Microprocessors system architectures – IA32 real and virtual-8086 mode
description
Transcript of Microprocessors system architectures – IA32 real and virtual-8086 mode
Microprocessors system architectures – IA32 real
and virtual-8086 mode
Jakub Yaghob
Compatibility with 16-bit code
Advantages Allows execution of an older code
Disadvantages Supports programmer laziness/persistence
IA-32 compatibility modes Real mode Virtual-8086 mode
Compatibility mode comparison Common characteristic
Binary code compatibility with predecessors of IA-32 (8086, 80186, 80286) Possibility to use some 32-bit features
Real mode Nearly compatible with 8086 Starting CPU mode after the RESET Minimal support from OS No protection mechanisms Some important IA-32 features are not available (paging)
Virtual-8086 mode More differences against 8086 Part of the protected mode, cannot run without it Complicated emulation software Keeps protection Uses all features of IA-32 (including paging) Virtualization – more VM86 machines at the same moment Cannot be entered from the long mode
Real mode Usage
CPU starting mode Does not need memory structures, excluding interrupt vector
To this date used for some recovery software No protection
Features Real mode address translation Instruction operands 8- or 16-bit
It is possible to enable 32-bit operation using an instruction prefix Only 16-bit registers are available
Higher parts only using an instruction prefix Including IP and FLAGS
16-bit stack Interrupt vector
Relocatable using LIDT All instruction from 80286 and 80287 supported FS and GS available for IA-32 CPUs
Real mode address translation Paging
Not supported Segmentation
Simulates 8086 behavior No descriptor tables Segment attributes set to simulate real mode
Based address derive from the visible part Base = selector * 16
Segment limit: 216-1 Segment type: code-writable
Inaccurate 8086 memory model Address computed in 32 bits HMA – available memory in the range 100000h-10FFFFh
16-bit address modes
16-bit instructions use 16-bit address mode Offset = [Base] + [Index] + [Displacement]
Base = BX, BP Index = SI, DI
Use 32-bit address mode with an instruction prefix
Interrupt system
Relocatable vector (IDTR) Positioned on address 0 Real mode format: far 16-bit pointers
Interrupt handling Only FLAGS stored Only IP changes Stack pointer is only SP
Virtual-8086 mode Special task running in the protected mode Structure of a V86 task
32-bit TSS The 8086 program A V86 monitor
Must run on CPL=0 Interrupt and exception handling I/O emulation Access to the V86 memory
8086 OS services 16-bit OS implemented inside the V86 16-bit OS implemented using 32-bit OS
Paging in V86
CPU translates V86 addresses to linear addresses Linear address can use paging Advantages
More V86 tasks at a time Lower 1MB mapped to different physical memory
Emulating 1MB address space of the 8086 Mapping range 100000h-10FFFFh to 0h-0FFFFh
Sharing „ROM“ contents Memory mapped I/O
Protection within V86 task
Protection is not enforced between the segments Protection possibilities
Reserving lower 1MB+64K for V86 tasks V86 cannot generate addresses out of this range
Paging protection V86 monitor has U/S=0
Sensitive instructions IOPL sensitive: CLI, STI, PUSHF, POPF, INT n, IRET Not IOPL sensitive: IN, OUT, INS, OUTS If IOPL<3, then sensitive instructions invoke #GP
Entering V86 mode CPU runs in V86, if EFLAGS[VM]=1 How to set it
Task switch Reading EFLAGS from TSS before segment registers loading
Return from interrupt handler IRET Reading EFLAGS from the stack
VM flag checks Segment register loading
How to set segment registers caches Instruction decoding
Instructions not supported by V86 Instructions sensitive on IOPL
Access rights V86 always runs with CPL=3
Entering and leaving VM86 – I
Entering and leaving VM86 – II
1. Task switch2. HW interrupt/exception, INT n when IOPL=33. #GP caused by INT n, IRET, POPF, PUSHF, IN,
OUT when IOPL<34. Normal return from protected mode
interrupt/exception handler5. A return from V86 monitor to redirect an
interrupt/exception6. Internal redirection of INT n when VME=1, IOPL<3
and the redirection bit is 1
Leaving V86
Only through an interrupt or exception HW external interrupt An exception caused by V86 code INT n handler
It is possible to directly redirect it back to V86 code RESET or INIT HLT instruction causes #GP
V86 I/O
Protection Protection of all ports V86 performs I/O directly (no protection) Access specific I/O ports
I/O map in the TSS Access specific I/O memory mapped ports
Paging
Interrupt and exception handling in V86 All interrupts divided into classes
Class 1 All exceptions All HW interrupts including NMI
Class 2 Maskable HW interrupts when CR4[VME] =1
Class 3 All INT n
Moreover, handling of classes 2 and 3 depends IOPL setting
Working with EFLAGS[IF], EFLAGS[VIF], EFLAGS[VIP] CR4[VME] setting INT n redirection map in TSS Virtual interrupt support EFLAGS[VIF], EFLAGS[VIP]
V86 interrupt handling for class 1 – I 32-bit interrupt-, trap-, task-gate
Switches to 32-bit and CPL=0 Saves the state of the segment registers Clears the segment registers DS, ES, GS, FS
SS:ESP already contains an address for the stack 0 CS:EIP already contains interrupt handler address
Clearing flags VM, NT, RF, TF in EFLAGS Begins execution of interrupt handler
Handling interrupts for V86 Check EFLAGS[VM] on the stack Handling in the protected mode Invoking V86 monitor V86 monitor can invoke V86 handler
V86 interrupt handling for class 1 – II
V86 interrupt handling for class 1 – III
Invoking V86 handler from V86 monitor Use the 8086 interrupt vector to locate V86 handler
address Copy FLAGS and CS:IP from the stack 0 to the V86 stack
(CPL 3) Change return address on the stack 0 to the V86 handler Return using IRET to the V86 IRET in V86 causes #GP and invokes V86 monitor Copy FLAGS from stack 3 to stack 0 Set CS:IP on stack 0 to original address of V86 interrupt Return using IRET to the V86
V86 interrupt handling for class 2 – I Maskable V86 interrupt handling using virtual interrupts
Activated by CR4[VME]=1 and IOPL<3 Flags VIF and VIP in EFLAGS Reduces V86 monitor calls when working with IF (PUSHF, POPF, STI, CLI)
Virtualization CLI and STI work with VIF PUSHF saves VIF instead of IF POPF loads VIF from IF, IF remains intact VIP records existence of deferred (pending) maskable HW
interrupt VIP checked by CPU, never set; set by SW
V86 interrupt handling for class 2 – II Handling maskable HW interrupt
Invoke 32-bit handler Switch to 32-bit and CPL=0 Save the V86 state on the stack 0 Clear the segment registers Clear the VM flag in EFLAGS Begin execution of a 32-bit interrupt handler
Check EFLAGS[VM] on the stack 0 If the flag is set, call V86 monitor
V86 monitor checks VIF in EFLAGS If VIF=0, set the VIP and return to the 32-bit interrupt handler If VIF=1, can be handled as class 1
Return back to V86
V86 interrupt handling for class 2 – III
Deferring interrupt using the flag VIP Before the VIF is set (POPF, STI), CPU in V86
checks If VIP=0, VIF is set and continue If VIP=1, #GP exception is invoked
The #GP exception calls V86 monitor Handle the deferred interrupt Clear VIP and set VIF in EFLAGS on the stack Return to V86
V86 interrupt handling for class 3 – I SW interrupt handling (INT n)
BRM=Bit in Redirection Map in the TSS
VME IOPL BRM Action0 3 X Invoking 32-bit handler0 <3 X #GP1 3 1 Invoking 32-bit handler
1 <3 1 #GP, VIF and VIP available
1 3 0
Redirecting to V86 handler- save FLAGS with NT=0 and IOPL=0 on the stack- save CS:IP on the stack- clear IF and TF- loads CS:IP from V86 interrupt vector
1 <3 0
Redirecting to V86 handler, VIF and VIP available- save FLAGS with IOPL=3 and IF←VIF on the stack- save CS:IP on the stack- clear VIF and TF- loads CS:IP from V86 interrupt vector
V86 interrupt handling for class 3 – II Redirection map in the TSS
Easier system calls for 16-bit OS Using INT n as system calls
INT 21 in the MS-DOS