also called a 48-bit full pointer. The 48-bit full pointer is used within the 32-bit code snippet of instance two. In a 16-bit code snippet, the offsets in the above pointers use only 16-bit representations.

Similar to the real mode, the transfer instruction between JMP and the call instruction between paragraphs can be divided into two categories: direct transfer between segments and indirect transfer between segments. If the instruction jmp and call contain the target address pointer directly in the instruction, then there is the direct transfer between segments; If the instruction contains a pointer to a gate descriptor or TSS descriptor that contains the target address pointer, then an indirect transfer between segments, which is only valid for the selection of the child part, indicating the calling door, task door, or The TSS descriptor, and the offset part does not work. In fact, when the transfer instruction between the JMP and the segment call command calls the selection of the pointer to indicate the code snippet descriptor, then there is the direct transfer between segments, the offset part represents the entry point of the target code snippet, and the indirect transfer between segments when the child section is selected to indicate the gate descriptor or TSS descriptor.

2. Steps to transfer to the target code segment

In the process of implementing the transfer instruction above to the target code segment, the processor generally has to go through at least the following steps:

(1) Determining whether the descriptor within the target address pointer is a NULL descriptor. The empty descriptor is the No. 0 descriptor in the GDT and is a special descriptor. The target code snippet descriptor cannot be an empty descriptor, or the 14-bit height of the selected child cannot be 0.

(2) The target code segment descriptor is read from the global or local descriptor table. By selecting the TI bits within the child, the Global descriptor table or the local descriptor list is used.

(3) According to the situation, the detection descriptor type is correct, adjust RPL.

(4) Loading the relevant contents of the target code snippet descriptor into the CS high speed buffer register.

(5) To determine whether the offset within the target address pointer is more than the boundaries of the code segment. The offset within the target address pointer must not exceed the target code segment boundary.

(6) Loading CS segment Register and instruction pointer register eip;cpl into the RPL field of selecting the child in CS.

The above steps are simply a description of the transfer process, and the actual action is complicated. When the relevant content in the target code snippet descriptor is reproduced to the CS cache register, the following protection detection is also performed, where the DPL represents the privileged level of the target code snippet descriptor:

(1) for inconsistent code snippets, require cpl=dpl,rpl<=dpl; for consistent code segments, requiring CPL>=DPL.

(2) The code snippet must exist, that is, the P bit in the descriptor must be 1.

Typically, the descriptor privilege level DPL Sets the privilege level for the corresponding segment. If the descriptor describes a data segment, then DPL sets the outermost privilege level for accessing the data segment, and if the descriptor describes the code snippet, then DPL prescribes the CPL required to execute the code snippet. However, from the above load CS high speed buffer registers the protection detection is visible, for the consistent code segment, but requires CPL>=DPL, that is, the consistent code snippet descriptor in the DPL specified can be transferred to a consistent code segment of the most inner level of privilege. As a result, a Level 3 program can be transferred to any consistent code segment, while a level 0 program allows only to move to a consistent code segment that is equal to DPL equals 0. The consistent code snippet describes the explanation of characters DPL, just as opposed to the normal DPL explanation.

A consistent executable segment is a special segment. This storage segment provides shared support for subroutines that are executed at multiple privilege levels without requiring a change of privilege level. For example, by placing a numerical library routine in a consistent code snippet, you can make programs that execute at different levels share the value library routines. In this way, any privileged program can use an inter-paragraph call instruction, invoke a routine in the library, and execute the routine at the privileged level that the caller has.

3. Transfer of no privilege level transformations within a task

A transfer of a non-privileged transformation in a task means that the current privileged CPL remains unchanged when transferred to a new code snippet. The transfer of the non privilege level transformation in the task can be realized by using the transfer instruction JMP, the call between paragraphs and the return instruction ret between segments. The use of the int instruction and the iret instruction can also realize the transfer of the non privilege level transformation in the task.

(1) jmp or call using direct transfer instruction between segments

When the jmp transfer instruction is executed, if the pointer contained within the instruction indicates a piece of code, start the step above to transfer to the target code segment directly, and if the pointer pointer in the instruction indicates a code snippet, then the return address pointer is pressed on the stack. You can then proceed directly to the steps above to transfer to the target code segment. After the successful passage of these steps (without adjusting the RPL), the transfer of the task without privilege level transformation is completed.

It can be seen that the direct transfer instruction JMP or call instruction may facilitate the transfer of no privilege level transformation within the task, but not the transfer of Privilege level transformation within the task.

(2) using the return instruction between paragraphs RET

When you return instruction ret between segments, if the destination address pointer that pops from the stack indicates a code snippet, and the child conforms to the rpl=cpl condition, the transition step above to the target code snippet begins. After the successful passage of these steps, the task has completed the transfer of no privilege level transformation.

Typically, the return instruction between paragraphs is a call corresponding to the calling instruction between paragraphs. After transferring to a subroutine with no privilege level transformation in the task, the command call between segments is used to return the main program in the form of the non privilege level transformation within the subroutine. Since there is no privilege-level transformation at the time of the call, there is no privilege-level transformation when it returns, and if so, it must be able to satisfy the conditional rpl=cpl.

(3) using the call gate and other channels

How to implement a transfer with no privilege level in the task by using the call gate and other methods is described in later articles.