Real mode, protection mode, and virtual 8086 Mode

1: real mode: The addressing adopts the same 16-bit segment and offset as 8086. The maximum addressing space is 1 MB and the maximum segment is 64kb. You can use 32-bit commands. 32-bit x86 CPU is used for high-speed 8086.
2: Protection Mode: The addressing adopts 32-bit segments and offsets, the maximum addressing space is 4 GB, and the maximum segment is 4 GB (Pentium pre and 64 GB later ). In the protected mode, the CPU can enter the virtual 8086 mode, which is the environment for running the program in the protected mode.

1. Review of program running in real mode.
What is the essence of the program running? In fact, it is very simple, that is, the execution of commands, obviously the CPU
It is the hardware guarantee for command execution. How does the CPU know where the command is located?
By the way, the 80x86 series uses CS registers and IP registers to notify CPU commands in the memory.
Location in.
Generally, various types of data are required for executing program commands. The 80x86 series include ds,
Elasticsearch, FS, GS, and SS are used to indicate the locations of data segments for different purposes in the memory.
The program may need to call the system service subroutine, And the 80x86 series will use the interrupt mechanism.
To implement system services.
In general, these are the main content required for the next program running in real mode.
(Other operations, such as redirection, return, and port operations, are relatively minor .)

Second: protection mode-starting from program running
Whether it is the real mode or the protection mode, the fundamental problem is how the program runs in it.
Therefore, we should always focus on this issue when learning the protection model.
In actual mode, the essence of the program running in protection mode is still "CPU command execution,
Operation-related data ", so various code segments, data segments, stack segments, and Medium
The disconnected service program still exists, and its functions and functions remain unchanged.
So what is the biggest change in the protection mode? The answer may vary from person to person.
The answer is that the "address conversion method" has the largest change.

Third: Comparison of address conversion methods
Let's take a look at the address translation method in real mode. Suppose we store 0x1000 in ES,
Store 0 xFFFF in Di, and ES: di = 0x1000*0x10 + 0 xFFFF = 0x1ffff.
The calculated value is "shifted left by four digits plus offset ".
What if it is in protection mode? Assume that the preceding data remains unchanged, ES = 0x1000,
DI = 0 xFFFF. Now ES: What is Di?
The formula is as follows: (Note: 0x1000 = 000000000000b = 10 0000 0000 0 00)
ES: di = base address of segment given by descriptor 0x200 in the Global Descriptor Table + 0 xFFFF
It seems different to compare it now. Let's take a closer look. It seems that there is no difference!
Why is there no difference, because my idea is that since the content in ES is not
The real segment address, in which real mode is called ES as a "segment register", to the protection mode
Is it "Select Sub "?
In fact, they are all ing, but the ing rules are different: In the real mode, this
The "address conversion method" is "four shifts left", and the "check global/partial description table" in protection mode"
. The former is the system-defined ing method, and the latter is the User-Defined conversion method. And it
All affected are "shadow register"
From the function point of view, the former is an expression function, and the latter is a column function:
Real mode: F (es --> segment) = {segment | segment = es * 0x10}
Protection Mode: F (es --> segment) = {segment | (ES, segment) ε gdt/LDT}
Gdt and LDT represent the Global Descriptor Table and the Local Descriptor Table respectively.

Fourth: basic components of the protection mode
The most basic component of the protection mode is the addition of the "address conversion method"
Institution.
1. Data Segment
As mentioned above, various code segments, data segments, stack segments, and interrupted service processes in real mode
The sequence still exists. I will collectively refer to them as "data segments". This article will refer
Is to use this definition.
2. Descriptor
In protection mode, descriptors are introduced to describe various data segments. All descriptors are 8 characters.
Section (0-7), the type of the descriptor is described by 5th bytes. The types are different, and the descriptor structure is also
Different.
Several descriptors are together to form a descriptor table, and the Descriptor Table itself is also
The data segment, also described using the descriptor.
From now on, "address translation" is done by the descriptor table. In this sense, the descriptor
A table is an address conversion function table.
3. Select sub-accounts
The sub-database is a two-byte number, with a total of 16 bits. The lowest two bits represent RPL, and the third bits represent the table store.
Whether to use gdt (Global Descriptor Table) or LDT (Local Descriptor Table), with a maximum of 13 BITs
Output the desired descriptor address in the descriptor table. (Note: 13 BITs are enough to address 8 K items)

With the above three concepts, You can further work, now the program running and real-world Mode
It's exactly the same !!! Each register still provides a "segment value", but this "false segment value"
To the true segment address, the conversion is no longer "four shifts left", but is done using the descriptor table. However
A new problem is:
How does the system know the location of gdt/LDT in the memory?
To solve this problem, we need to introduce a new register to indicate that gdt/LDT is included.
Location in memory. Two new registers, GDR and LDR, are introduced in the 80x86 series.
The CIDR block address and CIDR block limit in the memory (that is, the table size). Therefore, GDR is
Bit register, where 32 bits represent the segment address, 16 bits represent the segment limit (maximum 64 K, each description
Is 8 bytes, so there are a maximum of 64 K/8 = 8 K descriptors ). LDR is used to indicate the bit of LDT in memory.
But because LDT is also a data segment, it must have a descriptor and the description
Therefore, LDR uses the same mechanism as DS, es, Cs, and so on.
Store a "Select Sub" and query the gdt table to obtain the real memory address of the LDT.
By the way, there are also interruptions to consider. In the 80x86 series, we provide interruption/trap descriptions for interrupt services.
Description. These descriptors constitute the Interrupt Descriptor Table (IDT) and introduce a 48-bit full address.
Memory Address for storing IDT in registers. In theory, the IDT table can also have 8 K items, but because 80x86
Only 256 interrupts are supported. Therefore, the IDT can only have a maximum of 256 Items (2 k ).

Fifth: New Requirements-task
This section describes the basic and core problems of the protection mode and solves the above problems,
The program can run in protection mode.
However, we all know that after 80286, we have implemented multi-task hardware support in the protection mode. Me
The first response is: Why can't I choose not to support multiple tasks in the real mode?
After thinking, my answer is: multi-task implementation in real mode (maybe I am wrong :)).
Because the key to multitasking is the descriptor, You can provide additional descriptions about the data segment, such as permission.
Limit, and then control the information based on the additional information.
Description, but suppose we specify the first two or several bytes of each segment to be used for additional attributes of the description segment,
I think there is no essential difference between this mechanism and the use of descriptors. If you add other mechanisms...
Based on the above considerations, I prefer to think that a task is a function independent of the protection mode.
Next we will analyze the task. What is the essence of a task? It's very simple. It's a program !!
The so-called task switching is actually a program switching !!
Now the problem is clear. In real mode, the program runs one by one.
"Environment" does not need to be saved; in protection mode, a program may be paused during running and executed in turn
What should we do next? It is easy to think of saving the running environment (think
To save the progress of the game program), such as the value of each register.
Obviously, these "environment" data constitute a new type of data segment (TSS ). Extend the previous ideas,
Set the descriptor (TSS descriptor) for this type of data segment and put this type of descriptor in gdt (cannot
Put it in LDT, because 80x86 does not allow :)), and then add a TR register for Table query.
TR is a 16-bit register for "Select Sub.
Now, the basic task of task switching is to save the "Environment" of the original task to the TSS data segment.
The new tr register, the system will automatically query the gdt table to obtain and load the "Environment" of the new task, and then go to the new
Task execution.

Sixth: Additional requirements --- Paging
Why is it an additional requirement, because the task cannot work well now. As mentioned earlier, the task
It is essentially a program. Different programs are written by different users, and all these programs are completely possible.
The same address space is used, and the switching process of the task generally does not include refreshing the memory data,
It's not impossible, but it's too wasteful to do that. Therefore, the paging mechanism must be introduced to make it effective.
To support multiple tasks.
The main goal of pagination is to solve address conflicts between different tasks.
The essence of paging is to map the addresses in the program to physical addresses, which is also an "address conversion"
Mechanism, you can also use the preceding solution (similar to gdt): first, create a page table.
A data segment. The second-level page table scheme is used in 80 x86, and a new register is added for storage.
The address of the first-level page table (also called the page Directory) in the memory. There are 32 bits in the bits, and the low 12 bits are always
Zero, the height of 20 characters indicates the memory address of the page Directory, so the page Directory is always aligned by page. As
Part of the task "environment" is stored in the TSS data segment during task switching.
Of course, there must be a corresponding page disconnection Mechanism and Its Related register Cr2 (page fault linear address register ).

VII. Summary
What is added in protection mode?
1. Register gdr ldr idr tr 303.
2. Data segment descriptor table (gdt LDT) task data segment (TSS) page table (page Directory Level 2 page table)
3. Mechanism permission detection (using the attribute bit of the sub/descriptor/page table item selection)
Linear address-to-physical address ing

8. Glossary of protection mode
The content above will not be explained.
1. Select the permission defined by the permission slot in the sub-account in RPL.
2. Cpl refers to the permission defined by the permission slot in the Selection Sub-Account in CS.
3. EPL = max (RPL, CPL), that is, the value in RPL and CPL is large, or the permission level is small.
4. Permission defined by the permission bit in the DPL Descriptor
5. pl generally refers to the above four privileged levels
6. Task privilege = CPL
7. the I/O privilege is determined by the bits 13 and 14 of the eflags register.
8. consistent code segment is a special code segment that allows access when CPL> = DPL
Access is allowed only when CPL = dpl rpl <= DPL