PROTECTED MODE ( A more detailed approch ) Written by Yann Stephen Global Descriptor Table Register (GDTR) : The contents of the global table register define a table in the 80386DX's physical memory address space called the Global Descriptor Table (GDT). This global descriptor table is one important element of the 80386DX's memory management system. GDTR is a 48-bit register that is located inside the 80386DX. The lower two bytes of this register, which are identified as LIMIT, specify the size in byte of the GDT. The decimal value of LIMIT is one less than the actual size of the table. For instance, if LIMIT equals 00FFh the table is 256 bytes in length. Since LIMIT has 16 bits, the GDT can be up to 65,536 bytes long. The upper four bytes of the GDTR, which are labelled BASE, locate the beginning of the GDT in physical memory. This 32-bit base address allows the table to be positioned anywhere in the 80386DX's address space. The GDT provides a mechanism for defining the characteristics of the 80386DX's global memory address space. Global memory is a general system resource that is shared by many or all software tasks. That is, storage locations in global memory are accessible by any task that runs on the microprocessor. This table contains what are called system segment descriptors. It is these descriptors that identify the characteristics of the segments of global memory. For instance, a segment descriptor provides information about the size, starting point, and access rights of a global memory segment. Each descriptor is eight bytes long, thus our earlier example of a 256-byte table provides enough storage space for just 32 descriptors. Remember that the size of the global descriptor table can be expanded simply by changing the value of LIMIT in the GDTR under software control. If the table is increased to its maximum size of 65,563 bytes, it can hold up to 8,192 descriptors. Question 1.1 : How many descriptors can be stored the global descriptor table when the size of LIMIT is 0FFFh. The value of the BASE and LIMIT must be loaded into the GDTR before the 80386DX is switched from real mode of operation to the protected mode. Special instruction are provided for this purpose in the system control instruction set of the 80386 DX. Once the 80386DX is in protected mode, the location of the table is typically not changed. Interrupt Descriptor Table Register (IDTR) : Just like the global descriptor table register, the interrupt descriptor table register (IDTR) defines a table in physical memory. However, this table contains what are called interrupt descriptors, not segment descriptors. For this reason it is known as the Interrupt Descriptor Table (IDT).This register and table of descriptors provide the mechanism by which the microprocessor passes program control to interrupt and exception routines. Just like the GDTR, the IDTR is 48 bits in length. Again, the lower two bytes of the register (LIMIT) define the table size. That is, the size of the table equals LIMIT+1 bytes. Since two bytes define the size, the IDT can also be up to 65,536 bytes long. But the 80386DX only supports up to 256 interrupts and exceptions; therefore, the size of the IDT should not be set to support more than 256 interrupts. The upper three bytes of IDTR (BASE) identify the starting address of the IDT in physical memory. The type of descriptor used in the IDT are what are called interrupt gates. These gates provide a means for passing program control to the beginning of an interrupt service routine. Each gate is eight bytes long and contains both attributes and a starting address for the service routine. Question 1.2 : What is the maximum value that should be assigned to the limit in the IDTR? This table can also be located anywhere in the linear address space addressable with the 80386DX's 32-bit address. Just like the GDTR, the IDTR needs to be loaded before the 80386DX is switched from the real mode to protected mode. Special instructions are provided for loading and saving the contents of the IDTR. Once the location of the table is set, it is typically not changed after entering the protected mode. Question 1.3 : What is the address range of the last descriptor in the interrupt descriptor table defined by base address 00011000h and limit 01FFh Local Descriptor Table Register (LDTR) : The Local Descriptor Table Register (LDTR) is also part of the 80386DX's memory management support mechanism. Each task can have access to its own private table descriptor table in addition to the global descriptor table. This private table is called the local descriptor table (LDT) and defines a local memory address space for use by the task. The LDT holds segment descriptors that provide access space for use by the task. The LDT holds segment descriptors that provide access to code and data in segments of memory that are reserved for the current task. Since each task can have its own segment of local memory, the protected-mode software system may contain local descriptor tables. Whenever a selector is loaded into the LDTR, the corresponding descriptor is transparently read from global memory and loaded into the local descriptor table cache within the 80386DX. It is this descriptor that defines the local descriptor table. Assume that every time a selector is loaded into the LDTR, a local descriptor table descriptor is cached and a new LDT is activated. Control Registers : The protected-mode model includes the four system control registers, identified as CR0 through CR3 : 31 23 15 7 0 ------------------------------------------------------- | Page Directory Base Register (PDBR)| Reserved | CR3 ------------------------------------------------------- | Page Fault Linear Address | CR2 ------------------------------------------------------- | RESERVED | CR1 ------------------------------------------------------- |P| |R|T|E|M|P| CR0 |G| RESERVED | |S|M|P|E| ------------------------------------------------------- Notice that the lower five bits of CR0 are system control flags. These bits make up what are known as the machine status word (MSW). The most significant bit of CR0 and registers CR2 and CR3 are used by the 80386DX's paging mechanism. Let us consider by examining the machine status word bits of CR0. They contain information about the 80386DX's protected-mode configuration and status. The four bit labelled PE, MP, EM and R are control bit that define the protected mode system configuration. The fifth bit, TS, is a status bit. These bits can be examined or modified through software. The protected-mode enable (PE) bit determines if the 80386DX is in the real or protected mode. At reset, PE is cleared. This enables the real mode of operation. To enter the protected mode, we simply switch PE to 1 through software. Once in the protected mode, the 80386DX can be switched back to real mode under software control by clearing the PE bit. It can also be returned to real mode by hardware reset. The math present (MP) bit is set to 1 to indicate that a numeric coprocessor is present in the microcomputer system. On the other hand, if the system is to be configured so that a software emulator is used to perform numeric operations instead of a coprocessor, the emulate (EM) bit is set to 1. Only one of these two bits can be set at a time. Finally, the extension type (R) is used to indicate whether an 80387DX or 80287 numeric coprocessor is in use. Logic 1 in R indicates that an 80387DX is installed. The last bit in the MSW, task switched (TS), automatically gets set whenever the 80386DX switched from one task to another. It can be cleared under software control. The protected mode software architecture of the 80386DX also supports paged memory operation. Paging is turned on by switching the PG bit in CR0 to logic 1. Now addressing of physical memory is implemented with an address translation mechanism that consists of a page directory and page table that are both held in the physical memory. This register holds a 20-bit page directory base address that points to the beginning of the page directory. A page fault error occurs during the page translation process if the page is not present in memory. In this case, the 80386DX saves the address at which the page fault occurred in register CR2. This address is denoted as page fault linear address. Task Register (TR): The task register is one of the key elements in the protected mode task switching mechanism of the 80386DX microprocessor. This register holds a 16-bit index value called a selector. The initial selector must be loaded into TR under software control. This starts the initial task. After this is done, the selector is changed automatically whenever the 80386DX executes an instruction that performs a task switching. TR is used to locate a descriptor in the global descriptor table. Notice that when a selector is loaded into TR, the corresponding task state segment (TSS) descriptor automatically gets read from memory and loaded into on-chip task descriptor cache. This descriptor defines a block of memory called the task called the task state segment (TSS). It does this by providing the starting address base (BASE) and the size (LIMIT) of the segment. Every task has it own TSS. The TSS holds the information needed to initiate the task, such as initial values for the user-accessible registers. Registers with Changed Functionality : The segment registers are now called the segment selector register, and instead of holding a base address they are loaded with what is known as a selector. The selector does not directly specify a storage location in memory. Instead, it selects a descriptor that defines the size and characteristics of segment of memory. 15 8 2 0 ------------------------------------------------------- | INDEX |TI|RPL| ------------------------------------------------------- SELECTOR Bits Name Function 1-0 Requested Indicates selector privilege level desired Privilege Level (RPL) 2 Table Indicator TI = 0 use Global Descriptor Table (GDT) (TI) TI = 1 use Local Descriptor Table (LDT) 15-3 INDEX SELECT descriptor entry in table TI bit select the table to be used when accessing a segment descriptor, because two tables are active at the same time GDT and LDT. The index is used as a pointer to a specific descriptor entry in the table selected by the TI bit. Protected-Mode system control instruction set Instruction Description Mode LGDT S Load the global descriptor table register. S specifies Both the memory location that contains the first byte of the 6 bytes to be loaded into the GDTR. SGDT D Store the global descriptor table register. D specifies Both the memory location that gets the first of the six bytes to be stored from the GDTR. LIDT S Load the interrupt descriptor table register. S specifies Both the memory location that contains the first byte of the 6 bytes to be loaded into the IDTR. SIDT D Store the interrupt descriptor table register. D specifies Both the memory location that gets the first of the six bytes to be stored from the IDTR. LMSW S Load the machine status word. S is an operand to specify Both the word to be loaded into MSW. SMSW D Store the machine status word. D is an operand to specify Both the word location or register where the MSW is to be saved. LLDT S Load the local descriptor table register. S specifies the Protec operand to specify a word to be loaded into the LDTR. SLDT D Store the local descriptor table register. D is an operand Protec to specify the word location where the LDTR is to be saved. LTR S Load the task register. S is an operand to specify a word Protec to be loaded into TR (Task Register). STR D Store the task register. D is an operand to specify the Protec word location where the TR is to be stored. LAR D,S Load access rights byte. S specifies the selector for the Protec descriptor whose access byte is loaded into the upper byte of the D operand. The low byte specified by D is cleared. The zero flag is set if the loading completes successfully; otherwise it is cleared. LSL R16,S Load segment limit. S specifies the selector for the Protec descriptor whose limit word is loaded into the word register operand R16. The zero flag is set if the loading completes successfully; otherwise it is cleared. ARPL D,R16 Adjust RPL field of the selector. D specifies the selector Protec whose RPL field is increased to match the PRL field in the register. The zero flag is set if successful;otherwise it is cleared. VERR S Verify read access. S specifies the selector for the Protec segment to be verified for read operation, If successful the zero flag is set; otherwise it is reset. VERW S Verify write access. S specifies the selector for the Protec segment to be verified for write operation, If successful the zero flag is set; otherwise it is reset. CLTS Clear task switched flag. Protec A few examples of these new instructions : LGDT [INIT_GDTR] Loads the GDTR with the base and limit pointed to by address INIT_GDTR to create a global descriptor table in memory. This instruction is meant to be used during system initialisation and before switching the 80386DX to the protected mode. Once loaded the current contents of the GDTR can be saved in memory by executing the store global table (SGDT) instruction. SGDT [SAVE_GDTR] The instruction load machine status word (LMSW) and store machine status word (SMSW) are provided to load and store the contents of the machine status word (MSW), respectively. These are the instructions that are used to switch the 80386DX from real to protected mode. To do this we must set the least significant bit in the MSW to 1. This can be done by first reading the contents of the machine word , modifying the LSB (PE), and then writing the modified value back into the MSW part of CR0. The instruction sequence that follows will switch an 80386DX operating in real mode to protected mode: SMSW AX ;read from the MSW OR AX,1 ;modify the PE bit LMSW AX ;write to the MSW Solution 1.1 : Each descriptor takes up eight bytes; therefore, a 4096-byte table can hold : Descriptors = 4096/8 = 512 Solution 1.2 : The maximum number of interrupt descriptors than can be used in an 80386DX microcomputer system is 256. Therefore, the maximum table size in bytes is : IDT (size) = 8*256 = 1000h bytes LIMIT = 1000h-1 = 0FFFh (We start from zero) Solution 1.3 : From the values of the base and limit, we find that the table is located in the address range IDT (start) = 00011000h IDT ( end ) = 000111FFh The last descriptor in this table takes up the eight bytes of the memory from address 000111F8h through 000111FFh.