<一>系统段描述符
1.系统段描述符的格式
系统段 描述符 |
m+7 | m+6 | m+5 | m+4 | m+3 | m+2 | m+1 | m+0 |
Base(31...24) | Attributes | Segment Base(23...0) | Segment Limite(15...0) |
系统段 描述符 的属性 |
Byte m+6 | Byte m+5 | ||||||||||||||
BIT7 | BIT6 | BIT5 | BIT4 | BIT3 | BIT2 | BIT1 | BIT0 | BIT7 | BIT6 | BIT5 | BIT4 | BIT3 | BIT2 | BIT1 | BIT0 | |
G | X | 0 | AVL | Limit(19...16) | P | DPL | DT0 | TYPE |
|
|
2.LDT段描述符
LDTABLE DESC <1FH,4321H,65H,82H,,>
3.任务状态段描述符
TempTask DESC <104,3456H,12H,89H,,>
<二>门描述符
1.门描述符的一般格式
门描述符 | m+7 | m+6 | m+5 | m+4 | m+3 | m+2 | m+1 | m+0 |
Offset(31...16) | Attributes | Selector | Offset(15...0) |
门描述 符属性 |
Byte m+5 | Byte m+4 | ||||||||||||||
BIT7 | BIT6 | BIT5 | BIT4 | BIT3 | BIT2 | BIT1 | BIT0 | BIT7 | BIT6 | BIT5 | BIT4 | BIT3 | BIT2 | BIT1 | BIT0 | |
P | DPL | DT0 | TYPE | 000 | Dword Count |
GATE STRUC ;门结构类型定义 OFFSETL DW 0 ;32位偏移的低16位 SELECTOR DW 0 ;选择子 DCOUNT DB 0 ;双字计数字段 GTYPE DB 0 ;类型 OFFSETH DW 0 ;32位偏移的高16位 GATE ENDS
SUBRG GATE <3456,10H,,8CH+60H,12H>
2.调用门
3.任务门
4.中断门和陷阱门
<三>任务状态段
任 务 状 态 段 基 本 部 分 的 格 式 |
BIT31—BIT16 | BIT15—BIT1 | BIT0 | Offset |
0000000000000000 | 链接字段 | 0 | ||
ESP0 | 4 | |||
0000000000000000 | SS0 | 8 | ||
ESP1 | 0CH | |||
0000000000000000 | SS1 | 10H | ||
ESP2 | 14H | |||
0000000000000000 | SS2 | 18H | ||
CR3 | 1CH | |||
EIP | 20H | |||
EFLAGS | 24H | |||
EAX | 28H | |||
ECX | 2CH | |||
EDX | 30H | |||
EBX | 34H | |||
ESP | 38H | |||
EBP | 3CH | |||
ESI | 40H | |||
EDI | 44H | |||
0000000000000000 | ES | 48H | ||
0000000000000000 | CS | 4CH | ||
0000000000000000 | SS | 50H | ||
0000000000000000 | DS | 54H | ||
0000000000000000 | FS | 58H | ||
0000000000000000 | GS | 5CH | ||
0000000000000000 | LDTR | 60H | ||
I/O许可位图偏移 | 000000000000000 | T | 64H |
1.寄存器保存区域
2.内层堆栈指针区域
3.地址映射寄存器区域
4.链接字段
5.其它字段
6.用结构类型定义TSS
;---------------------------------------------------------------------------- ;任务状态段结构类型定义 ;---------------------------------------------------------------------------- TSS STRUC TRLink DW 0 ;链接字段 DW 0 ;不使用,置为0 TRESP0 DD 0 ;0级堆栈指针 TRSS0 DW 0 ;0级堆栈段寄存器 DW 0 ;不使用,置为0 TRESP1 DD 0 ;1级堆栈指针 TRSS1 DW 0 ;1级堆栈段寄存器 DW 0 ;不使用,置为0 TRESP2 DD 0 ;2级堆栈指针 TRSS2 DW 0 ;2级堆栈段寄存器 DW 0 ;不使用,置为0 TRCR3 DD 0 ;CR3 TREIP DD 0 ;EIP TREFlag DD 0 ;EFLAGS TREAX DD 0 ;EAX TRECX DD 0 ;ECX TREDX DD 0 ;EDX TREBX DD 0 ;EBX TRESP DD 0 ;ESP TREBP DD 0 ;EBP TRESI DD 0 ;ESI TREDI DD 0 ;EDI TRES DW 0 ;ES DW 0 ;不使用,置为0 TRCS DW 0 ;CS DW 0 ;不使用,置为0 TRSS DW 0 ;SS DW 0 ;不使用,置为0 TRDS DW 0 ;DS DW 0 ;不使用,置为0 TRFS DW 0 ;FS DW 0 ;不使用,置为0 TRGS DW 0 ;GS DW 0 ;不使用,置为0 TRLDTR DW 0 ;LDTR DW 0 ;不使用,置为0 TRTrip DW 0 ;调试陷阱标志(只用位0) TRIOMap DW $+2 ;指向I/O许可位图区的段内偏移 TSS ENDS
参考资料 | 书 名 | 出 版 社 | 作 者 |
《保护方式下的80386及其编程》 | 清华大学出版社 | 周明德主编 | |
《80X86汇编语言程序设计教程》 | 清华大学出版社 | 扬季文主编 |
[转] http://blog.csdn.net/barech/article/details/4401417
-----------------------------------
[from: http://stackoverflow.com/questions/3425085/the-difference-between-call-gate-interrupt-gate-trap-gate ]
A gate (call, interrupt, task or trap) is used to transfer control of execution across segments. Privilege level checking is done differently depending on the type of destination and instruction used.
A call gate uses the CALL and JMP instructions. Call gates transfer control from lower privilege code to higher privilege code. The gate DPL is used to determine what privilege levels have access to the gate. Call gates are (or have been, probably) gradually abandoned in favour of the SYSENTER/SYSEXIT mechanism, which is faster.
Task gates are used for hardware multitasking support. A hardware task switch can occur voluntarily (CALL/JMP to a task gate descriptor), or through an interrupt or an IRET when the NT flag is set. It works the same way with interrupt or trap gates. Task gates are not used, to the best of my knowledge, as kernels usually want extra work done when task switching.
Interrupt & trap gates, together with task gates, are known as the Interrupt Descriptor Table. They work the same as call gates, except the transfer of parameters, from one privilege stack to another. One difference is that interrupt gates clear the IF bit in EFLAGS, while trap gates do not. This makes them ideal for serving hardware interrupts. Traps are widely used in hardware-assisted virtualization.
For more information, see the Intel Architecture Manuals on the processors that interest you.
Update
To answer the comment:
There are many reasons to distinguish interrupts from traps. One is the difference in scope: interrupt gates point to kernel space (after all, it's the kernel who manages the hardware) while traps are called in userspace. Interrupt handlers are called in response to hardware events, while traps are executed in response to an CPU instruction.
For a simple (but impractical) example to better understand why interrupt and trap gates treat EFLAGS differently, consider what would happen in case we were writing an interrupt handler for hardware events on a uniprocessor system and we couldn't clear the IF bit while we were serving one. It would be possible for a second interrupt to arrive while we were busy serving the first. Then our interrupt handler would be called by the processor at some random point during our IH execution. This could lead to data corruption, deadlocking, or other bad magic. Practically, interrupt disabling is one of the mechanisms to ensure that a series of kernel statements is treated like a critical section.
The above example is assuming maskable interrupts, though. You wouldn't want to ignore NMIs, anyway.
It's largely irrelevant today, too. Today there's practically no distinction between fast and slow interrupt handlers (search for "Fast and Slow Handlers"), interrupt handlers can execute in nested fashion, SMP processors make it mandatory to couple local interrupt disabling with spin locks, and so forth.
Now, trap gates are indeed used to service software interrupts, exceptions, etc. A page fault or division by zero exception in your processor is probably handled through a trap gate. The simplest example of using trap gates to control program execution is the INT 3 instruction, which is used to implement breakpoints in debuggers. When doing virtualization, what happens is that the hypervisor runs in ring 0, and the guest kernel usually in ring 1 - where privileged code would fail with general exception fault. Witchel and Rosenblum developed binary translation, which is basically rewriting instructions to simulate their effects. Critical instructions are discovered and replaced with traps. Then when the trap executes, control is yielded to the VMM/hypervisor, which is responsible for emulating the critical instructions in ring 0.
With hardware-assisted virtualization, the trap-and-emulate technique has been somewhat limited in its use (since it's quite expensive, especially when it's dynamic) but the practice of binary translation is still widely used.
For more information, I'd suggest you check out:
- Linux Device Drivers, Third Edition (available online)
- For binary translation, QEMU is an excellent start.
- Regarding trap-and-emulate, check out a comparison between software/hardware techniques.
Hope this helps!
-----------------------------------------------------
[另一个相关网页: http://www.mouseos.com/arch/gate_descriptor.html ]