Each task has a task status segment TSS, which is used to save information about the task, and to use this information when transforming privilege levels and task transitions within a task. In order to control the transfer of privilege-level transformations in the task, these transfers are usually carried out through the control gate in order to control the task switching. This article describes the task status segment and the control gate.< a > system Segment DescriptorThe system segment is a special segment that is used to implement the storage management mechanism. In 80386, there are two system segments: The task State segment TSS and the local descriptor descriptor of the LDT section. The descriptor used to describe the system segment is called the System segment descriptor.1. Format of the system segment descriptorThe general format of the system segment descriptor is shown in the following table.
System segment Descriptor |
M+7 |
M+6 |
M+5 |
M+4 |
M+3 |
M+2 |
M+1 |
M+0 |
Base (31...24) |
Attributes |
Segment Base (23...0) |
Segment limite (15...0) |
System segment Descriptor of the properties |
Byte m+6 |
Byte m+5 |
BIT7 |
BIT6 |
BIT5 |
BIT4 |
BIT3 |
BIT2 |
BIT1 |
BIT0 |
BIT7 |
BIT6 |
BIT5 |
BIT4 |
BIT3 |
BIT2 |
BIT1 |
BIT0 |
G |
X |
0 |
Avl |
Limit (19...16) |
P |
Dpl |
DT0 |
TYPE |
They are similar compared to bucket descriptors, where the distinguished flag is the value of the descriptor type bit dt in the attribute byte. Dt=1 represents a bucket, and dt=0 represents a system segment. The Subgrade address and segment bounds fields in the system segment descriptor are exactly the same as those in the bucket descriptor, and the G-bit, AVL-bit, p-bit, and DPL fields in the attribute are identical. The d bit in the bucket descriptor attribute is not used in the system segment descriptor and is represented by the symbol X. The type of the System Segment Descriptor field type is still 4 bits, and the type of encoding and representation is listed in the following table, which has a different meaning than the type of the bucket descriptor.
System segment Type |
Type encoding |
Description |
0 |
Not defined |
1 |
Available in 286TSS |
2 |
LDT |
3 |
Busy 286TSS |
4 |
286 Call Gate |
5 |
Mission Gate |
6 |
286 Interrupt Gate |
7 |
286 Trap Door |
|
|
System segment Type |
Type encoding |
Description |
8 |
Not defined |
9 |
Available in 386TSS |
A |
Not defined |
B |
Busy 386TSS |
C |
386 Call Gate |
D |
Not defined |
E |
386 Interrupt Gate |
F |
386 Trap Door |
|
As can be seen from the table above, only descriptors of type encoding 2, 1, 3, 9, and B are true system segment descriptors, which describe the system segment LDT and the task state segment TSS, and other types of descriptors are gate descriptors. The bucket descriptor structure type defined by the preceding article Desc still makes it easy to describe the system segment descriptor in the program. It is important to note that the selection of system segment descriptors cannot be used to read and write system segments, and alias technology must be used to read and write system segments. 2.LDT Segment Descriptor The LDT segment descriptor describes the local descriptor descriptor of the task. For example: The following descriptor ldtable describes a local descriptor block, the base address is 654321H, the bounds in bytes is 1FH, and the descriptor privilege level is 0. Ldtable DESC <1FH,4321H,65H,82H,,> The LDT segment descriptor must be scheduled in the Global Descriptor table to be valid. When the LDTR register is loaded, information such as the LDT subgrade address and segment bounds in the descriptor is loaded into the LDT segment descriptor cache register.3. Task Status Segment DescriptorTask status Segment TSS is used to save various state information for a task. The task status segment descriptor describes a task status segment the TSS descriptor is divided into 286TSS and 386TSS categories. The TSS descriptor specifies information such as the base address of the task status segment and the size of the task status segment. For example, the following descriptor Temptask describes an available 386 task status segment, the base address is 123456H, the bounds in bytes is 104, and the descriptor privilege level is 0.Temptask DESC <104,3456H,12H,89H,,> When the task state Segment register TR is loaded, information such as the Subgrade address and segment bounds in the descriptor is loaded into the TR buffer register. The TR register is loaded when the task switches or executes the LTR instruction. The type in the TSS descriptor specifies that TSS is either "Busy" or "available". A task is a "busy" task if it is a task that is currently being executed or is linked to a task on the current task with a link field in TSS along the pending task; Task switching is accomplished directly through the TSS descriptor or through the task gate using the inter-segment transfer instruction, JMP, and the inter-segment invoke command call.< two > door descriptorIn addition to the bucket descriptor and the system segment descriptor, there is a class of gate descriptors. The gate descriptor does not describe a memory segment, but rather describes the entry point for control transfer. This descriptor is like a door to another piece of code. Through this kind of gate, can realize the task inside the privilege level transformation and the task between the switch. So, this gate descriptor is also called the control Gate.1. General format of door descriptorsThe general format of the door descriptor is shown in the following figure. The door descriptor is consistent with the system segment only if the type byte in the descriptor is offset 5, and the gate descriptor and the system segment descriptor are also marked by that byte. The meaning of P and DPL in this byte is the same as in other descriptor species. The other bytes are primarily used to hold a 48-bit full pointer (16-bit selector and 32-bit offset).
Door Descriptor |
M+7 |
M+6 |
M+5 |
M+4 |
M+3 |
M+2 |
M+1 |
M+0 |
Offset (31...16) |
Attributes |
Selector |
Offset (15...0) |
Door description Character Properties |
Byte m+5 |
Byte m+4 |
BIT7 |
BIT6 |
BIT5 |
BIT4 |
BIT3 |
BIT2 |
BIT1 |
BIT0 |
BIT7 |
BIT6 |
BIT5 |
BIT4 |
BIT3 |
BIT2 |
BIT1 |
BIT0 |
P |
Dpl |
DT0 |
TYPE |
000 |
Dword Count |
Based on the structure of the gate descriptor given above, you can define the following type of gate descriptor structure: Gate Struc ; door structure type definition
offsetl DW 0 ; 32-bit offset low 16-bit
SELECTOR DW 0 ; Select child
DCOUNT db 0 , double-word count field
GTYPE DB 0 , type
offseth DW 0 ; 32-bit offset high 16-bit
GATE ENDS Gate Descriptor structure Type Gate can be used to describe the gate descriptor conveniently in the program. For example, the following door descriptor SUBRG describes a 386 call gate, the selector in the door is 10H, the ingress offset is 123456H, the gate descriptor is 3, and the double word count is 0.SUBRG GATE <3456,10H,,8CH+60H,12H> From the list of descriptor types above, the door descriptor can be divided into: task Gate, call Gate, interrupt gate and Trap Gate, and other descriptors are divided into 286 and 3,862 kinds except the task gate.2. Call DoorThe invocation gate describes the entry of a subroutine. The selector in the call door must implement the code snippet descriptor, and the offset within the call gate is the offset within the corresponding code snippet. By calling the command call between segments, the call gate enables the transformation from the outer privilege level to the inner privilege level within the task. In the gate descriptor shown in the figure above, the bit 0 to bit 4 is offset by 4 bytes, which is only valid in the calling door descriptor and is not valid in other gate descriptors. The main program passes the ingress parameters to the subroutine through the stack, and if the calling subroutine is invoked to cause privileged-level conversions and stack changes, the parameters in the outer stack need to be copied to the inner stack. The double-digit field is the number of double-character parameters to be copied when this happens.3. Mission GateThe task gate indicates the task. The selector within the task gate must indicate the TSS descriptor in the task state segment in the GDT, and the offset in the door is meaningless. The entry point of the task is stored in the TSS. Using the inter-segment transfer instruction JMP and the inter-segment invoke command call, the task Gate enables task switching.4. Break doors and trap doorsInterrupt gate and Trap Gate describe the population point of the interrupt/exception handler. The selector in the break gate and trap Gate must point to the code snippet descriptor, and the offset within the gate is the offset of the population point of the corresponding code snippet. The interrupt gate and trap Gate are valid only in the Interrupt Descriptor list IDT. The difference between the break gate and the trap gate will be discussed in a later article.< three > task status segmentThe Task status segment (Task State Segment) is a special segment that holds important information about a task. The task status segment descriptor is used to describe such a system segment. The visible portion of the task status segment register TR contains the selector of the task status segment descriptor for the current task, and the invisible Buffer register portion of the TR contains information such as the Subgrade address and segment bounds for the current task status segment. TSS plays an important role in the task switching process, through which the tasks are suspended and restored. The so-called task switch is the execution of a task that suspends the current execution, resumes or initiates another task. During the task switching process, the current values of the registers in the processor are automatically saved to the TSS specified by TR, and then the selection of the TSS for the next task is loaded into the TR; Finally, the values of each register are taken from the TSS specified by TR to each register in the processor. This shows that the task is switched by preserving a complete image of each register state of the task site in TSS. Task status segment The basic format of TSS is shown in the following figure.
Any
Works
-Shaped
State
Paragraph
Base
This
Department
Score of
Of
Pane
Expression |
Bit31-bit16 |
Bit15-bit1 |
BIT0 |
Offset |
0000000000000000 |
Link fields |
0 |
ESP0 |
4 |
0000000000000000 |
SS0 |
8 |
ESP1 |
0CH |
0000000000000000 |
SS1 |
20k |
ESP2 |
14H |
0000000000000000 |
SS2 |
18H |
CR3 |
1CH |
Eip |
20H |
EFlags |
24H |
EAX |
28H |
Ecx |
2CH |
EDX |
30H |
EBX |
34H |
Esp |
38H |
Ebp |
3CH |
Esi |
40H |
Edi |
44H |
0000000000000000 |
Es |
48H |
0000000000000000 |
Cs |
4CH |
0000000000000000 |
Ss |
50H |
0000000000000000 |
Ds |
54H |
0000000000000000 |
Fs |
58H |
0000000000000000 |
Gs |
5CH |
0000000000000000 |
Ldtr |
60H |
I/O license bitmap offset |
000000000000000 |
T |
64H |
As can be seen from the diagram, the basic format of TSS consists of 104 bytes. This 104-byte basic format is immutable, but beyond this, the system software can also define several additional information. The basic 104 bytes can be divided into five regions, such as Link field area, inner stack pointer area, address map Register area, register save area and other fields.1. Register Save AreaThe Register save area is located within the TSS and is offset from 20H to 5FH for storing general purpose registers, segment registers, instruction pointers, and flag registers. When a TSS corresponding task is executing, the save area is undefined and the current value of these registers is saved in the region when the current task is toggled out. When the next switch back to the original task, and then restore the value of these registers from the save area, so that the processor reverts to the state before the task swap out, and ultimately enable the task to resume execution. From the above figure, the general register corresponds to a 32-bit double word, the instruction pointer and the flag register each corresponding to a 32-bit double word, each segment register also corresponds to a 32-bit double word, the segment register in the selection of only 16 bits, arranged double word low 16 bits, high 16 bits unused, generally should be filled with 0.2. Inner stack pointer areaFor effective protection, the same task uses a different stack at different privilege levels. For example, when you transform from the outer privilege level 3 to the inner privilege level 0 o'clock, the stack used by the task is also transformed from level 3 to the level 0 stack, and when you transform from the inner privilege level 0 to the outer privilege Level 3 o'clock, the stack used by the task is also transformed from a 0-level stack to a 3-level stack. Therefore, a task may have four stacks, corresponding to four privileged levels. Four stacks require four stack pointers. There are three stack pointers in the inner stack pointer area of the TSS, all 48-bit full pointers (16-bit and 32-bit offsets), pointing to the top of the stack at level 0, 1, and 2, respectively, placed in the TSS where the offset is 4, 12, and 20. When an inward transfer occurs, the appropriate stack pointer is loaded into the SS and ESP registers to transform to the inner stack, and the outer stack pointer is held in the inner stack. There is no pointer to a level 3 stack, because level 3 is the outermost layer, so any transfer to the inner tier is unlikely to move to level 3. However, when the privilege level is transformed from the inner to the outer layer, the pointer to the inner stack is not saved to the inner stack pointer area of the TSS. In fact, the processor never writes to the region unless the programmer considers changing the value of the zone. This indicates that the inner stack is always considered an empty stack when transferring to the inner layer. Therefore, the recurrence of the intra-sibling transfer is not allowed, and once a transfer occurs to a certain level of the inner layer, the normal way to return to the outer layers is to match the outer layer back.3. Address Map Register AreaThe mapping from the virtual address space to the linear address space is determined by the GDT and the LDT, and the part associated with the particular task is determined by the LDT, which is determined by the LDTR. If the paging mechanism is used, then the mapping from the linear address space to the physical address space is determined by the control register CR3 that contains the starting physical address of the page catalog table. Therefore, the mapping of the virtual address space to the physical address space associated with a particular task is determined by LDTR and CR3. Obviously, as the task switches, the address mapping relationship also needs to be switched. The Address Map register area for TSS consists of a double-word field at offset 1CH (CR3) and a Word field (LDTR) at offset 60H. When the task is switched on, the processor automatically removes the two fields from the TSS to perform the task, loading the registers CR3 and LDTR respectively. This changes the mapping of the virtual address space to the physical address space. However, when the task is switched on, the processor does not save the contents of the Register CR3 and LDTR of the swap out task to the address Map register area in the TSS. In fact, the processor is never automatically written to the region. Therefore, if the program changes LDTR or CR3, the new value must be artificially saved to the corresponding field in the Address Map register area in the TSS. This functionality can be achieved through alias technology.4. Link FieldsThe link field is arranged within the TSS with a 0-starting double word, and its height is 16 bits unused. The 16-bit selection of the TSS descriptor for the previous task is saved when the link is in effect. If the current task is activated by calling a command call or an interrupt/exception between segments, then the Link field holds the TSS selector for the suspended task, and the NT bit in the flag register EFlags is set to 1, making the link field valid. On return, since the NT flag bit is 1, the return instruction RET or the interrupt return instruction Iret will allow the control to revert to the previous task on the chain as indicated by the link field.5. Other fieldsIn order to achieve input/output protection, I/O license bitmaps are used. The I/O license bitmap used by the task is also stored in the TSS as an extended part of the TSS. The word offset at 66H within the TSS is used for the migration of the I/O license bitmap within the TSS (calculated from the beginning of the TSS). The role of the I/O license bitmap will be described in more detail in a future article. The word offset at 64H within the TSS is a special attribute provided for the task. In 80386, only one attribute, the Debug trap, is defined. The attribute is the lowest bit of the word, denoted by T. The other position of the word is reserved and must be set to 0. When a task switch occurs, if the T-bit of the entry is 1, the debug trap is generated before the first instruction of the new task executes after the task switch is complete.6. Define TSS with structure typeDepending on the structure of the TSS in the task state segment given above, the following TSS structure types can be defined: ;----------------------------------------------------------------------------; task State segment structure type definition;---------------------
-------------------------------------------------------TSS Struc trlink DW 0; Link fields
DW 0; not used, set to 0 TRESP0 DD 0, 0 level stack pointer TRSS0 DW 0; Level 0 Stack segment register
DW 0; not used, set to 0 TRESP1 DD 0, 1 level stack pointer TRSS1 DW 0; Level 1 Stack segment register
DW 0; not used, set to 0 TRESP2 DD 0, 2 level stack pointer TRSS2 DW 0; Level 2 Stack segment register DW 0; not used, set to 0 TRCR3 DD 0; CR3 treip DD 0; EIP treflag DD 0; EFlags treax DD 0; EAX trecx DD 0; ECX tredx DD 0; EDX trebx DD 0; EBX tresp DD 0; ESP trebp DD 0; EBP tresi DD 0; ESI Tredi DD 0;
EDI TRES DW 0; ES DW 0; not used, set to 0 trcs DW 0; CS DW 0; not used, 0 trss DW 0; SS DW 0; not used, 0 trds DW 0;D s DW 0; not used, set to 0 trfs DW 0; FS DW 0; not used, set to 0 TRGS DW 0; GS DW 0; not used, set to 0 trldtr DW 0; LDTR DW 0; not used, set to 0 trtrip DW 0, Debug trap flag (bit 0 only) Triomap DW $+2; Offset within segment of I/O license bitmap area TSS ENDS
Resources |
Title |
Publishing house |
Author |
"80386 and its programming under protection mode" |
Tsinghua University Press |
Zhou Mingde Editor |
"80x86 assembly language Programming Tutorial" |
Tsinghua University Press |
Yandiven Editor |
Author Blog: http://blog.csdn.net/tangl_99/
|