Consistent code snippets and non-uniform code snippets

The computer is actually a very complicated system when I write my own operating system recently. It contains a lot of historical issues that make people feel very obscure. See an article on CSDN on consistent code snippets and non-uniform snippets, very good, collectible.

Original link: http://blog.csdn.net/feijj2002_/article/details/4597174

This definition occurs because the system is secure: the kernel is to be separated from the user program. The kernel must be secure. Cannot be interfered by the user program. But sometimes the user program also needs to read some of the kernel's data, what to do? The operating system introduces a mechanism to access the privilege level (0-3).

These privilege levels are represented by three symbols CPL/DPL/RPL:

1. Cpl is a deposit register such as CS,
2. RPL is the code in accordance with different segments of the jump to determine, to dynamically refresh the CPL in CS.
3. DPL is static in the Gdt/ldt descriptor table.

The data and code in x86 are stored in segments: [Each segment descriptor in the Section],gtl/ldt is set with a different privileged-level DPL. The program moves back and forth between segments by selecting child/Gate calls and so on. Implements user-level and system-level call jumps. As with the segment descriptor in the GDT, each selector/Gate call selector in the CPU register is hierarchical: This is in the structure of the selector: RPL (last 2 bits)

The invocation's selector and the called segment are graded. So what are the rules for these levels to jump through when calling?

Let's take a look at the relevant definition of the segment descriptor. The segment descriptor has a total of eight bytes, which represents the fifth byte of the segment attribute what you mean:

7  6 5  4  3...0P  DPL S  TYPE

which

P: There is a bit for persent. 1 indicates that the segment exists in memory,and 0 indicates that the segment does not exist in memory.

DPL (Decsriptor Privilege level): Segment privilege class. 0-3.

S represents the type of descriptor. 1 data segment and code snippet descriptor; 0 System segment Descriptor and gate descriptor. 4 bits cases in type when S=1:

3 2 1 0
Execute bit-consistent bit read-write bit access bit

Execution bit: 1 indicates executable, 0 means not executable;
Consistent bit: 1 indicates a consistent code segment, 0 is a non-uniform code segment;
Read/write bit: 1 indicates readable and writable, 0 indicates read-only;
Access bit: 1 indicates no access, 0 is not accessed.

So the consistent code snippet and the non-uniform code fragment means that the consistent bit is set to 1, 1 is the consistent code segment, and 0 is the non-Uniform code segment.

Consistent code snippet:

The simple understanding is that the operating system is taken out of the shared code snippet, which can be accessed directly by users of the lower privileged level. Typically these shared codes are "not access" protected resources and certain types of exception handling. For example, some mathematical function libraries, for purely mathematical calculations, are used as a consistent code segment.

The limitations of a consistent code snippet:

1. Highly privileged programs do not allow access to low-privileged data: The kernel state does not allow the invocation of user-state data.
2. Programs with low privilege levels can access high-privileged data. But the privilege level does not change: User state or User state.

Non-Uniform Code snippet:

system code that is protected by the operating system in order to avoid low privilege level access.

Limitations of non-uniform Code snippets

1. Only sibling access is allowed.
2. Absolute prohibition of different levels of access: Nuclear mentality is not user-state. The user state also does not use nuclear mentality.

Typically, low-privileged code must pass "Gates" to access and invoke high-privileged code . Transfer rules between different levels of code snippets are verified by CPL/RPL/DPL. First to understand these concepts.

Privilege level
------------------------------------------------------------------------------------------

The CPL is the privilege level of the current process, which is the privileged level of the segment of the currently executing code, which exists at the lower two bits of the CS register.Privilege (personally think can be seen as a paragraph descriptor is not loaded into CS, the segment of DPL, loaded into CS after the low two-bit CS, so called CPL, its value is equal to the value of the original segment DPL)

RPL describes the process request permission for segment access (requestedPrivilegelevel), for segment selectors, each segment selector has its own RPL, which describes the process's request permission for segment access, a bit like a function parameter. And RPL is not fixed for each segment, the RPL can be different when accessing the same paragraph two times. RPL may weaken the role of CPL, such as the current cpl=0 process to access a data segment, which sets the RPL in the segment selector to 3, so that although it still has privileged access to 3 for that segment. (The personal opinion is to use CPL to access the "certificate (RPL)" presented by the section DPL, such as the presentation of the "certificate" right-level within the CPL and to meet the privileges of DPL check rules: DPL >= MAX{CPL,RPL}, can normally pass through DPL; otherwise, errors will occur.

DPL is stored in the segment descriptor, which specifies the level of permission to access the segment (descriptor Privilegelevels), and the DPL for each segment is fixed. When a process accesses a segment, a process privilege level check is required, typically DPL >= max {CPL, RPL}

For example, Chinese officials are divided into 6-level President 1, Prime Minister 2, Governor 3, Mayor 4, county Magistrate 5, Township Head 6, assuming I am the current process, the level of Prime Minister (cpl=2), I went to the South City (dpl=4) expedition, with the governor's level (rpl=3 so can scare them:-)) to visit, Yes, if you use the county Magistrate's level, people will not talk to me (you see the incognito on TV).

Why the use of RPL, is to consider the issue of security, as if you clearly on a file with write permission, why use read-only open it, not for security!

------------------------------------------------------------------------------------------

Inter-code Jump
------------------------------------------------------------------------------------------

normal jump (without gate): that is, jmp or call followed by a 48-bit full pointer (16-bit Segment selection Sub + 32-bit address offset), and the segment selection sub-point to the code snippet descriptor, such jumps are called direct (normal) jump. normal jumps do not make the privilege level jump, that is, does not cause the CPL changes , see the following detailed description:

The goal is a consistent code snippet:
Requirements: CPL >= DPL, RPL not checked.

Cpl = Pre-Jump program Cpl

The target is a non-uniform code snippet:
Requirements: CPL = DPL and rpl<= DPL

Cpl = Pre-Jump program Cpl

---------------------------------------------------------------------------------------

Jump through the call Gate: when the segment transfer instruction between JMP and the section transfer instruction call followed by the target segment selector points to a calling gate descriptor, the jump is a jump using the call gate. If you select a child and then follow the 32-bit address offset, it will not be used by the CPU because the calling gate descriptor has already recorded the offset of the target code. Using tone to jump a step more than normal jump, that is, when accessing the call door descriptor to the descriptor as a data segment to check access permissions, the call to indicate the gate selector of the Rpl≤ Gate descriptor DPL, and the current code snippet Cpl≤ Gate Descriptor DPL, as the Access data segment, A cpl≤ that requires access to the data segment of a program to access the data segment of DPL, while selecting the sub-rpl≤ of the data segment or stack segment to be accessed. Only if the above conditions are met, the CPU will further read the selection and address offsets of the target snippet from the call Gate descriptor for the next step.

read from the call gate to the target Code segment selection sub-and address offset, our current grasp of the information back to the previous, and the normal jump station at the same starting line (the normal jump to get the target code of the segment selector and address offset), the difference is that, at this time, The CPU will read the target code snippet to select RPL 0, which ignores the RPL of the code snippet selector in the calling gate. After this step, the CPU starts to the current program of the CPL, the target code segment selection sub-RPL (in fact, it is cleared after 0 can always meet the requirements) and by the target Code selector sub-indicated in the target code snippet descriptor of the DPL in the privilege level check, and according to the situation, as follows:

The goal is a consistent code snippet:
Requirements: CPL >= DPL, RPL not checked, because RPL was cleared 0, so in fact always meet RPL <= DPL, which is consistent with normal jumps, applicable to jmp and call.
After the program's CPL = The CPL of the pre-jump program, the privilege level does not occur.

The target is a non-uniform code snippet:

When you jump with the JMP command:
Requirements: CPL = DPL (RPL is cleared 0, not checked), if not meet the requirements of the program caused an exception.
Cpl = DPL for post-jump programs
Since the precondition is CPL=DPL, the CPL = DPL of the program after the jump does not change the CPL value, nor does the privilege level change. Throws an exception if the access does not meet the precondition CPL=DPL.

When you use the call command to jump:

Requirements: CPL >= DPL (RPL is cleared 0, not checked), if not meet the requirements of the program caused an exception.

Cpl = DPL for post-jump programs

when the condition CPL=DPL, the program jumps after the CPL=DPL, the privilege level does not take place the jump; when CPL>DPL, the program jumps CPL=DPL, the privilege level jumps, this is the only time we see the current position of the program execution priority (CPL) The change of the jump method, that is, with the call Command + invoke Gate mode jump, and the target code snippet is a non-uniform code segment.

Consistent code snippets and non-uniform code snippets