1. protection methods
80386 has three working modes: real mode, protection mode, and virtual 8086 mode. This article introduces 80386 of protection methods and related programming content. In real mode, the basic concepts such as the 80386 register, addressing mode, and instruction are maintained in addition to the external protection mode.
Although 80386 of the features in the real-world mode are much larger than their previous processors (8086/8088, 80386,), only in the protection mode can truly play a greater role. Under the protection mode, all 32 address lines are valid and can address up to 4 GB of physical address space; extended memory segment management mechanism and optional memory paging management mechanism, it not only provides hardware support for Memory sharing and protection, but also provides hardware support for implementing virtual memory. It supports multiple tasks to quickly switch tasks and protect the task environment; the four privileged levels and comprehensive privileged inspection mechanisms enable resource sharing, security and confidentiality of code and data, and task isolation. The virtual 8086 approach is supported, easy to execute 8086 programs.
<1> Storage Management Mechanism
In order to provide hardware support for program and data protection and sharing in the memory, and to provide hardware support for virtual memory, 80386 not only adopts the extended memory segment management mechanism, it also provides an optional memory paging management mechanism. These storage management mechanisms are implemented by the 80386 storage management component MMU.
1. Objectives
80386 has 32 address lines, which can be used in protection mode. Therefore, the addressable physical address space is as high as 4 GB. In a CPU-compatible PC system with 80386 or more processors, the memory address below 1 MB is referred to as the regular memory, and the memory address above 1 MB is referred to as the extended memory.
80386 support for virtual storage. Although the physical address space of 8086 addressable is much larger than the physical address space of 80386 M bytes, it is impossible to install such physical memory in the actual microcomputer system. Therefore, virtual memory must be used to run large programs and truly implement multiple tasks. Virtual Memory is a combination of hardware and software. It is used to provide much larger storage space than the physical primary memory that can be used in computer systems. In this way, programmers do not need to consider the actual capacity of physical memory in computers when writing programs.
80386 it also provides support for the sharing and protection of code and data stored in the memory. Task A and Task B coexist, and task a and Task B must be isolated to avoid mutual influence. However, they may share part of the code and data. Therefore, 80386 supports task isolation, code sharing and data sharing, and privileged protection.
2. Address Space and address translation
Protected virtual memory consists of storage blocks with variable sizes. Such storage blocks are called segments. 80386 use data called descriptors to describe the location, size, and usage of segments. The address (Logical Address) of the virtual memory is composed of the selection of the indicator Descriptor and the offset in the segment. Such an address set is called a virtual address space. 80386 supports up to 64 TB of virtual address space. Programmers use virtual address space for programming. Therefore, they can think that there is enough storage space for use.
Obviously, only programs in physical storage can run, and only data in physical storage can be accessed. Therefore, the virtual address space must be mapped to the physical address space, and the two-dimensional virtual address must be converted to one-dimensional physical address. Because the physical address space is much smaller than the virtual address space, only part of the virtual address space can be mapped to the physical address space. Because the physical memory size is much smaller than the physical address space, only the parts in the above section can be truly mapped to the physical memory.
Each task has a virtual address space. To avoid the direct ing of multiple virtual address spaces of multiple parallel tasks to the same physical address space, linear address space is used to isolate the virtual address space and physical address space. The linear address space consists of one-dimensional linear addresses. The linear address space is equivalent to the physical address space. The linear address is 32-bit long and the linear address space is 4G bytes.
80386 ing between the virtual address space and the physical address space in two steps, that is, converting the virtual address to the physical address space in two steps, but the second step is optional. It is the address ing conversion.
Using descriptor tables and descriptors, the segmentation Management Mechanism maps virtual address space to linear address space, and converts two-dimensional virtual addresses into one-dimensional linear addresses. This step always exists.
The paging Management Mechanism divides linear and physical address spaces into blocks of the same size. Such blocks are called pages. A ing table is created between a linear address space page and a physical address space page. The paging management mechanism is used to map a linear address space to a physical address space, converts linear addresses to physical addresses. The paging management mechanism is optional. When the paging management mechanism is not used, the linear address space is equivalent to the physical address space, and the linear address is equal to the physical address space.
The variable-Size Block used by the segment management mechanism is suitable for processing logical segments of complex systems. The size of a storage block can be defined based on the appropriate logical meaning, without the need to consider the manual limitation imposed by a fixed size page. Each segment can be processed as an independent unit to simplify the protection and sharing of segments. The fixed block size used by the paging mechanism is most suitable for the management of physical storage, both memory management and external storage are equally effective. The paging management mechanism can effectively support virtual storage.
The block and paging mechanisms are two different conversion mechanisms, which are the different conversion levels of the entire address conversion function. Both mechanisms use the conversion tables stored in the primary storage, but these tables have independent structures. In fact, field tables store online address spaces, while page tables store in physical address spaces. Therefore, the segment conversion table can be relocated by the paging mechanism without the involvement of the segment mechanism. The segment conversion mechanism converts a virtual address to a linear address and accesses the table of the segment conversion mechanism in a linear address. It does not notice that the paging mechanism has converted a linear address to a physical address. Similarly, the paging mechanism knows nothing about the virtual address space used by the address generated by the program. The paging mechanism directly converts a linear address to a physical address, and accesses a conversion table from a physical address. It does not know the existence of a virtual address space or even the existence of a segment conversion mechanism.
3. Virtual Memory concept
Virtual Memory is a design technology used to provide much larger storage space than physical primary memory that can be used in computer systems. Users may have the illusion that a large physical storage space can be used in a program. The advantage of using virtual memory is that a program can easily run on a computer with a wide range of configurations and different physical memory capacities; programmers can use virtual memory to write programs that are much larger than any physical memory actually configured. Virtual Memory is supported by the storage management mechanism and a large-capacity Fast hard disk storage. At any time when the program is running, only a small part of the virtual address space is mapped to the primary storage, and the rest is stored on the disk. Because only some of the virtual memory stored in the primary memory can be used by the processor, this virtual storage technology will depend on the localization feature of the memory accessed inside the program, during program execution, only a small amount of storage content in the entire virtual memory will reside in the primary storage. When the range of Access Memory changes, it is necessary to transfer some parts of the virtual memory from the disk to the primary storage. The other parts of the virtual memory can also be transferred back to the disk from the primary storage.
The address translation mechanism supports Virtual Memory in two ways.
First, mark the virtual memory that actually resides in the primary storage as invalid, and establish a virtual-physical ing between the virtual memory resident and the corresponding virtual memory address in the resident part, to the address of the corresponding physical storage. If the virtual address accessed by the program corresponds to the part that does not reside in the virtual memory, an exception will occur due to invalid ing information. The operating system reads the unresident part from the disk to the primary storage to handle this exception and updates the address translation table as needed. After the cause of the exception is ruled out, the exception handler completes the handling of the exception event and returns the original program to resume execution. In the subsequent articles, we will see that after the exception handling program returns, we need to re-execute the command that originally caused the exception, and the command will naturally be successfully completed in the next execution.
Second, the address translation mechanism supports virtual memory by collecting statistics on the use of the virtual memory part residing in the primary memory. These statistics are used when the primary memory space is insufficient, helps the operating system decide which parts can be transferred back to the disk.
<2> Protection Mechanism
To support multiple tasks, protection is required for each task. Since 80286, the processor has a protection mechanism. The protection mechanism can effectively implement protection between different tasks and within the same task.
1. Protection between different tasks
An important aspect of protection is the protection between applications. By placing each task in a different virtual address space, you can isolate the task from the task to protect applications. The ing function from a virtual address to a physical address is defined in each task. As the task switches, The ing function also switches. Task A's virtual address space maps to an area of the physical address space, while Task B's virtual address space maps to another area of the physical address space, independent of each other, irrelevant. Therefore, even though the virtual storage unit address is the same for two different tasks, the actual physical storage unit address can be different.
Each task has an independent ing table with different address conversion functions. On 80386, each task has its own field table and page table. When the processor switches and executes a new task, an important part of this task switching is the conversion table for the new task switching task. To isolate the operating system from all applications, you can store the operating system in a single task. However, we will soon see that the protection mechanism operated in a task is more suitable for protecting the operating system and preventing it from being damaged by applications. This mechanism allows the operating system to be shared by all tasks and can be accessed in each task, and still protects the operating system from application destruction. This method of protecting the operating system is to store the operating system in a public area of the virtual address space, and then allocate the same virtual address space for each task in this area, and perform the same virtual-physical address ing. This part of the virtual address space shared by each task is called the Global address space.
The virtual address space occupied by only one task is called the local address space, which is not shared by any other task. The code and data contained in the local address space are private tasks and must be isolated from other tasks in the system.
Each task has a different local address space. Therefore, access to the same virtual address in two different tasks is actually converted to different physical addresses. This allows the operating system to allocate the same virtual address to the memory of each task and still ensure task isolation. On the other hand, access to the same virtual address in the global address space is converted to the same physical address in all tasks to support public generation