Programovani v asembleru 1 - Univerzita Karlova v Praze
Download
Report
Transcript Programovani v asembleru 1 - Univerzita Karlova v Praze
Microprocessors system
architectures – IA32 real
and virtual-8086 mode
Jakub Yaghob
Compatibility with 16-bit code
Advantages
Disadvantages
Allows execution of an older code
Supports programmer laziness/persistence
IA-32 compatibility modes
Real mode
Virtual-8086 mode
Compatibility mode
comparison
Common characteristic
Real mode
Binary code compatibility with predecessors of IA-32 (8086, 80186, 80286)
Possibility to use some 32-bit features
Nearly compatible with 8086
Starting CPU mode after the RESET
Minimal support from OS
No protection mechanisms
Some important IA-32 features are not available (paging)
Virtual-8086 mode
More differences against 8086
Part of the protected mode, cannot run without it
Complicated emulation software
Keeps protection
Uses all features of IA-32 (including paging)
Virtualization – more VM86 machines at the same moment
Cannot be entered from the long mode
Real mode
Usage
CPU starting mode
To this date used for some recovery software
Does not need memory structures, excluding interrupt vector
No protection
Features
Real mode address translation
Instruction operands 8- or 16-bit
Only 16-bit registers are available
Higher parts only using an instruction prefix
Including IP and FLAGS
16-bit stack
Interrupt vector
It is possible to enable 32-bit operation using an instruction prefix
Relocatable using LIDT
All instruction from 80286 and 80287 supported
FS and GS available for IA-32 CPUs
Real mode address translation
Paging
Not supported
Segmentation
Simulates 8086 behavior
No descriptor tables
Segment attributes set to simulate real mode
Based address derive from the visible part
Base = selector * 16
Segment limit: 216-1
Segment type: code-writable
Inaccurate 8086 memory model
Address computed in 32 bits
HMA – available memory in the range 100000h-10FFFFh
16-bit address modes
16-bit instructions use 16-bit address mode
Offset = [Base] + [Index] + [Displacement]
Base = BX, BP
Index = SI, DI
Use 32-bit address mode with an instruction
prefix
Interrupt system
Relocatable vector (IDTR)
Positioned on address 0
Real mode format: far 16-bit pointers
Interrupt handling
Only FLAGS stored
Only IP changes
Stack pointer is only SP
Virtual-8086 mode
Special task running in the protected mode
Structure of a V86 task
32-bit TSS
The 8086 program
A V86 monitor
Must run on CPL=0
Interrupt and exception handling
I/O emulation
Access to the V86 memory
8086 OS services
16-bit OS implemented inside the V86
16-bit OS implemented using 32-bit OS
Paging in V86
CPU translates V86 addresses to linear addresses
Linear address can use paging
Advantages
More V86 tasks at a time
Lower 1MB mapped to different physical memory
Emulating 1MB address space of the 8086
Mapping range 100000h-10FFFFh to 0h-0FFFFh
Sharing „ROM“ contents
Memory mapped I/O
Protection within V86 task
Protection is not enforced between the segments
Protection possibilities
Reserving lower 1MB+64K for V86 tasks
V86 cannot generate addresses out of this range
Paging protection
V86 monitor has U/S=0
Sensitive instructions
IOPL sensitive: CLI, STI, PUSHF, POPF, INT n, IRET
Not IOPL sensitive: IN, OUT, INS, OUTS
If IOPL<3, then sensitive instructions invoke #GP
Entering V86 mode
CPU runs in V86, if EFLAGS[VM]=1
How to set it
Task switch
Return from interrupt handler IRET
Reading EFLAGS from TSS before segment registers loading
Reading EFLAGS from the stack
VM flag checks
Segment register loading
Instruction decoding
How to set segment registers caches
Instructions not supported by V86
Instructions sensitive on IOPL
Access rights
V86 always runs with CPL=3
Entering and leaving VM86 – I
Entering and leaving VM86 – II
1.
2.
3.
4.
5.
6.
Task switch
HW interrupt/exception, INT n when IOPL=3
#GP caused by INT n, IRET, POPF, PUSHF, IN,
OUT when IOPL<3
Normal return from protected mode
interrupt/exception handler
A return from V86 monitor to redirect an
interrupt/exception
Internal redirection of INT n when VME=1, IOPL<3
and the redirection bit is 1
Leaving V86
Only through an interrupt or exception
HW external interrupt
An exception caused by V86 code
INT n handler
It is possible to directly redirect it back to V86 code
RESET or INIT
HLT instruction causes #GP
V86 I/O
Protection
Protection of all ports
V86 performs I/O directly (no protection)
Access specific I/O ports
I/O map in the TSS
Access specific I/O memory mapped ports
Paging
Interrupt and exception
handling in V86
All interrupts divided into classes
Class 1
Class 2
Maskable HW interrupts when CR4[VME] =1
Class 3
All exceptions
All HW interrupts including NMI
All INT n
Moreover, handling of classes 2 and 3 depends
IOPL setting
Working with EFLAGS[IF], EFLAGS[VIF], EFLAGS[VIP]
CR4[VME] setting
INT n redirection map in TSS
Virtual interrupt support EFLAGS[VIF], EFLAGS[VIP]
V86 interrupt handling for
class 1 – I
32-bit interrupt-, trap-, task-gate
Switches to 32-bit and CPL=0
Saves the state of the segment registers
Clears the segment registers DS, ES, GS, FS
Clearing flags VM, NT, RF, TF in EFLAGS
Begins execution of interrupt handler
Handling interrupts for V86
Check EFLAGS[VM] on the stack
Handling in the protected mode
Invoking V86 monitor
V86 monitor can invoke V86 handler
SS:ESP already contains an address for the stack 0
CS:EIP already contains interrupt handler address
V86 interrupt handling for
class 1 – II
V86 interrupt handling for
class 1 – III
Invoking V86 handler from V86 monitor
Use the 8086 interrupt vector to locate V86 handler
address
Copy FLAGS and CS:IP from the stack 0 to the V86 stack
(CPL 3)
Change return address on the stack 0 to the V86 handler
Return using IRET to the V86
IRET in V86 causes #GP and invokes V86 monitor
Copy FLAGS from stack 3 to stack 0
Set CS:IP on stack 0 to original address of V86 interrupt
Return using IRET to the V86
V86 interrupt handling for
class 2 – I
Maskable V86 interrupt handling using virtual interrupts
Activated by CR4[VME]=1 and IOPL<3
Flags VIF and VIP in EFLAGS
Reduces V86 monitor calls when working with IF (PUSHF,
POPF, STI, CLI)
Virtualization
CLI and STI work with VIF
PUSHF saves VIF instead of IF
POPF loads VIF from IF, IF remains intact
VIP records existence of deferred (pending) maskable HW
interrupt
VIP checked by CPU, never set; set by SW
V86 interrupt handling for
class 2 – II
Handling maskable HW interrupt
Invoke 32-bit handler
Switch to 32-bit and CPL=0
Check EFLAGS[VM] on the stack 0
Save the V86 state on the stack 0
Clear the segment registers
Clear the VM flag in EFLAGS
Begin execution of a 32-bit interrupt handler
If the flag is set, call V86 monitor
V86 monitor checks VIF in EFLAGS
If VIF=0, set the VIP and return to the 32-bit interrupt handler
If VIF=1, can be handled as class 1
Return back to V86
V86 interrupt handling for
class 2 – III
Deferring interrupt using the flag VIP
Before the VIF is set (POPF, STI), CPU in V86
checks
If VIP=0, VIF is set and continue
If VIP=1, #GP exception is invoked
The #GP exception calls V86 monitor
Handle the deferred interrupt
Clear VIP and set VIF in EFLAGS on the stack
Return to V86
V86 interrupt handling for
class 3 – I
SW interrupt handling (INT n)
BRM=Bit in Redirection Map in the TSS
VME IOPL BRM
Action
0
3
X Invoking 32-bit handler
0
<3
X #GP
1
3
1 Invoking 32-bit handler
1
<3
1 #GP, VIF and VIP available
Redirecting to V86 handler
- save FLAGS with NT=0 and IOPL=0 on the stack
1
3
0 - save CS:IP on the stack
- clear IF and TF
- loads CS:IP from V86 interrupt vector
Redirecting to V86 handler, VIF and VIP available
- save FLAGS with IOPL=3 and IF←VIF on the stack
1
<3
0 - save CS:IP on the stack
- clear VIF and TF
- loads CS:IP from V86 interrupt vector
V86 interrupt handling for
class 3 – II
Redirection map in the TSS
Easier system calls for 16-bit OS
Using INT n as system calls
INT 21 in the MS-DOS