Venturing into protected-modeA need for DiagnosticsMemory-addressesReal-Mode AddressesProtected-Mode AddressesSegment-Descriptor Format“Hidden” part of segment-registersSegment-Register “cache”Illegal segment-valuesSpecial ‘system’ registersGDT and IDTIA-32: 48-bit Register-FormatSystem RelationshipsLDT and TSSIndirectionSlide 16Reading LDTR and TRControl Register 0Using the LMSW instructionHow to enter protected-modeHow to leave protected-modeAn observationIn-class exercisesVenturing into protected-modeA first look at the CPU registers and instructions which provide the essential supporting infrastructureA need for Diagnostics•Upon entering protected-mode, the “rules” change regarding the allowed CPU actions•Memory-addresses are computed using a different set of circuitry within the CPU•Restrictions are enforced by generating a variety of “exceptions” which interrupt the CPU’s normal fetch-execute cycle•We will need to “diagnose” their causesMemory-addresses•The first change programmers encounter when the CPU is switched into Protected Mode concerns the way in which the CPU constructs its memory-addresses (i.e., the segment registers play a different role)•Some formerly “hidden” aspects of those segment-registers will come to the fore!•(Some terminology also gets revised)Real-Mode Addresses segmentLogical Address:offsetOperand’s effective addressPhysical Address:+ x16While in Real-Mode, the memory-segments are all 64-kilobytes in size (and readable/writable)Protected-Mode Addresses segment-selectorLogical Address:segment-offsetOperand’s effective addressPhysical Address:descriptordescriptordescriptordescriptorSegment Descriptor Table+Segment Base-address (also Segment-Limit and Access Rights)Validity is checked by CPUSegment-Descriptor FormatBase[31..24] G DRSVAVLLimit[19..16]PDPLS XC/DR/WA Base[23..16]Base[15..0] Limit[15..0]63 32310 Several instances of this basic ‘segment-descriptor’ data-structure will occur in the Global Descriptor Table (and maybe also in some Local Descriptor Tables)“Hidden” part of segment-registersselector segment base segment limitaccessrightsThe programmer-visible part of a segment-registerThe “invisible” parts of a segment-registerSegment-Register “cache”•The “hidden” portions of any segment-register will automatically be modified whenever any instruction places a new value in a segment-register’s visible part •Examples (some obvious, some not):mov %ax, %ds # new value from a general registerpop %es # new value from a word in memorylss tos, %esp # new value from a memory-pointerljmp $0x07C0, $main # new value from “immediate” dataint $0x13 # new value from interrupt vector tablelret # new value from the stack’s memoryIllegal segment-values•In Real-Mode, any 16-bit value was ‘legal’ to be loaded into any segment-register•But in Protected-Mode, the CPU doesn’t allow certain 16-bit values to be placed in certain particular segment-registers •For example: the selector for a descriptor that isn’t ‘executable’ cannot go into CS, and one that’s legal for CS can’t go in SSSpecial ‘system’ registers•In protected-mode the CPU needs quick access to its important data-structures: –Memory-Segment Descriptors–Interrupt-Gate Descriptors–Call-Gate Descriptors–Task-State Descriptors–Page-Directory and Page-Table Descriptors•So special CPU registers exist which are dedicated to locating those crucial itemsGDT and IDT•The two most vital system registers for protected-mode execution are:–GDTR (Global Descriptor Table Register)–IDTR (Interrupt Descriptor Table Register)•Each of these is 48-bits wide and contains the base-address and segment-limit for an array of descriptors (the GDT and the IDT)•Special instructions allow access to these registers: SGDT/LGDT and SIDT/LIDTAddendum: The widths of these registers are larger if cpu supports ia32e.IA-32: 48-bit Register-FormatSegment Base-AddressSegmentLimit47 16 15 016 bits32 bitsSystem RelationshipsdescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptordescriptorInterrupt Descriptor TableGlobal Descriptor TableGDTRIDTRLDT and TSS•For protected-mode multitasking, the CPU needs to access two other data-structures:–The current Local Descriptor Table (LDT)–The current Task-State Segment (TSS)•Again, special registers tell the CPU where to find these data-structures in memory (assuming protected-mode is enabled)•And special instructions afford access to them: SLDT/LLDT and STR/LTRIndirection•Registers LDTR and TR are like segment-registers: they have a visible part (16-bits) and a “hidden” descriptor-cache part•The programmer-visible portion of these two registers holds a “segment-selector” (i.e., an array-index into the GDT array)•The hidden portion is updated from the GDT whenever these register get loadedSystem RelationshipsTaskStateSegmentdescriptordescriptordescriptordescriptordescriptordescriptorGDTRdescriptordescriptordescriptordescriptordescriptordescriptorLocal Descriptor TabledescriptordescriptordescriptordescriptordescriptordescriptorLDTRTRGlobal Descriptor TableReading LDTR and TR•The LDTR and TR registers are not able to be accessed while executing in real-mode •An “Undefined Opcode” exception (INT-6) will be generated if SLDT or STR opcodes are encountered in a “real-mode” program•So to obtain the values in these registers, any bootsector program must temporarily enable protected-modeControl Register 0•Register CR0 is the 32-bit version of the MSW register (Machine Status Word) •It contains the PE-bit (Protection Enabled)–when PE=0 the CPU is in real-mode –when PE=1 the CPU is in protected-modePGCDNWAMWPNEETTSEMMPPEMachine Status WordUsing the LMSW instruction•You can use the LMSW instruction to turn on the PE-bit (enabling ‘protected-mode’)•But you cannot use LMSW to turn off PE (i.e., PE was a “sticky bit” in the 80286)•The Intel 80386 processor introduced a new name and enlarged size for the MSW•Special version of the ‘MOV’ instruction can either enable or disable the PE-bitHow to enter protected-modeThis instruction-sequence turns on PE-bit:Warning: you have to do this with interruptstemporarily disabled -- since the real-mode Interrupt Vector Table won’t