V. Task status segment and control door
Each task has a task status segment TSS for saving the information about the task, and uses this information when transforming privilege levels and task switches within tasks. In order to control the transfer of privilege-level transformations within the task, in order to control task switching, these transfer is generally performed by the control door. This article will introduce the task status segment and the control door.
<1> System Segment Descriptor
The system segment is a special segment used to implement the storage management mechanism. In 80386, there are two system segments: task status segment TSS and local descriptor table LDT segment. The descriptor used to describe the system segment is referred to as a system segment descriptor.
1. Format of system segment descriptor
The general format of the system segment descriptor is shown in the table below.
System Segment Descriptor M 7M 6M 5M 4M 3M 2M 1M 0Base (31 ... 24) AttributeSsegment Base (23 ... 0) Segment Limite (15 ... 0)
System segment descriptor attribute BYTE M 6BYTE M 5bit7bit6bit5bit4bit3bit2bit1bit0bit7bit6bit5bit4bit3bit2bit1bit0gx0avllimit (19 ... 16) PDPLDT0TYPE
Compared to the memory segment descriptor, they are similar, distinguishing the marks that are distinguished by the descriptor type bit DT in the property byte. DT = 1 represents a memory segment, DT = 0 represents the system segment. The segment-based site and segmental fields in the system segment descriptor are exactly the same as the meaning of the memory segment descriptor; the role of the G bit, AVL bit, P-bit, and DPL fields in the properties are identical. The D bit in the memory segment descriptor property is not used in the system segment descriptor, and the current symbol x is represented. The type field Type of the system segment descriptor is still 4 bits, its encoding, and expressed types are listed in the table, and its meaning is completely different from the type of memory segment descriptor.
System Segment Type Coding Ming 0 Undefined 1 Available 286TSS2LDT3 Busy 286TSS4286 Call Door 5 Task Gate 6286 Interrupt Door 7286 Trap Door
System segment type type encoding statement
As can be seen from the above, only the descriptor of type 2, 1, 3, 9 and b is the real system segment descriptor, which is used to describe the system segment LDT and task status segment TSS, other types of descriptors are the door. Descriptor.
The system segment descriptor can be easily illustrated in the program by using the memory segment descriptor type DESC defined by the previous article. It should be noted that the selection of the system segment descriptor cannot be used to read and write system segments. To read and write system segments, alias technology must be used.
2.LDT paragraph descriptor
The LDT segment descriptor describes the local descriptor table segment of the task. For example: The following descriptor LDTable describes a partial descriptor table, the base address is 654321h, the boundary of byte is 1FH, and the descriptor privilege level is 0.
LDTable DESC <1FH, 4321H, 65H, 82H,>
The LDT segment descriptor must be arranged in the global descriptor table to be valid. When loading the LDTR register, the LDT segment base address and segment limit address in the descriptor are loaded into the LDT segment descriptor high-speed buffer register.
3. Task status segment descriptor
Task status segment TSS is used to save various status information of the task. Task Status Segment Descriptor Description A task status section TSS descriptor is divided into 286TSS and 386TSS. The TSS descriptor specifies information such as the base address of the task status section and the size of the task status section. For example, the following descriptor Temptask describes an available 386 task status segment, the base address is 123456h, the boundary of byte is 104, and the descriptor privacy level is 0.
Temptask Desc <104,3456h, 12h, 89h,>
When the task status segment register TR is loaded, the segment base address and the segmental limit of the descriptor are loaded into the TR's high speed buffer register. When you switch or execute the LTR command, you want to load the TR register. Types in the TSS descriptor specify: TSS either "busy" or "available". If a task is the task that is currently executing, or the task is linked to the current task with the link field in TSS, then the task is a "busy" task; otherwise the task is "available" task.
Use the inter-time transfer command JMP and inter-segment call command CALL, directly through the TSS descriptor or through the task door to achieve task switching.
In addition to the memory segment descriptor and system segment descriptor, there is a type of door descriptor. The door descriptor does not describe some memory segment, but describes the entry point of the control transfer. This descriptor is better than the door with another code segment. Through this door, the transformation and task between the task are enabled by this door. Therefore, such a descriptor is also called a control door.
1. General format of the door descriptor
The general format of the door descriptor is shown below. The door descriptor is only consistent with the type byte of the offset 5 in the descriptor, and is also consistent with the system segment, and is also made by the byte label descriptor and system segment descriptor. The meaning of P and DPL in this byte is the same as the meaning of other descriptors. Other bytes are primarily used to store a 48-bit full pointer (16-bit selection sub-and 32-bit offset).
Door Descriptor M 7M 6M 5M 4M 3M 2M 1M 0Offset (31 ... 16) AttributeSselectorOffset (15 ... 0)
Door Descriptor Attribute Byte M 5Byte M 4bit7bit6bit5bit4bit3bit2bit1bit0bit7bit6bit5bit4bit3bit2bit1bit0pldt0type000dword Count Count Count Count Count Count
According to the structure of the door descriptor given above, the following descriptor structure type can be defined:
Gate struct; door structure type definition
OFFSETL DW 0; 32-bit offset low 16 bits
Selector dw 0; selector
DCOUNT DB 0; double word count field
GTYPE DB 0; Type
OFFSEth DW 0; 32-bit offset high 16-bit
Gate Ends
The door descriptor structure type Gate can be easily explained in the program.
For example, the following door descriptor SUBRG describes a 386 call door, the selector in the door is 10 h, the inlet offset is 123456h, and the door descriptor privacy is 3, and the double word count is 0.
Subrg Gate <3456, 10H, 8CH 60H, 12H>
It can be seen from the list of the above descriptor types, and the door descriptor can also be divided into: task door, call the door, interrupt gate and trap door, and other descriptors are divided into 286 and 386.
2. Call the door
The door describes the entry of a subroutine. The selector in the call gate must implement the code segment descriptor, and the offset in the call gate is the offset in the corresponding code segment. Use the inter-segment call command CALL, transform from the outer privilege level from the outer privilege level to the inner layer privilege.
The bit 0 to bit 0-byte of the two bytes of the door descriptor shown in the above figure is a double word count field, which is only valid in the call gate descriptor and is invalid in other door descriptors. The main program passes the entrance parameters to the subroutine via the stack, and if the privilege level of the transition and stack changes when using the calling door, then the parameters in the outer stack are needed to copy to the inner stack. The double-word count field is used to illustrate the number of dual word parameters to be copied when this happens.
3. Task Gate
Task door instruction task. The selection of the task door must indicate the task status segment TSS descriptor in the GDT, and the offset in the door is meaningless. The entry point of the task is saved in TSS. Use the inter-time transfer instruction JMP and inter-segment call command Call, task switching can be achieved by the task door. 4. Interrupt door and trap door
Interrupts and trap doors describe the population points of the interrupt / exception handler. The selection in the interrupt gate and trap must point to the code segment descriptor, the offset in the door is the offset of the population point of the corresponding code segment. The interrupt door and trap door are only valid in the interrupt descriptor table IDT. The difference between interrupting doors and traps will be discussed in future articles.
<3> Task State Section
Task State Segment is a special segment that saves a task important information. Task status segment descriptors are used to describe such system segments. The visible portion of the task status section register TR contains the selection of the task status segment descriptor of the current task, and the invisible cache register portion of TR contains information such as segment base address and segment limit of the current task status segment.
TSS plays an important role in the task switching process, and the hung up and recovery of the task is achieved. The so-called task switching refers to the execution of the task that is currently being executed, restores or starts another task. During the task switching process, first, the current value of each register in the processor is automatically saved to the TSS specified by TR; then, the selection of the next task is loaded into TR; finally, the TSS specified from TR Take out the value of each register to each register of the processor. It can be seen that the switching of the task is achieved by saving the full image of the register status of the task field in the TSS.
The basic format of the task status section TSS is shown below.
BIT31-BIT16BIT15-BIT1BIT0Offset0000000000000000 format of link field 0ESP040000000000000000SS08ESP10CH0000000000000000SS110HESP214H0000000000000000SS218HCR31CHEIP20HEFLAGS24HEAX28HECX2CHEDX30HEBX34HESP38HEBP3CHESI40HEDI44H0000000000000000ES48H0000000000000000CS4CH0000000000000000SS50H0000000000000000DS54H0000000000000000FS58H0000000000000000GS5CH0000000000000000LDTR60HI / O permission bit showing the essential part of the task state segment offset 000000000000000T64H
As can be seen from the figure, the basic format of TSS consists of 104 bytes. The 104-byte basic format is unable, but the system software can also define several additional information. Basic 104 bytes can be divided into five areas such as link field areas, inner stack pointer, address mapping registers, registers, and other fields.
1. Register save area
The register saving area is located in TSS offset 20H to 5FH to save universal registers, segment registers, instruction pointers, and flag registers. When the TSS corresponding to the TSS is being executed, the save area is undefined; the current value of these registers is stored in the area when the current task is switched. When the retraction task is switched next time, the value of these registers will be restored from the save area, so that the processor restores the state before the task is changed, and ultimately enables the task to resume execution.
As can be seen from the above figure, each general register corresponds to a 32-bit double word, the instruction pointer, and the flag register corresponds to a 32-bit double word; each segment register also corresponds to a 32-bit double word, and only 16 in segment registers are only 16. Bit, arrange the low half of the word, 16 bits high, generally should be filled with 0.
2. Inland stack pointer area
To effectively achieve protection, the same task uses different stacks in different privileged levels. For example, when transforms from the outer privilege level 3 to the inner privilege level 0, the stack used by the task is also transformed from 3 to the level 3 stack; when the privilege level is transformed from the inner layer privilege level to the outer privilege level 3, the task The stack used also transforms from the 0-level stack to the level 3 stack. So, a task may have four stacks, corresponding to four privileges. Four stacks require four stack pointers. There are three stack pointers in the inner stack pointer area of TSS, which are all 48-bit full pointers (16-bit selection sub-offset), pointing to the top of the 0th, 1 and 2 stack stack, respectively, Starting the position of 4, 12 and 20 in TSS is sequentially stored. When the inner layer is transferred, the appropriate stack pointer is loaded into the SS and ESP registers to transform to the inner stack, and the pointer to the outer stack is saved in the inner stack. There is no pointer to the 3-level stack because the level 3 is the outermost layer, so any one of the transfer to the inner layer is not possible to transfer to level 3.
However, when the privilege level is converted from the inner layer, the pointer to the inner stack is not saved to the inner stack pointer area of the TSS. In fact, the processor is written from the area unless the programming is considered to change the value of the area. This indicates that when the inner layer is transferred, the inner stack is always considered an empty stack. Therefore, recurrence of inner-layer transfer in the same level is not allowed, once the transfer of the inner layer of a certain level occurs, the normal pathway returned to the outer layer is the matching outer layer returns.
3. Address mapping register area
The mapping from the virtual address space to the linear address space is determined by GDT and LDT, and the portion associated with a particular task is determined by the LDT, and the LDT is determined by the LDTR. If the paging mechanism is used, the mapping of the linear address space to the physical address space is determined by the control register CR3 containing the starting physical address of the page directory table. Therefore, the mapping of virtual address spaces to specific tasks to physical address space is determined by LDTR and CR3. Obviously, with the switching of the task, the address mapping relationship is also switched.
The address mapping register area of TSS is composed of a dual word field (CR3) located at offset 1CH and a word field (LDTR) located at offset 60H. At the task switch, the processor automatically takes out these two fields from the TSS to perform the task, and is loaded into the register CR3 and LDTR. This changes the mapping of the virtual address space to the physical address space.
However, when the task is switched, the processor does not switch the replacement task, but the contents of the register CR3 and the LDTR are saved to the address mapping register area in the TSS. In fact, the processor has never written to the area. Therefore, if the program changes the LDTR or CR3, the new value must be saved to the address mapping register area in the TSS. This function can be implemented by alias technology.
4. Link field
The link field schedules double words starting in the TSS offset 0, which is 16 bits unused. When linked, the 16-bit selection of the TSS descriptor of the previous task is saved.
If the current task is activated by the interrupt command Call or interrupt / exception, the link field saves the selection of the TSS that is suspended, and the NT bit in the flag register EFLAGS is set to enable the link field to be valid. At the time of return, since the NT flag bit is 1, the return command RET or the interrupt return command IRET will cause the control to restore the front of the chain along the link field.
5. Other fields
To implement input / output protection, use I / O license bitmaps. The I / O license bitmap used by the task is also stored in TSS as the TSS extension. The words at the offset 66h within the TSS are used to store the I / O license bitmap in the offset in the TSS (calculated from the beginning of the TSS). Regarding the role of the I / O license bitmap, will be described in detail in later articles.
The word at the offset of 64h in TSS is the special attribute provided by the task. In 80386, only one attribute is defined, that is, the debug trap. This attribute is the lowest bit of the word, represented by T. Other locations of this word are retained, must be set to 0. When the task is changed, if the T bit entering the task is 1, then after the task switch is completed, the first instruction of the new task produces a debug trap. 6. Definition TSS with Structural Types
According to the structure of the task status segment TSS given above, the TSS structure type is defined as follows:
; ------------------------------------------------- ---------------------------
; Task State Segment Structure Type Definition
; ------------------------------------------------- ---------------------------
TSS STRUC
Trlink dw 0; link field
DW 0; not used, set to 0
Tresp0 DD 0; 0-level stack pointer
TRSS0 DW 0; 0-level stack segment register
DW 0; not used, set to 0
Tresp1 DD 0; Level 1 Stack Pointer
TRSS1 DW 0; Level 1 stack segment register
DW 0; not used, set to 0
TRESP2 DD 0; Level 2 Stack Pointer
TRSS2 DW 0; Level 2 stack segment register
DW 0; not used, set to 0
TRCR3 DD 0; CR3
Treip DD 0; EIP
Treflag DD 0; EFLAGS
Treax DD 0; EAX
TRECX DD 0; ECX
TREDX DD 0; EDX
Trebx DD 0; EBX
TRESP DD 0; ESP
Trebp DD 0; EBP
Tresi DD 0; ESI
TREDI DD 0; EDI
TRES DW 0; ES
DW 0; not used, set to 0
TRCS DW 0; CS
DW 0; not used, set to 0
TRSS DW 0; SS
DW 0; not used, set to 0
TRDS DW 0; DS
DW 0; not used, set to 0
TRFS DW 0; FS
DW 0; not used, set to 0
TRGS DW 0; GS
DW 0; not used, set to 0
TRLDTR DW 0; LDTR
DW 0; not used, set to 0
TRTRIP DW 0; debug trap flag (only 0)
TriOMAP DW $ 2; pointing to the I / O license bit area to offset TSS Ends
Reference information book name Society Society "80386 and its programming" Tsinghua University Press, Zhou Mingde, editor "80x86 assembly language program design tutorial" Tsinghua University Publishing Social Yang Qiwen Editor