80x86 Protection Model Series Tutorial (1) Protection

zhaozj2021-02-08  225

I. Introduction to Protection

80386 has three working methods: real mode, protection mode and virtual 8086 mode. This article introduces 80386 and related programming content in the protection mode. The basic concepts such as 80386 registers, addressing methods, and instructions in real mode are still maintained in particular instructions.

Although the function of 80386 under the actual mode is much more than its previous processor (8086/8088, 80186, 80286), only in the protection mode, 80386 can truly play a greater role. In the protection mode, all 32 address lines are valid, addressing the physical address space of up to 4G bytes; the expanded memory segment management mechanism and optional memory paging management mechanism, not only provides hardware support for memory sharing and protection And provide hardware support for realizing virtual memory; support multitasking, enabling task switching and protection task environments; 4 privilege levels and perfect privileged check mechanisms can enable resource sharing and guarantee code and data security And confidentiality and task isolation; support virtual 8086 mode for easy execution 8086 program.

<1> Storage Management Mechanism

In order to provide hardware support for programs and data implementation of the memory and data, in order to provide hardware support for virtual memory, in protection, 80386 not only uses an expanded memory segment management mechanism, but also provides an optional memory paging management mechanism. . These storage management mechanisms are implemented by the 80386 storage management component MMU.

Target

80386 There are 32 address lines, and they can play a role in protection, so the physical address space is up to 4g bytes. In the PC compatible machine system of 80386 and above, the memory address is called a conventional memory, referring to the memory of more than 1m or more as an extended memory.

80386 Also supports the implementation of virtual memory. Although the 80386 addressable physical address space can be described as large compared to the 8086 addressable 1M byte physical address space, the actual microcomputer system is impossible to install such physical memory. So, in order to run large programs and truly implement multiple tasks, virtual storage must be used. Virtual memory is a hardware and software binding technology for providing much storage space than physical main memory that can actually be used in a computer system. In this way, the programmer does not need to consider the actual capacity of the physical memory in the computer when writing a program.

80386 Also supports sharing and protection of code and data stored in memory. Task A and Task Part B Solids, Task A and Task B must be isolated to avoid interaction. But they may share part of code and data. Therefore, 80386 must support task isolation, but also support sharing of shared code and data, but also support privilege protection.

2. Address space and address conversion

The virtual memory in the protection mode is composed of a variable-size memory block, and such a memory block is referred to as a segment. 80386 The location, size, and usage of the segment are used to describe the segments of data called descriptors. The address (logical address) of the virtual memory is composed of two parts of the selection of the descriptor and the segment of the descriptor, and such an address set is called a virtual address space. The virtual address space supported by 80386 can reach 64T bytes. The storage address space used when programmers write programs is virtual address space, so they can think that there is enough storage space available.

Obviously, only programs in the physical memory can run, only data in the physical memory can be accessed. Therefore, the virtual address space must be mapped to the physical address space, and the two-dimensional virtual address must be converted to a one-dimensional physical address. Since the physical address space is much smaller than the virtual address space, only the portion in the virtual address space can be mapped to the physical address space. Since the size of the physical memory is much smaller than the physical address space, only the part in the above portion can be actually mapped to the physical memory.

Each task has a virtual address space. In order to avoid multiple virtual address spaces of multiple parallel tasks directly map to the same physical address space, isolation of virtual address space and physical address space is isolated using linear address space. Linear address space consists of one dimensional linear address, linear address space and physical address space peer. Linear address 32-bit long, linear address space capacity is 4G bytes. 80386 points to realize the virtual address space to the physical address space to the physical address space, which is divided into two steps to implement the virtual address to the physical address, but the second step is optional. The following figure is a schematic diagram of address mapping conversion.

By describing the menu and descriptors, the segment management mechanism implements a mapping of virtual address spaces to linear address space, and converts two-dimensional virtual addresses to one-dimensional linear addresses. This step is always present.

The paging management mechanism divides the linear address space and the physical address space to the same size, such blocks are called pages. The page management mechanism implements the mapping of linear address space to physical address space between page and physical address spaces, and implements linear addresses to physical address translation. The paging management mechanism is optional. When the paging management mechanism is not used, the linear address space is equivalent to the physical address space, and the linear address is equal to the physical address.

The variable size block used by the segmentation management mechanism, and the segmentation management mechanism is compared to the logical segmentation of complex systems. The size of the memory block can be defined according to the appropriate logic meaning without considering the human limit of the fixed size page. Each segment can be used as a separate unit process to simplify the protection and sharing of segments. The fixed-size blocks used by the paging mechanism are best suited for managing physical storage, whether it is managed memory or exemption. Paging management mechanisms can effectively support implementation of virtual storage.

Both mechanisms of paragraphs and paging are two different conversion mechanisms, which are different conversion levels of the entire address translation function. While both mechanisms utilize conversion tables stored in the main memory, these tables have independent structures. In fact, the segment table is stored in the linear address space, and the page table is stored in the physical address space. Therefore, the segment conversion table can be reopened by the paging mechanism without the participation of the block mechanism. Segment conversion mechanism converts virtual addresses into linear addresses, and accesss the table conversion mechanism in the linear address without aware of the paging mechanism to convert linear addresses to physical addresses. Similarly, the paging mechanism does not know nothing about the virtual address space used by the address generated. The paging mechanism simply converts the linear address into a physical address, and accesses the conversion table in the physical address, and does not know the existence of the virtual address space, and even know the existence of the segment conversion mechanism.

3. Virtual Memory Concept

Virtual memory is a design technology that provides much storage space than physical main memory that can actually be used in a computer system. The user will generate an illusion, as if you can use a very large physical storage space in the program. The benefits of using virtual memory are: A program can easily run on a computer that is very different, the configuration range is very wide; the programmer can write more physical storage than any actual configuration using virtual memory. program of. Virtual memory is supported by the storage management mechanism and a large-capacity fast hard disk memory. At any time of the program run, only a small portion of the virtual address space is mapped to the main memory, and the rest is stored on the disk. Because only some virtual memory stored in the main memory can be used by the processor, this virtual storage technology will rely on the localization characteristics of the program internal access to the memory, and only the small amount of storage in the program execution is in the main memory. Reside. When the range of access memory changes, it is necessary to transfer certain parts of the virtual memory from the disk into the main memory, and the additional portion of the virtual memory can also transfer it to the disk from the main memory.

The address conversion mechanism supports virtual storage in two ways.

First, the part of the virtual memory actually resides in the main memory is invalid, and the virtual-physical mapping relationship of the virtual memory resident portion is established, and the corresponding virtual memory address of the resident part is converted to the corresponding physics. The address of the memory. If the virtual address accessed corresponds to the portion where the virtual memory is not resided, it will cause an exception due to invalid mapping information. The operating system handles this exception by reading the unstable portion from the disk to the main memory, and updating the address conversion table as needed. After the cause of an abnormality is removed, the exception handler completes the processing of the abnormal event, and returns the original program to resume execution. In the following article, it will be seen that after returning from the exception handler, it is necessary to re-execute an instruction that causes an exception, and the instruction will naturally be successfully completed at once. Second, the address conversion mechanism supports virtual memory by collecting statistics residing in the virtual memory part of the main memory, which use statistics, help the operating system decision which part of the disk can be transferred back when the main memory space is shortaged. .

<2> Protection Mechanism

In order to support multitasking, it is necessary to implement protection for each task. Starting with 80286, the processor has a protection mechanism. The protection mechanism can effectively achieve protection between different tasks and protection within the same task.

1. Protection between different tasks

An important aspect of protection is protection between applications. By placing each task in different virtual address spaces, the task and task are isolated, and the purpose of protection between the applications is achieved. The mapping function of the virtual address to the physical address is defined in each task. As task switches, the mapping function is switched. The virtual address space of the task A is mapped to an area of ​​the physical address space, and the virtual address space of the task B is mapped to the additional area of ​​the physical address space, independent of each other, and does not coherent. Therefore, two different tasks, although the virtual storage unit address is the same, the actual physical storage unit address can be different.

Each task has a set of separate mapping tables, namely different address conversion functions. On 80386, each task has its own segment table and page table. An important part of this task switching is an important part of this task switching for the new task to switch the task. In order to isolate the operating system to all applications, the operating system can be stored in a single task. However, we are about to see that the protection mechanism in one task is more suitable for protecting the operating system so that it is not damaged by the application. This mechanism allows the operating system to be shared by all tasks and can be accessed in each task, and still protect the operating system so that it is not damaged by the application. This method of protecting the operating system is to store the operating system in a public area of ​​the virtual address space, then make each task allocated a same virtual address space in this area and perform the same virtual-physical address mapping . This part of the virtual address space of each task is called a global address space.

The virtual address space part of a task is only included in the virtual address portion that is not shared by any other task, called a local address space. The code and data contained in the local address space are the task private, need to be isolated from other tasks in the system.

There is a different local address space in each task. Therefore, in two different tasks, access to the same virtual address is actually converted to different physical addresses. This allows the operating system to give the same virtual address for each task, and still guarantee the isolation of the task. On the other hand, access to the same virtual address in the global address space is converted to the same physical address in all tasks, allowing sharing of public code and data, such as sharing of operating systems.

2. Protection in the same task

Within a task, four implementation privilege levels are defined to restrict access to segments in the task. The privilege level is specified to the segment according to the importance of the data contained in the segment and the credits. Assign the highest privilege level to the most important data segment and the most trusted code segment. Data with the highest privilege level can only be accessed by the most trusted code. Have a lower privilege level to unimported data segments and general code segments. Data with minimum privilege levels can be accessed by code with any privileged level. The privilege level is represented by numbers 0, 1, 2, and 3, digital 0 represents the highest privilege level, and the number 3 represents the minimum privilege level, that is, the higher level of privileges. In order to avoid blurring and confusion, when the privilege level is compared, the term "less" or "less than" is not used, and the term "inside" or "inner layer" means a higher privilege level, the number of numbers is smaller; The term "outer" or "outer layer" means a lower privilege level, the number of numbers is large. Level 0 is the most innermost privilege level, 3 is the privilege level of the outermost layer, according to such a representation method, the four privilege levels are shown in the following figure (the number in the figure in the figure is privileged).

Each privilege level has its own independent program stack to avoid the protection issues related to the shared cake area. When a program switches from one privilege level to another, the stack used by the program uses the stack segment from the original level of stack segment to the new privilege. For the stack segment register SS, the descriptor privacy (DPL) must be equal to the privilege level (CPL) of the current code segment. The method of switching from a privileged level to another will be described in the Control Transfer Method.

Each memory segment is associated with a privilege level. Privilege level limits refers to, only a sufficient level program can access the corresponding segment. At any time, a task is always running in one of the four privilege levels. The privilege level of the task is called the current privilege level, marked as a CPL, the privileged level of the currently running program. Whenever a program is attempting to access a segment, the CPL is compared to the privileged level of the segment to be accessed to determine if this access is allowed. Programs performed for a given CPL allow access to data segments of the same level or outer level. As shown in the figure above, Codek can access the same level data DATAK, or access the outer layer DataOS, DataAp1, and DataAP2, etc. If the data segment attempts to access the inner layer is illegal and an exception is caused. As shown in the figure above, Codeos can access the same level DataOS, or access the outer layer DataAP1 and DataAP2, but cannot access the inner layer DATAK.

Although the application is in the outermost layer, since each different application is stored in different virtual address spaces, each application is isolated. As shown in the figure above, the outermost CodeAP1 can only access DataAP1, and it is impossible to access DataAP2 of another application of the same level;

This is actually combined protection. Application 1 and Operating System constitute task A, application 2, and operating system constitute task B. The operating system is shared by task A and task B, in two different virtual address spaces of task A and task B, the operating system occupies the same portion as the virtual address space.

The typical usage of the privilege level is to put the core part of the operating system at level 0, and the rest of the operating system is placed at level 1, and the application is placed at Level 3, and the Level 2 is used for intermediate software. Such arrangements for privilege levels allows the core of the 0-level operating system to access all of the stores in the task; while the 3-level application can only access the stored segments of the program itself, these store segments are also at level 3 ( Note that the Windows 9x operating system only uses 0 and 3 to facilitate porting to a computer that streamlined the set of instructions, such as RS4000, etc., these processors typically have only two privileges, system-level and user-level. Reference information book name Society Society "80386 and its programming" Tsinghua University Press, Zhou Mingde, editor "80x86 assembly language program design tutorial" Tsinghua University Publishing Social Yang Qiwen Editor

转载请注明原文地址:https://www.9cbs.com/read-3194.html

New Post(0)