Volume 2 System Programming (794096), страница 40
Текст из файла (страница 40)
Long mode allows RET to pop anull selector into SS from the stack under the following conditions:••The target mode is 64-bit mode.The target CPL is less than 3.In this case, the processor does not load an SS descriptor, and the null selector is loaded into SSwithout causing a #GP exception.4.12Limit ChecksExcept in 64-bit mode, limit checks are performed by all instructions that reference memory.
Limitchecks detect attempts to access memory outside the current segment boundary, attempts at executinginstructions outside the current code segment, and indexing outside the current descriptor table. If aninstruction fails a limit check, either (1) a general-protection exception occurs for all other segmentlimit violations or (2) a stack-fault exception occurs for stack-segment limit violations.In 64-bit mode, segment limits are not checked during accesses to any segment referenced by the CS,DS, ES, FS, GS, and SS selector registers. Instead, the processor checks that the virtual addresses usedto reference memory are in canonical-address form.
In 64-bit mode, as with legacy mode andcompatibility mode, descriptor-table limits are checked.4.12.1 Determining Limit ViolationsTo determine segment-limit violations, the processor checks a virtual (linear) address to see if it fallsoutside the valid range of segment offsets determined by the segment-limit field in the descriptor. Ifany part of an operand or instruction falls outside the segment-offset range, a limit violation occurs.For example, a doubleword access, two bytes from an upper segment boundary, causes a segmentviolation because half of the doubleword is outside the segment.110Segmented Virtual Memory24593—Rev.
3.13—July 2007AMD64 TechnologyThree bits from the descriptor entry are used to control how the segment-limit field is interpreted: thegranularity (G) bit, the default operand-size (D) bit, and for data segments, the expand-down (E) bit.See “Legacy Segment Descriptors” on page 77 for a detailed description of each bit.For all segments other than expand-down segments, the minimum segment-offset is 0. The maximumsegment-offset depends on the value of the G bit:••If G=0 (byte granularity), the maximum allowable segment-offset is equal to the value of thesegment-limit field.If G=1 (4096-byte granularity), the segment-limit field is first scaled by 4096 (1000h). Then 4095(0FFFh) is added to the scaled value to arrive at the maximum allowable segment-offset, as shownin the following equation:maximum segment-offset = (limit × 1000h) + 0FFFhFor example, if the segment-limit field is 0100h, then the maximum allowable segment-offset is(0100h × 1000h) + 0FFFh = 10_1FFFh.In both cases, the maximum segment-size is specified when the descriptor segment-limit field is0F_FFFFh.Expand-Down Segments.
Expand-down data segments are supported in legacy mode andcompatibility mode but not in 64-bit mode. With expand-down data segments, the maximum segmentoffset depends on the value of the D bit in the data-segment descriptor:••If D=0 the maximum segment-offset is 0_FFFFh.If D=1 the maximum segment-offset is 0_FFFF_FFFFh.The minimum allowable segment offset in expand-down segments depends on the value of the G bit:••If G=0 (byte granularity), the minimum allowable segment offset is the segment-limit value plus 1.For example, if the segment-limit field is 0100h, then the minimum allowable segment-offset is0101h.If G=1 (4096-byte granularity), the segment-limit value in the descriptor is first scaled by 4096(1000h), and then 4095 (0FFFh) is added to the scaled value to arrive at a scaled segment-limitvalue.
The minimum allowable segment-offset is this scaled segment-limit value plus 1, as shownin the following equation:minimum segment-offset = (limit × 1000) + 0FFFh + 1For example, if the segment-limit field is 0100h, then the minimum allowable segment-offset is(0100h × 1000h) + 0FFFh + 1 = 10_1000h.For expand-down segments, the maximum segment size is specified when the segment-limit value is 0.Segmented Virtual Memory111AMD64 Technology4.1324593—Rev.
3.13—July 2007Type ChecksType checks prevent software from using descriptors in invalid ways. Failing a type check results in anexception. Type checks are performed using five bits from the descriptor entry: the S bit and the 4-bitType field. Together, these five bits are used to specify the descriptor type (code, data, segment, orgate) and its access characteristics. See “Legacy Segment Descriptors” on page 77 for a detaileddescription of the S bit and Type-field encodings. Type checks are performed by the processor incompatibility mode as well as legacy mode.
Limited type checks are performed in 64-bit mode.4.13.1 Type Checks in Legacy and Compatibility ModesThe type checks performed in legacy mode and compatibility mode are listed in the following sections.Descriptor-Table Register Loads. Loads into the LDTR and TR descriptor-table registers arechecked for the appropriate system-segment type. The LDTR can only be loaded with an LDTdescriptor, and the TR only with a TSS descriptor. The checks are performed during any action thatcauses these registers to be loaded.
This includes execution of the LLDT and LTR instructions andduring task switches.Segment Register Loads. The following restrictions are placed on the segment-descriptor types thatcan be loaded into the six user segment registers:•••Only code segments can be loaded into the CS register.Only writable data segments can be loaded into the SS register.Only the following segment types can be loaded into the DS, ES, FS, or GS registers:- Read-only or read/write data segments.- Readable code segments.These checks are performed during any action that causes the segment registers to be loaded. Thisincludes execution of the MOV segment-register instructions, control transfers, and task switches.Control Transfers.
Control transfers (branches and interrupts) place additional restrictions on thesegment types that can be referenced during the transfer:•The segment-descriptor type referenced by far CALLs and far JMPs must be one of the following:- A code segment- A call gate or a task gate- An available TSS (only allowed in legacy mode)- A task gate (only allowed in legacy mode)•Only code-segment descriptors can be referenced by call-gate, interrupt-gate, and trap-gatedescriptors.Only TSS descriptors can be referenced by task-gate descriptors.The link field (selector) in the TSS can only point to a TSS descriptor. This is checked during anIRET control transfer to a task.••112Segmented Virtual Memory24593—Rev. 3.13—July 2007••AMD64 TechnologyThe far RET and far IRET instructions can only reference code-segment descriptors.The interrupt-descriptor table (IDT), which is referenced during interrupt control transfers, canonly contain interrupt gates, trap gates, and task gates.Segment Access.
After a segment descriptor is successfully loaded into one of the segmentregisters, reads and writes into the segments are restricted in the following ways:•••Writes are not allowed into read-only data-segment types.Writes are not allowed into code-segment types (executable segments).Reads from code-segment types are not allowed if the readable (R) type bit is cleared to 0.These checks are generally performed during execution of instructions that access memory.4.13.2 Long Mode Type Check DifferencesCompatibility Mode and 64-Bit Mode. The following type checks differ in long mode (64-bit modeand compatibility mode) as compared to legacy mode:••System Segments—System-segment types are checked, but the following types that are valid inlegacy mode are illegal in long mode:- 16-bit available TSS.- 16-bit busy TSS.- Type-field encoding of 00h in the upper half of a system-segment descriptor to indicate anillegal type and prevent access as a legacy descriptor.Gates—Gate-descriptor types are checked, but the following types that are valid in legacy modeare illegal in long mode:- 16-bit call gate.- 16-bit interrupt gate.- 16-bit trap gate.- Task gate.64-Bit Mode.
64-bit mode disables segmentation, and most of the segment-descriptor fields areignored. The following list identifies situations where type checks in 64-bit mode differ from those incompatibility mode and legacy mode:••Code Segments—The readable (R) type bit is ignored in 64-bit mode. None of the legacy typechecks that prevent reads from or writes into code segments are performed in 64-bit mode.Data Segments—Data-segment type attributes are ignored in 64-bit mode. The writable (W) andexpand-down (E) type bits are ignored.
All data segments are treated as writable.Segmented Virtual Memory113AMD64 Technology11424593—Rev. 3.13—July 2007Segmented Virtual Memory24593—Rev. 3.13—July 20075AMD64 TechnologyPage Translation and ProtectionThe x86 page-translation mechanism (or simply paging mechanism) enables system software to createseparate address spaces for each process or application.
These address spaces are known as virtualaddress spaces. System software uses the paging mechanism to selectively map individual pages ofphysical memory into the virtual-address space using a set of hierarchical address-translation tablesknown collectively as page tables.The paging mechanism and the page tables are used to provide each process with its own private regionof physical memory for storing its code and data. Processes can be protected from each other byisolating them within the virtual-address space. A process cannot access physical memory that is notmapped into its virtual-address space by system software.System software can use the paging mechanism to selectively map physical-memory pages intomultiple virtual-address spaces.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
