x86 protection mode

The processor architecture is actually expanding, and the new processor must continue with the old design ideas, maintain compatibility and consistency, and expand and enhance it.

Although 8086 is a 16-bit processor, it is also part of the 32-bit architecture. The reason for this is that 32 is the processor architecture developed from 8086, based on 8086, with continuity and compatibility.

Expansion of Registers

The 32-bit processor extends the length of these 8 universal registers (AX,BX,CX,DX,SI,DI,BP,SP) to 32 bits, based on the 16-bit processor.

The high 16 bits of the 32-bit universal register are not independent, but the low 16 bits remain compatible with the same 16-bit processor. Therefore, they can be used as usual at any time.

But 32-bit processors are not simple enhancements to 16-bit processors. In fact, the 32-bit processor has its own 32-bit mode of operation, and the 32 mode I learned is 32-bit protection mode. In this mode, the processor can use all of its 32 and address lines to access 4GB of memory.

In 32-bit mode, in order to generate a 32-bit physical address, the processor needs to use a 32-bit instruction pointer register. To do this, the 32-bit processor expands the IP to 32-bit and uses the EIP when working in 32-bit mode, but still uses IP when working in 16-bit mode.

For 32-bit mode because the processor of the IA-32 architecture is based on a segmented model, in 32-bit mode, access to memory is theoretically not required because it has free access to any memory location. So introduced a flat model, that is, only one segment, the base address of the segment is 0x00000000, the length of the segment is 4GB, in this case is considered not segmented.

In 32-bit mode, the processor requires that the segments that are owned by the program be defined before being added to the program, and then allowed to use those segments. When you define a segment, you add attributes such as segment bounds, privilege level, type, and so on, in addition to the base address. When a program accesses a segment, the processor uses the firmware to perform various checks to prevent unauthorized access to the memory.

In 32-bit mode, the traditional segment register, such as Cs,ss,ds,es, is not saved as a 16-bit segment base address, but rather a segment selector (real mode is the segment register, in protected mode is the segment selector, because in protected mode they are not stored in the segment address but the segment descriptor in the Descriptor Table index number) , which is used to select the segment to access, in addition to the segment selector, each segment register also includes an invisible part, called the descriptor buffer, which has the base address of the segment and various access properties.

When a segment is accessed in protected mode, the segment selector is passed to the segment selector. He consists of three parts, the first part is the index number, which is used to select a segment descriptor in the descriptor descriptor. T1 is a descriptor-list indicator, t1=0, when the descriptor is in the GDT, T1=1, the descriptor is in the LDT. RPL is the privileged level of the requesting privilege level, which represents the program that gives the current selector

Linear address

We have traditionally said that the segment address of an offset address is called a logical address, the offset address is called a valid address, in the instruction to give a valid address is called the way of addressing.

However, the management of the segment is carried out by the segment part of the processor, and the segment assembly adds the segment address and offset address to the address of the memory to be accessed. In general, the address generated by the segment part is the physical address.

However, in order to solve the fragmentation of memory space (memory allocation is variable each time, the time will result in too much too small block of memory space), IA-32 processor support paging function, paging function divides the physical memory space into a logical page. By using pages, you can simplify memory management.

When the page function is turned on, the address generated by the segment part is no longer a physical address, but a linear address, and the linear address is converted to the page part, which is the physical address.

The concept of a linear address is used to describe the address space of a task. Each task on the IA-32 processor has a 4GB of virtual memory space, which is a flat space of 4GB in length, like a straight line segment. Accordingly, the address generated by the segment part corresponds to each point on the linear address space, which is the linear address.

Full-play descriptive tabulation

In protected mode, access to memory can still use segment addresses and offset addresses, but it must be registered before each segment can be accessed. When you access an offset that exceeds the bounds of a segment, the processor blocks the access and produces an interrupt called an internal exception.

Break descriptor, using eight bytes to describe the information about a segment. In order to store these descriptors, it is necessary to open a space in memory, in which all descriptors are placed together and stored centrally, which forms a descriptor table.

The main descriptor table is the global descriptor Tables (GDT), which must be defined before entering protected mode.

Graphic Products from

To keep track of the global descriptor descriptor, there is a 48-bit register inside the processor called the Global Descriptor Descriptor Register (GDTR). The register is 32 high to hold the global Descriptor descriptor linear Base address, and the lower 16 bits hold the global descriptor descriptor boundary.

Because the GDT boundary is 16 bits, the table size is up to 2^16 bytes (64KB), and because the global descriptor size is 8 bytes, you can define up to 8,192 descriptors.

Although the base address has 32 bits, because the processor immediately works in the new memory access mode after entering protected mode, the GDT must be defined before entering protected mode. However, because only 1MB of memory can be accessed in real mode, GDT is usually defined in the range below 1MB. It also allows you to redefine the GDT after entering protected mode and changing position.

The segment attribute in the segment descriptor is also arranged in two fields. A description of its definition and significance is given below.

(1) G is the segment boundary grain size (granularity) bit
G=0 indicates that the bounds granularity is byte; g=1 indicates that the bounds granularity is 4K bytes. Note that the boundary granularity is only valid for the segment bounds, the subgrade address is not valid, and the Subgrade address is always in bytes.

(2) The d/b bit is a very special bit that has different meanings in the three descriptors that describe the executable segment, the down-extended data segment, or the segment addressed by the SS register (usually the stack segment)
In the descriptor describing the executable segment, the D-bit determines the default size of the address used by the instruction and the operand.
D=1 indicates that the directive uses 32-bit addresses and 32-bit or 8-bit operands by default, which is also called a 32-bit code snippet;
D=0 means that by default, 16-bit addresses and 16-bit or 8-bit operands are used, which is also known as 16-bit code snippets, which are compatible with 80286. You can use the address size prefix and operand size prefixes to change the default address or operand size, respectively.

In the descriptor for the down-extended data segment, the D-bit determines the upper boundary of the segment.
D=1 indicates that the upper boundary of the segment is 4G;
D=0 indicates that the upper boundary of the segment is 64K.

In describing the segment descriptor addressed by the SS Register, the D-bit determines what stack pointer registers are used by implicit stack access directives, such as push and pop instructions.
D=1 represents the use of the 32-bit stack pointer register esp;
D=0 represents the use of a 16-bit stack pointer register sp.

(3) The AVL bit is the software available bit
80386 the use of this bit is not specified, this bit is ignored by Linux and the Windows operating system.

(4) P-bit called presence (Present) bit
P=1 indicates that the descriptor is valid for address translation, or that the segment described by the descriptor exists, that is, in memory; P=0 indicates that the descriptor is not valid for the address translation, that is, the segment does not exist. Using this descriptor for memory access causes an exception.

(5) DPL represents the Descriptor Privilege level (descriptor Privilege levels)
Total 2 bits. It specifies the privileged level of the described segment, which is used for privilege checking to determine whether the segment can be accessed.

(6) The type of the DT bit description descriptor
For storage segment descriptors,
Dt=1, to differentiate with the system segment descriptor and Gate descriptor (dt=0).

(7) Type describes the specific properties of the bucket described by the bucket descriptor

The bit 0 indicates whether the descriptor has been accessed (accessed), marked with a symbol a.
A=0 indicates that it has not been accessed,
A=1 indicates that the segment has been accessed,
When the corresponding selector of the descriptor is loaded into the segment register, the 80386 position is 1, indicating that the descriptor has been accessed, the operating system can test the access bit, and has determined if the descriptor has been accessed.
This is bit 1, the corresponding type is odd, so the type corresponds to an odd number when the descriptor is accessed, otherwise the even ID is not accessed (as can be seen from the preceding table)

In summary, we can see the difference between the segment descriptors at different types, as shown below

Code Snippet Descriptor
Indicates that the segment descriptor represents a code snippet that can be placed in a GDT. The descriptor S flag is 1.
Data Segment Descriptor
Indicates that the segment descriptor represents a data segment that can be placed in the GDT, which is set to the S flag of 1.
Task Status Segment Descriptor
Indicates that the segment descriptor represents a task status segment, which means that the segment is used to hold the contents of the processor register. It can only appear in the GDT, depending on whether the process is running on the CPU, the value of the Type field is 11 or 9, respectively. The S-Flag of this descriptor is set to 0.

x86 protection mode