Linux kernel programming study Note 2: protection mode

There are many concepts related to protection modes, such as segmentation, segment descriptor, paging, page table, and task status segment (TSS. To gain a deeper understanding of the protection model, you must understand these concepts. For those who are not familiar with the protection mode, how can they grasp the key of the protection mode at once? What is protection

Search

Protection mode involves many concepts, such as segmentation, segment descriptor, paging, page table, and task status segment (TSS. To gain a deeper understanding of the protection model, you must understand these concepts. For those who are not familiar with the protection mode, how can they grasp the key of the protection mode at once? What is the protection mode? The core of the protection mode is to implement effective isolation between multiple tasks through the segment-based addressing mechanism!
There are two main points about the protection mode: first, the segment-page addressing mechanism allows the cpu to access up to 4 GB of addressing space, breaking the limit of 640KB in the real mode, this makes it possible to load and execute multiple tasks at the same time. Second, the segmentation mechanism makes the segments have access permissions and privileges. the operating system code and data cannot be accessed by applications, this effectively isolates the operating system from applications.

1. segmentation mechanism and segment expression table
In protection mode, the address format of "segment: offset" in actual mode is continued, but the meaning of "segment" is completely different. In protection mode, the values in the registers CS, DS, ES, and SS are "segment selector". you need to check the global descriptor table (GDT) or local descriptor table (LDT) to obtain the base address of the segment, and add an offset to obtain the linear address. In short, the CS, DS, ES, and SS registers store the segment index rather than the segment itself! This index points to a table item in a data structure. The table item defines the starting address, boundary, and attribute of the segment in detail. The data structure is GDT or LDT. A table item in GDT also has a special name called a Descriptor)
Segment descriptors are divided into two categories: storage descriptors (storage segments are the segments that store code and data that can be directly accessed by programs) and the system segment descriptor or gate descriptor (the system segment is the special segment used by the 80386 segmentation mechanism, and the gate corresponds to the interrupt, exception, and trap ). For details about the attributes of descriptors, refer to relevant books.
The segment descriptor is also called the selector. it is a 16-bit structure, 15 ~ 3-bit is used to select the segment descriptor, and 2nd-bit is used to indicate whether to select in GDT or in LDT, 1 ~ The value 0 indicates the access permission level (RPL ).
2. virtual memory and paging mechanism
In more than 80386 of CPUs, the concept of Virtual Memory is also proposed, which allows applications to use a Memory that far exceeds the actual amount. The program uses a virtual address to access the memory. the virtual address can obtain the physical address through two mechanisms, namely segment and paging, to achieve the purpose of storage protection.
This involves some knowledge about memory management. First, you must distinguish logical addresses, linear addresses, and physical addresses. Logical address: Segment Address: offset. a linear address is formed by a combination of segment addresses and offsets. If the paging mechanism is enabled, the linear address is converted to a physical address through the paging mechanism and sent to the address line. if the paging mechanism is not enabled, the linear address is the physical address.
Here we will introduce the paging mechanism. Memory is composed of storage units. However, compared with the data size that requires storage space occupation, the storage unit is too subtle, A direct method is to partition the entire bucket. In computer technology, a partition in memory is called a page. in linux, a page is usually 4 kB.
The initial primary storage is equivalent to a square lattice, and each square is equivalent to a storage unit. Paging divides the entire primary storage into several equal-size partitions, that is, each partition has the same number of storage units. partitions that comply with this rule are called pages. Then, name a page number for all pages starting from 0. Paging is equivalent to cutting a square lattice paper into several equal parts, and then regard them as a square lattice paper, each with a page number. After paging, you can allocate storage space for the program entity in units of pages.
We know that the maximum addressing space of the 32-bit address line is 4 GB, but generally the computer is not equipped with such a large actual memory. Therefore, the concept of virtual memory is proposed, the address space provided by the processor is called the virtual address space or the logical address space, and the space actually provided by the actually equipped storage is called the physical space. What programmers can see is virtual address space. Therefore, in programming, you do not need to consider the actual physical memory capacity, as long as it does not exceed the addressing space of the computer processor.
For more details about memory management, refer to modern operating systems.
Here we will introduce the protection model knowledge, so we can only give you a general understanding. For more details, you need to read relevant books by yourself.