Volume 3A System Programming Guide_ Part 1 (794103), страница 61
Текст из файла (страница 61)
The following conditions cause general-protection exceptions to begenerated:•Exceeding the segment limit when accessing the CS, DS, ES, FS, or GSsegments.•Exceeding the segment limit when referencing a descriptor table (except during atask switch or a stack switch).••••Transferring execution to a segment that is not executable.•Loading the SS, DS, ES, FS, or GS register with a segment selector for a systemsegment.•Loading the DS, ES, FS, or GS register with a segment selector for an executeonly code segment.•Loading the SS register with the segment selector of an executable segment or anull segment selector.•Loading the CS register with a segment selector for a data segment or a nullsegment selector.•Accessing memory using the DS, ES, FS, or GS register when it contains a nullsegment selector.••Switching to a busy task during a call or jump to a TSS.••Violating any of the privilege rules described in Chapter 4, “Protection.”•Loading the CR0 register with a set PG flag (paging enabled) and a clear PE flag(protection disabled).Writing to a code segment or a read-only data segment.Reading from an execute-only code segment.Loading the SS register with a segment selector for a read-only segment (unlessthe selector comes from a TSS during a task switch, in which case an invalid-TSSexception occurs).Using a segment selector on a non-IRET task switch that points to a TSSdescriptor in the current LDT.
TSS descriptors can only reside in the GDT. Thiscondition causes a #TS exception during an IRET task switch.Exceeding the instruction length limit of 15 bytes (this only can occur whenredundant prefixes are placed before an instruction).5-50 Vol. 3INTERRUPT AND EXCEPTION HANDLING••Loading the CR0 register with a set NW flag and a clear CD flag.•Attempting to access an interrupt or exception handler through an interrupt ortrap gate from virtual-8086 mode when the handler’s code segment DPL isgreater than 0.••Attempting to write a 1 into a reserved bit of CR4.•••Writing to a reserved bit in an MSR.Referencing an entry in the IDT (following an interrupt or exception) that is notan interrupt, trap, or task gate.Attempting to execute a privileged instruction when the CPL is not equal to 0 (seeSection 4.9, “Privileged Instructions,” for a list of privileged instructions).Accessing a gate that contains a null segment selector.Executing the INT n instruction when the CPL is greater than the DPL of thereferenced interrupt, trap, or task gate.•The segment selector in a call, interrupt, or trap gate does not point to a codesegment.•The segment selector operand in the LLDT instruction is a local type (TI flag isset) or does not point to a segment descriptor of the LDT type.•The segment selector operand in the LTR instruction is local or points to a TSSthat is not available.••The target code-segment selector for a call, jump, or return is null.••Attempting to write a non-zero value into the reserved bits of the MXCSR register.If the PAE and/or PSE flag in control register CR4 is set and the processor detectsany reserved bits in a page-directory-pointer-table entry set to 1.
These bits arechecked during a write to control registers CR0, CR3, or CR4 that causes areloading of the page-directory-pointer-table entry.Executing an SSE/SSE2/SSE3 instruction that attempts to access a 128-bitmemory location that is not aligned on a 16-byte boundary when the instructionrequires 16-byte alignment. This condition also applies to the stack segment.A program or task can be restarted following any general-protection exception. If theexception occurs while attempting to call an interrupt handler, the interruptedprogram can be restartable, but the interrupt may be lost.Exception Error CodeThe processor pushes an error code onto the exception handler's stack.
If the faultcondition was detected while loading a segment descriptor, the error code contains asegment selector to or IDT vector number for the descriptor; otherwise, the errorcode is 0. The source of the selector in an error code may be any of the following:••An operand of the instruction.A selector from a gate which is the operand of the instruction.Vol. 3 5-51INTERRUPT AND EXCEPTION HANDLING••A selector from a TSS involved in a task switch.IDT vector number.Saved Instruction PointerThe saved contents of CS and EIP registers point to the instruction that generated theexception.Program State ChangeIn general, a program-state change does not accompany a general-protection exception, because the invalid instruction or operation is not executed.
An exceptionhandler can be designed to correct all of the conditions that cause general-protectionexceptions and restart the program or task without any loss of program continuity.If a general-protection exception occurs during a task switch, it can occur before orafter the commit-to-new-task point (see Section 6.3, “Task Switching”). If it occursbefore the commit point, no program state change occurs. If it occurs after thecommit point, the processor will load all the state information from the new TSS(without performing any additional limit, present, or type checks) before it generatesthe exception. The general-protection exception handler should thus not rely onbeing able to use the segment selectors found in the CS, SS, DS, ES, FS, and GSregisters without causing another exception.
(See the Program State Changedescription for “Interrupt 10—Invalid TSS Exception (#TS)” in this chapter for additional information on how to handle this situation.)General Protection Exception in 64-bit ModeThe following conditions cause general-protection exceptions in 64-bit mode:•••If the memory address is in a non-canonical form.••If a code segment or 64-bit call gate overlaps non-canonical space.••If the EFLAGS.NT bit is set in IRET.••If the stack segment selector of IRET is null going back to CPL3 and 64-bit mode.•If the proposed new code segment descriptor of IRET has both the D-bit and theL-bit set.If a segment descriptor memory address is in non-canonical form.If the target offset in a destination operand of a call or jmp is in a non-canonicalform.If the code segment descriptor pointed to by the selector in the 64-bit gatedoesn't have the L-bit set and the D-bit clear.If the stack segment selector of IRET is null when going back to compatibilitymode.If a null stack segment selector RPL of IRET is not equal to CPL going back to nonCPL3 and 64-bit mode.5-52 Vol.
3INTERRUPT AND EXCEPTION HANDLING•If the segment descriptor pointed to by the segment selector in the destinationoperand is a code segment and it has both the D-bit and the L-bit set.••If the segment descriptor from a 64-bit call gate is in non-canonical space.••If the upper type field of a 64-bit call gate is not 0x0.•If an attempt is made to load null selector in the SS register in CPL3 and 64-bitmode.•If an attempt is made to load a null selector in the SS register in non-CPL3 and64-bit mode where RPL is not equal to CPL.••If an attempt is made to clear CR0.PG while IA-32e mode is enabled.If the DPL from a 64-bit call-gate is less than the CPL or than the RPL of the 64-bitcall-gate.If an attempt is made to load a null selector in the SS register in compatibilitymode.If an attempt is made to set a reserved bit in CR3, CR4 or CR8.Vol. 3 5-53INTERRUPT AND EXCEPTION HANDLINGInterrupt 14—Page-Fault Exception (#PF)Exception ClassFault.DescriptionIndicates that, with paging enabled (the PG flag in the CR0 register is set), theprocessor detected one of the following conditions while using the page-translationmechanism to translate a linear address to a physical address:•The P (present) flag in a page-directory or page-table entry needed for theaddress translation is clear, indicating that a page table or the page containingthe operand is not present in physical memory.•The procedure does not have sufficient privilege to access the indicated page(that is, a procedure running in user mode attempts to access a supervisor-modepage).•Code running in user mode attempts to write to a read-only page.
In the Intel486and later processors, if the WP flag is set in CR0, the page fault will also betriggered by code running in supervisor mode that tries to write to a read-onlyuser-mode page.•An instruction fetch to a linear address that translates to a physical address in amemory page with the execute-disable bit set (for Intel 64 and IA-32 processorsthat support the execute disable bit, see Section 3.10, “PAE-Enabled Paging inIA-32e Mode”).•One or more reserved bits in page directory entry are set to 1. See descriptionbelow of RSVD error code flag.The exception handler can recover from page-not-present conditions and restart theprogram or task without any loss of program continuity. It can also restart theprogram or task after a privilege violation, but the problem that caused the privilegeviolation may be uncorrectable.Exception Error CodeYes (special format).
The processor provides the page-fault handler with two items ofinformation to aid in diagnosing the exception and recovering from it:•An error code on the stack. The error code for a page fault has a format differentfrom that for other exceptions (see Figure 5-9). The error code tells theexception handler four things:— The P flag indicates whether the exception was due to a not-present page (0)or to either an access rights violation or the use of a reserved bit (1).— The W/R flag indicates whether the memory access that caused the exceptionwas a read (0) or write (1).— The U/S flag indicates whether the processor was executing at user mode (1)or supervisor mode (0) at the time of the exception.5-54 Vol. 3INTERRUPT AND EXCEPTION HANDLING— The RSVD flag indicates that the processor detected 1s in reserved bits of thepage directory, when the PSE or PAE flags in control register CR4 are set to 1.Note:•The PSE flag is only available in recent Intel 64 and IA-32 processorsincluding the Pentium 4, Intel Xeon, P6 family, and Pentium processors.•The PAE flag is only available on recent Intel 64 and IA-32 processorsincluding the Pentium 4, Intel Xeon, and P6 family processors.•In earlier IA-32 processor, the bit position of the RSVD flag is reserved.— The I/D flag indicates whether the exception was caused by an instructionfetch.
This flag is reserved if the processor does not support execute-disablebit or execute disable bit feature is not enabled (see Section 3.10).4 3 2 1 031PW/RU/SRSVDI/DReservedP0 The fault was caused by a non-present page.1 The fault was caused by a page-level protection violation.W/R0 The access causing the fault was a read.1 The access causing the fault was a write.U/S0 The access causing the fault originated when the processorwas executing in supervisor mode.1 The access causing the fault originated when the processorwas executing in user mode.RSVD0 The fault was not caused by reserved bit violation.1 The fault was caused by reserved bits set to 1 in a page directory.I/D0 The fault was not caused by an instruction fetch.1 The fault was caused by an instruction fetch.Figure 5-9.