Volume 2 System Programming (794096), страница 80
Текст из файла (страница 80)
A visible portion holdsthe TSS selector, and a hidden portion holds the TSS descriptor. When the TSS selector is loaded intothe TR, the processor automatically loads the TSS descriptor from the GDT into the hidden portion ofthe TR.The TR is loaded with a new selector using the LTR instruction. The TR is also loaded during a taskswitch, as described in “Switching Tasks” on page 319.Figure 12-3 shows the format of the TR in legacy mode.SelectorDescriptor Attributes32-Bit Descriptor-Table Limit32-Bit Descriptor-Table Base AddressHidden From Software513-221.epsFigure 12-3.
TR Format, Legacy ModeTask Management309AMD64 Technology24593—Rev. 3.13—July 2007Figure 12-4 shows the format of the TR in long mode (both compatibility mode and 64-bit mode).SelectorDescriptor Attributes32-Bit Descriptor-Table Limit64-Bit Descriptor-Table Base AddressHidden From Software513-267.epsFigure 12-4.TR Format, Long ModeThe AMD64 architecture expands the TSS-descriptor base-address field to 64 bits so that systemsoftware running in long mode can access a TSS located anywhere in the 64-bit virtual-address space.The processor ignores the 32 high-order base-address bits when running in legacy mode. Because theTR is loaded from the GDT, the system-segment descriptor format has been expanded to 16 bytes bythe AMD64 architecture in support of 64-bit mode. See “System Descriptors” on page 88 for moreinformation on this expanded format.
The high-order base-address bits are only loaded from 64-bitmode using the LTR instruction. Figure 12-5 shows the relationship between the TSS and GDT.GlobalDescriptorTableTaskStateSegmentTask SelectorTSS AttributesGDT LimitGDT Base AddressGlobal Descriptor Table RegisterTSS LimitTSS Base AddressTask Register513-210.epsFigure 12-5. Relationship between the TSS and GDT310Task Management24593—Rev. 3.13—July 2007AMD64 TechnologyLong mode requires the use of a 64-bit TSS type, and this type must be loaded into the TR byexecuting the LTR instruction in 64-bit mode.
Executing the LTR instruction in 64-bit mode loads theTR with the full 64-bit TSS base address from the 16-byte TSS descriptor format (compatibility modecan only load 8-byte system descriptors). A processor running in either compatibility mode or 64-bitmode uses the full 64-bit TR.base address.12.2.4 Legacy Task-State SegmentThe task-state segment (TSS) is a data structure in memory that the processor uses to save and restorethe execution state for a task when a task switch occurs. Figure 12-6 on page 312 shows the format of alegacy 32-bit TSS.Task Management311AMD64 Technology24593—Rev. 3.13—July 2007Bit Offset3116Byte0 Offset15IOPBBaseI/O-Permission Bitmap (IOPB) (Up to 8 Kbytes)Interrupt-Redirection Bitmap (IRB) (Eight 32-Bit Locations)↑↓↑↓Operating-System Data StructureReserved, IGNI/O-Permission Bitmap Base Address+64hReserved, IGNLDT Selector+60hReserved, IGNGS+5ChReserved, IGNFS+58hReserved, IGNDS+54hReserved, IGNSS+50hReserved, IGNCS+4ChReserved, IGNES+48hEDI+44hESI+40hEBP+3ChESP+38hEBX+34hEDX+30hECX+2ChEAX+28hEFLAGS+24hEIP+20hCR3+1ChReserved, IGNSS2ESP2Reserved, IGNSS1Reserved, IGNESP0+08h+04hLink (Prior TSS Selector)Figure 12-6.+10h+0ChSS0Reserved, IGN+18h+14hESP1312T+00hLegacy 32-bit TSSTask Management24593—Rev.
3.13—July 2007AMD64 TechnologyThe 32-bit TSS contains three types of fields:•••Static fields are read by the processor during a task switch when a new task is loaded, but are notwritten by the processor when a task is suspended.Dynamic fields are read by the processor during a task switch when a new task is loaded, and arewritten by the processor when a task is suspended.Software-defined fields are read and written by software, but are not read or written by theprocessor. All but the first 104 bytes of a TSS can be defined for software purposes, minus anyadditional space required for the optional I/O-permission bitmap and interrupt-redirection bitmap.TSS fields are not read or written by the processor when the LTR instruction is executed. The LTRinstruction loads the TSS descriptor into the TR and marks the task as busy, but it does not cause a taskswitch.The TSS fields used by the processor in legacy mode are:•••••••••••Link—Bytes 01h–00h, dynamic field.
Contains a copy of the task selector from the previouslyexecuted task. See “Nesting Tasks” on page 323 for additional information.Stack Pointers—Bytes 1Bh–04h, static field. Contains the privilege 0, 1, and 2 stack pointers forthe task. These consist of the stack-segment selector (SSn), and the stack-segment offset (ESPn).CR3—Bytes 1Fh–1Ch, static field. Contains the page-translation-table base-address (CR3)register for the task.EIP—Bytes 23h–20h, dynamic field. Contains the instruction pointer (EIP) for the next instructionto be executed when the task is restored.EFLAGS—Bytes 27h–24h, dynamic field.
Contains a copy of the EFLAGS image at the point thetask is suspended.General-Purpose Registers—Bytes 47h–28h, dynamic field. Contains a copy of the EAX, ECX,EDX, EBX, ESP, EBP, ESI, and EDI values at the point the task is suspended.Segment-Selector Registers—Bytes 59h–48h, dynamic field. Contains a copy of the ES, CS, SS,DS, FS, and GS, values at the point the task is suspended.LDT Segment-Selector Register—Bytes 63h–60h, static field. Contains the local-descriptor-tablesegment selector for the task.T (Trap) Bit—Bit 0 of byte 64h, static field. This bit, when set to 1, causes a debug exception(#DB) to occur on a task switch. See “Breakpoint Instruction (INT3)” on page 338 for additionalinformation.I/O-Permission Bitmap Base Address—Bytes 67h–66h, static field.
This field represents a 16-bitoffset into the TSS. This offset points to the beginning of the I/O-permission bitmap, and the end ofthe interrupt-redirection bitmap.I/O-Permission Bitmap—Static field. This field specifies protection for I/O-port addresses (up tothe 64K ports supported by the processor), as follows:- Whether the port can be accessed at any privilege level.- Whether the port can be accessed outside the privilege level established by EFLAGS.IOPL.Task Management313AMD64 Technology•24593—Rev.
3.13—July 2007- Whether the port can be accessed when the processor is running in virtual-8086 mode.Because one bit is used per 8-byte I/O-port, this bitmap can take up to 8 Kbytes of TSS space. Thebitmap can be located anywhere within the first 64 Kbytes of the TSS, as long as it is above byte103. The last byte of the bitmap must contain all ones (0FFh). See “I/O-Permission Bitmap” onpage 314 for more information.Interrupt-Redirection Bitmap—Static field. This field defines how each of the 256-possiblesoftware interrupts is directed in a virtual-8086 environment. One bit is used for each interrupt, fora total bitmap size of 32 bytes.
The bitmap can be located anywhere above byte 103 within the first64 Kbytes of the TSS. See “Interrupt Redirection of Software Interrupts” on page 248 forinformation on using this field.The TSS can be paged by system software. System software that uses the hardware task-switchmechanism must guarantee that a page fault does not occur during a task switch. Because the processoronly reads and writes the first 104 TSS bytes during a task switch, this restriction only applies to thosebytes. The simplest approach is to align the TSS on a page boundary so that all critical bytes are eitherpresent or not present.
Then, if a page fault occurs when the TSS is accessed, it occurs before the firstbyte is read. If the page fault occurs after a portion of the TSS is read, the fault is unrecoverable.I/O-Permission Bitmap. The I/O-permission bitmap (IOPB) allows system software to grant less-privileged programs access to individual I/O ports, overriding the effect of RFLAGS.IOPL for thosedevices. When an I/O instruction is executed, the processor checks the IOPB only if the processor is invirtual x86 mode or the CPL is greater than the RFLAGS.IOPL field. Each bit in the IOPB correspondsto a byte I/O port.
A word I/O port corresponds to two consecutive IOPB bits, and a doubleword I/Oport corresponds to four consecutive IOPB bits. Access is granted to an I/O port of a given size whenall IOPB bits corresponding to that port are clear. If any bits are set, a #GP occurs.The IOPB is located in the TSS, as shown by the example in Figure 12-7 on page 315. Each TSS canhave a different copy of the IOPB, so access to individual I/O devices can be granted on a task-by-taskbasis. The I/O-permission bitmap base-address field located at byte 66h in the TSS is an offset into theTSS locating the start of the IOPB. If all 64K IO ports are supported, the IOPB base address must notbe greater than 0DFFFh, otherwise accesses to the bitmap cause a #GP to occur.
An extra byte must bepresent after the last IOPB byte. This byte must have all bits set to 1 (0FFh). This allows the processorto read two IOPB bytes each time an I/O port is accessed. By reading two IOPB bytes, the processorcan check all bits when unaligned, multi-byte I/O ports are accessed.314Task Management24593—Rev.
3.13—July 2007AMD64 TechnologyBit Offset3116 151111_11110ByteOffsetIOPB+ChIOPB+8h0 0 0 0IOPB+4hIOPBI/O-Permission Bitmap Base Address+64h...+00hFigure 12-7. I/O-Permission Bitmap ExampleBits in the IOPB sequentially correspond to I/O port addresses. The example in Figure 12-7 shows bits12 through 15 in the second doubleword of the IOPB cleared to 0. Those bit positions correspond tobyte I/O ports 44h through 47h, or alternatively, doubleword I/O port 44h. Because the bits are clearedto zero, software running at any privilege level can access those I/O ports.By adjusting the TSS limit, it may happen that some ports in the I/O-address space have nocorresponding IOPB entry. Ports not represented by the IOPB will cause a #GP exception. Referringagain to Figure 12-7, the last IOPB entry is at bit 23 in the fourth IOPB doubleword, whichcorresponds to I/O port 77h.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
