"80x86 assembly Language Programming Tutorial" 19 Operating system class directives and input and output protection

1, usually only in the operating system code, 80386 support 4 privilege levels, operating system instructions can also be divided into 3 kinds: Real mode and any privilege level executable instruction, real mode and privilege level 0 can execute instructions and only in protected mode execution of instructions.

1) Real mode and any commands that can be executed under any privilege level

A) store global and interrupt Descriptor Descriptor Register directives

The GDT and IDT have only one single piece of the system, and their location information is stored in GDTR and IDTR respectively, and the values of the two registers can be saved. It should be noted that the LDT indicates that the task is private, and that the instruction storing the LDTR value does not belong to this category.

i) store Global Descriptor Descriptor Register directive: SGDT DST

DST is a 48-bit (6-byte) memory operand that is executed after the GDTR 16-bit limit value is deposited in the DST low word, while the GDTR in the 32-bit base address is stored in the DST high double word. No effect on the flag bit.

II) storage Interrupt Descriptor Descriptor Register instruction: SIDT DST

Similar to "Sgdt DST".

b) Storage machine status word directive: SMSW DST

DST can be a 16-bit universal register or storage unit. No effect on the flag bit.

Note: In order to be compatible with the 80286 instruction set (386 CR0 low byte equals 286 machine state word), in 386, the storage machine word should use the stored CR0 Register instruction.

2) Real mode and privilege level 0 executable commands

Key register settings directives, etc., in protected mode, CPL does not have a 0 instruction to execute them will throw an error code of 0 general protection failure. The same is true for virtual 8086 mode (CPL = 3).

A) Clear task Switch flag command: CLTS

When the task is switched on, the TS bit (task switch flag bit) of the CR0 is automatically set to 1 (refer to "80x86 Assembly Language Programming Tutorial 12 task status segment, control gate and control Transfer "), the directive function is to the TS flag bit clear 0. Does not affect other flag bits.

b) Pause instruction: HLT

This instruction suspends the processor and restarts only if an enabled interrupt is accepted or if the system is reset. Has no effect on the flag bit.

c) Load Global Descriptor Descriptor Register directive: LGDT SRC

SRC is a 48-bit (6-byte) memory operand, executed after pseudo-descriptor SRC (PDESC structure) of the low-word send GDTR low word (segment bounds), high-double-word send gdtr high-double word (segment base). No effect on the flag bit.

d) Load Interrupt descriptor Descriptor Register instruction: Lidt SRC

Similar to "LGDTR".

e) Load machine status word directive: LMSW SRC

SRC can be a 16-bit universal register or storage unit. This instruction will load SRC into the machine status word (Low 16 bits of CR0) without affecting the flag bit. Similarly, is to be compatible with 286,386 should not use it.

f) Control register data Transfer command: MOV DST,SRC

Enables data transfer between 386 control registers and 32-bit general-purpose registers. Therefore, DST and SRC can be 3 control registers (CR0, CR2, CR3---Reference "80x86 assembly Programming Tutorial 880,386 Program design Basics ") and any 132-bit general-purpose registers, but not both as control registers. Influence on the flag gate.

g) Debug Register data transfer Instructions

Rule Ibid. The Debug register is DR0~DR7 (refer to "80x86 assembly Language Programming Tutorial" 880,386 Programming Basics ").

h) Test register data transfer Instructions

Rule Ibid. The test registers are TR6 and TR7 (refer to "the 80x86 assembly language Programming Tutorial" 880,386 Programming Basics ").

3) commands that can only be executed in protected mode

Can only be performed in protected mode, execution in real mode will cause an illegal opcode failure (vector number 6).

A) Load local descriptor Descriptor Register instruction: Lldt SRC

SRC can be a 16-bit general-purpose register or storage unit (the represented selector must indicate a descriptor of type Ldt in GDT, 0 for Null selectors, and no LDT), without affecting the flag bit. Cpl is not 0 o'clock (error code 0), the selector does not indicate that the descriptor or descriptor type in the GDT is not a LDT (the error code is made up of the selector), and executing it will result in a general protection failure.

b) Store local Descriptor descriptor Register directive: SLDT DST

Rule Ibid.

c) Load and store task register directives

Task Register TR indicates current task status segment TSS (refer to "80x86 assembly Language Programming Tutorial" 12 task status segment, control gate and control Transfer "). As the task switches, if the task is nested, the TR original value is saved as the link word in the new task TSS.

i) load task Register instruction: LTR SRC

SRC is a 16-bit universal register or storage unit. The selected sub indicated by SRC cannot be empty, the descriptor in the GDT must be indexed, and the type is TSS. The directive does not affect the flag bit. Cpl is not 0 o'clock (error code 0), the selector does not indicate that the descriptor or descriptor type in the GDT is not a LDT (the error code is made up of the selector), and executing it will result in a general protection failure.

II) Storage Task Register directive: STR DST

The DST rule is the same as above, without affecting the flag bit.

d) Adjustment Request privilege level directive: ARPL Oprd1,oprd2

The OPRD1 is a 16-bit universal register or storage unit, and the OPRD2 is a 16-bit general-purpose register. This directive checks the RPL of the selected sub-OPRD1 with the application privilege level (RPL) of the Select sub-OPRD2, if OPRD1.RPL < OPRD2. RPL, then ZF = 1,OPRD1.RPL = OPRD2. RPL; otherwise ZF = 0. Both can be empty and do not affect other flag bits.

e) Load Access command: LAR oprd1,oprd2

Both operands can be either 16-bit or 32-bit general-purpose registers, and the OPRD2 can also be storage units, but they must be of the same size. If the selected sub OPRD2 (32 bits uses the low 16 bits) indicates that the descriptor satisfies the following conditions, then ZF = 1, and the Descriptor attribute field is loaded into the OPRD1; otherwise ZF = 0,oprd1 unchanged.

i) within the Descriptor descriptor range

II) for a bucket descriptor or system segment descriptor, or task Gate, call Gate Descriptor

III) CPL and OPRD2.RPL are not much more than OPRD2.DPL

Descriptor Reference "80x86 assembly Language Programming Tutorial" Nine section management mechanism and pure DOS environment construction "and" "80x86 assembly Language Programming Tutorial" 12 task status segment, control gate and control transfer ". The result is a high of 4 bytes with 00ffxff00 and the result of x indicating undefined, if the OPRD1 is 16 bits, then the result is 2 bytes lower (no g-bit, AVL bit). Except ZF does not affect other sign bits.

f) Loading section bounds directive: LSL Oprd1,oprd2

The rule is the same as above, the difference is that the paragraph boundary field is reproduced and the condition 2nd limit is more strict, cannot be a door descriptor. Under satisfied conditions, the bounds field value of the descriptor that is loaded into the OPRD2 of the OPRD1 is measured in bytes. If the bounds field in the descriptor is in 4 K (G = 1), then when loaded into the OPRD1, move the left 12 bits, and all the vacated bits are filled 1. If the 16-bit operand is used, only the lower 16 bits of the segment bounds are loaded into the OPRD1. Except ZF does not affect other sign bits.

g) Read and write inspection instructions

Checks whether the segment specified at the current privilege level can read and write, thereby avoiding unnecessary exceptions.

i) read inspection instruction: Verr OPRD

The OPRD can be a 16-bit or 32-bit universal register and storage unit. If the 32-bit is used low 16 bits, the function is to determine whether the OPRD selection sub-indicated by the current CPL is readable, if the selection of sub-legal, and in the current CPL readable, then ZF 1, otherwise ZF Qing 0. Except ZF does not affect other sign bits.

II) Write inspection instructions: VERW OPRD

The rule is the same as above, except that the checked property is writable.

4) Privileged Command

Only cpl = 0 can execute the instruction in protected mode, otherwise a generic protection exception is thrown. Privileged instruction plays an important role in constructing perfect protection mechanism. Summarized as follows:

Instructions	Function	Instructions	Function
CLTS	Clear the TS bits of the CR0	LTR	Loading TR
HLT	Stop	MOV Crn,reg	Loading the control register
Lgdt	Loading GDTR	MOV REG,CRN	Save Control Register
Lidt	Loading IDTR	MOV Drn,reg	Loading test Registers
Lldt	Loading LDTR	MOV REG,DRN	Save Test Register
Lmsw	Load MSW (CR0 low 16-bit)

As can be seen, setting GDTR, IDTR, and LDTR are privileged directives, while storing them is not. Both the setup and storage control and test registers are privileged directives.

2. Input/Output protection

1) input/output protection

A) I/O sensitive instructions

Input/output privilege levels (I/O Privilege level) Specify the outermost privilege level for commands and access I/O space addresses for I/O (in the flag register EFlags, refer to "80x86 assembly Language Programming Tutorial" 880,386 Programming Basics "). The I/O license bitmap (in TSS) provides code access to the I/O space which addresses can be executed at any privileged level. The I/O sensitive directives are as follows:

Instructions	Function	Conditions of execution in protected mode
Cli	Clear the IF bit in EFlags	CPL <= IOPL
Tt.	Set the IF bit in EFlags	CPL <= IOPL
Inch	Read data from an I/O address	CPL <= iopl or I/O bitmap allowed
Ins	To read a string from an I/O address	CPL <= iopl or I/O bitmap allowed
Out	Writing data from an I/O address	CPL <= iopl or I/O bitmap allowed
Outs	Writing a string from an I/O address	CPL <= iopl or I/O bitmap allowed

If the permissions are insufficient, a generic protection exception is thrown. Each task has its own eflags and TSS, so each task iopl can be different, and different I/O license bitmaps can be defined. Note: The real mode is all executable.

b) I/O license bitmap

Consisting of bits strings, each of which corresponds to an I/O address, if the M-bit is 0, then I/O address M can be accessed by a program of any privileged level code, otherwise it can only be accessed at the IOPL privilege level or the more internal privilege level, otherwise a generic protection exception is thrown. An I/O directive involves up to 4 I/O addresses (such as in eax,71h), and only 0 of all I/O license bits involved can be accessed smoothly. 386 supports the I/O address space size of 64K, so the effective portion of the I/O license bit is 8KB maximum. The I/O license bitmap used by the current task is in the low-end TSS 64K (with a 16-bit offset, up to 64K) bytes, and the bit string is stored in bytes, so the offset is guaranteed to be less than 64k–8k = 56K when storing the entire I/O license bitmap.

c) I/O Access License Check details

The steps are as follows:

i) CPL <= IOPL is established, the establishment of the direct jump to the 8th step of direct I/O access

II) Get bitmap start offset (TSS I/O license bitmap I offset field---TSS internal offset 66H byte unit)

iii) Calculate byte offset (I/O address value is shifted right 3 bits---that is divided by 8)

IV) Calculate the bit offset to form the shielding code value (3-bit word-out unit that is shifted right out of the I/O address)

V) If the byte is out of bounds, then a generic protection exception is thrown (bitmap offset + byte offset +1<= segment bounds)

vi) read two bytes from a bitmap (fastest to read and write)

VII) perform a bit check, and the generic protection exception is thrown without passing

IX) for I/O access

When reading, always read two bytes, because I/O access at the same time access to 4 consecutive ports, the maximum is also distributed in 2 consecutive bytes, so in determining whether the cross-border should also only add 1 processing, in order to determine the I/O license bitmap maximum byte the above process also applies, must be in the i/ o The license bitmap is added at the end of a full 1 byte 0ffh. I/O license bitmap start offset plus 8K the value of the TSS limit determines the effective end offset of the I/O license bitmap. When the license bitmap start offset is greater than 56K, a partial bit crosses the bitmap bounds, which makes it impossible to trigger a generic protection exception because it is inaccessible (that part of the bit is considered to be full 1). With this feature, the storage unit used by the I/O license bitmap can be greatly reduced, thus greatly reducing the TSS. Such as:

1 ;Demo Task task status segment (TSS)2 DEMOTSSSEG segment Para use163DTSS taskss<>;TSS Low End part4DB 100h/8DUP (0FFH);corresponds to the I/O port 00h~0ffh5DB 100h/8Dup0);corresponds to the I/O port 100h~1ffh6DB 0FFH;IO license bit end flag7 Demotsslen = $-Demotssseg8Demotssseg

The above TSS contains only the original 200H bits of the licensed bitmap, corresponding to the port 0~1FFH, while the other bits are considered to be 1. The format used in the previous instance, the height zone only with the IO license bit end flag indicates that all bits are 1.

2) Important Sign protection

386 the handling of the 3 fields of the IOPL, if, and VMs in the EFLAGS flag is special, and only high-level codes can be changed by directives such as Iret, Popf, CLI, and STI. The following are the handling of 3 fields under different privilege levels:

variable

TD valign= "Top" >

privilege level	flag field
	VM	IOPL	if
cpl = 0	variable (except Popf directive)	variable
0 < CPL <= IOPL	unchanged		variable
cpl > IOPL		Constant

It is visible that only cpl = 0 can modify VMS and IOPL, and must be at the IOPL sibling or the inner layer to modify if. It is important to note that under conditions where the privilege level is not satisfied, where the iret and Popf directives attempt to change these 3 fields do not throw an exception, only the attempted modification operation is not executed successfully. In addition, Popf always cannot change the VM bit, while the PUSHF instruction always presses 0 into the VM bit.

"80x86 assembly Language Programming Tutorial" 19 Operating system class directives and input and output protection