Intel. 64 and IA-32 Architectures Software Developer's Manual
2.1 OVERVIEW
OF THE SYSTEM-LEVEL ARCHITECTURE(系統級的架構簡要介紹
System-level architecture consists of a set of registers,
data structures, and instructions
designed to support basic system-level operations such as memory management,
interrupt and exception handling, task management, and control of multiple
processors.
Figure 2-1 provides a summary of system registers and data structures that
applies
to 32-bit modes. System registers and data structures that apply to IA-32e mode
are
shown in Figure 2-2.
系統級的架構包括一系列的寄存器,數據結構,指令。通過指令,可以實現內存管理,中斷和異常捕捉,任務管理,多處理器控制。
圖2.1提供了32位模式下關于系統寄存器和數據結構的摘要。IA-32e的寄存器和數據結構在圖2-2展示:
2.1.1 Global and Local Descriptor Tables(全局描述符表和局部描述符表)
When
operating in protected mode, all memory accesses pass through either the
global
descriptor table (GDT) or an optional local descriptor table (LDT) as shown in
Figure
2-1. These tables contain entries called segment descriptors. Segment
descriptors
provide the base address of segments well as access rights, type, and
usage
information.
在保護模式下執行操作時,所用內存的存取都要通過全局描述符表或者局部描述符表,如圖2-1所示。
這些表包含了所有調用的段描述符。段描述符提供了段的基地址,包含訪問權限,類型和使用信息。
Each
segment descriptor has an associated segment selector. A segment selector
provides
the software that uses it with an index into the GDT or LDT (the offset of its
associated
segment descriptor), a global/local flag (determines whether the selector
points
to the GDT or the LDT), and access rights information.
每個段描述符包含了與之相關的段選擇器。段選擇為軟件提供了訪問全局描述符表或者局部描述表的方式(段描述符在表里的偏移值),一個全局/局部的套件(決定選擇器是否指向一個全局描述符表還是局部描述符表),以及訪問權限的信息。
To
access a byte in a segment, a segment selector and an offset must be supplied.
The
segment selector provides access to the segment descriptor for the segment (in
the GDT
or LDT). From the segment descriptor, the processor obtains the base
address
of the segment in the linear address space. The offset then provides the
location
of the byte relative to the base address. This mechanism can be used to
access
any valid code, data, or stack segment, provided the segment is accessible
from the
current privilege level (CPL) at which the processor is operating. The CPL is
defined
as the protection level of the currently executing code segment.
如果需要訪問段里面的字節,必須知道一個段選擇器和偏移值。段選擇器提供了訪問段的段描述符的渠道(在GDT或者LDT里)。通過段描述符,處理器可以獲取段在現行地址空間的起始地址。然后通過偏移值,就可以鎖定基于基地址的字節的位置。通過上面描述的方式,就可以訪問任何合法的代碼,數據,或者當前權限等級(CPL)下處理器正在操作的堆棧段。CPL是為當前執行的代碼段兒定義的保護等級。
See
Figure 2-1. The solid arrows in the figure indicate a linear address, dashed
lines
indicate
a segment selector, and the dotted arrows indicate a physical address. For
simplicity,
many of the segment selectors are shown as direct pointers to a segment.
However,
the actual path from a segment selector to its associated segment is always
through
a GDT or LDT.
看圖2-1.實心箭頭指向了一個線性地址,虛線指向了一個段選擇器,點狀箭頭指向一個物理地址。簡單來說,很多段選擇器是直接指向一個段的。但是,一個段選擇器中關于跟它相關聯的段的地址,是通過一個GDT或者LDT的。
The
linear address of the base of the GDT is contained in the GDT register (GDTR);
the
linear address of the LDT is contained in the LDT register (LDTR).
GDT基地址的線性地址是存在GDT寄存器中(簡稱GDTR);LDT基地址的線性地址是存在LDT寄存器中(簡稱LDTR);
2.1.1.1 Global and Local Descriptor Tables in IA-32e Mode(IA-32E模式下的全局描述符表和局部描述符表)
GDTR and
LDTR registers are expanded to 64-bits wide in both IA-32e sub-modes
(64-bit
mode and compatibility mode). For more information: see Section 3.5.2,
“Segment
Descriptor Tables in IA-32e Mode.”
對于64位模式和與其相兼容的模式),GDTR和LDTR寄存器擴展到64位.關于更多的信息,請查看3.5.2章節。
Global
and local descriptor tables are expanded in 64-bit mode to support 64-bit base
addresses,
(16-byte LDT descriptors hold a 64-bit base address and various
attributes).
In compatibility mode, descriptors are not expanded.
為實現支持64位基地址(16個自己的LDT描述符包含了64位的基地址和很多其他的信息),全局描述符表和局部描述表擴展到64位模式。在其他兼容的模式下,描述符不擴展。
2.1.2 System Segments, Segment Descriptors, and Gates(系統段,段描述符,和訪問門)
Besides
code, data, and stack segments that make up the execution environment of
a
program or procedure, the architecture defines two system segments: the
taskstate
segment
(TSS) and the LDT. The GDT is not considered a segment because it is
not
accessed by means of a segment selector and segment descriptor. TSSs and LDTs
have
segment descriptors defined for them.
除了由代碼,數據,堆棧組成的執行程序運行的環境外,系統架構還定義了兩個系統段:任務段(TSS)和局部描述符表。全局描述符表不被認為是一個段,因為它不能通過段選擇器和段描述符來訪問,而任務段和局部描述符段則擁有為他們定義的段描述符。
The architecture
also defines a set of special descriptors called gates (call gates,
interrupt
gates, trap gates, and task gates). These provide protected gateways to
system
procedures and handlers that may operate at a different privilege level than
application
programs and most procedures. For example, a CALL to a call gate can
provide
access to a procedure in a code segment that is at the same or a numerically
lower
privilege level (more privileged) than the current code segment. To access a
procedure
through a call gate, the calling procedure1 supplies the selector for the call
gate.
The processor then performs an access rights check on the call gate, comparing
the CPL
with the privilege level of the call gate and the destination code segment
pointed
to by the call gate.
架構還定義了一系列的特殊的描述符,叫門(調用門,中斷們,陷入門,和任務門)。這些門為系統程序和句柄提供了保護的訪問方式,而系統程序和句柄大部分是和一般的程序運行在不同的權限級別的。例如,通過調用調用門可以訪問比當前代碼段里的權限相同或者低調代碼段里的程序。通過被調用程序提供的調用們的選擇器,就可以通過調用門來訪問程序。然后處理器就會進行關于調用門的權限檢測,對比當前CPU運行級別和調用門的權限級別和調用門指向的目標代碼段的權限。
If
access to the destination code segment is allowed, the processor gets the
segment
selector
for the destination code segment and an offset into that code segment from
the call
gate. If the call requires a change in privilege level, the processor also
switches
to the stack for the targeted privilege level. The segment selector for the
new
stack is obtained from the TSS for the currently running task. Gates also
facilitate
transitions
between 16-bit and 32-bit code segments, and vice versa.
如果允許訪問目標代碼段,處理器會從門中獲得關于目標代碼段的選擇器和偏移值。如果調用要求更改運行的權限級別,處理器會切換到要求的權限級別的棧。從當前運行的任務的任務段(TSS)中可以獲取到新棧的段選擇器。門減輕了從16位代碼段向32位代碼段遷移的負擔,反之亦然。
2.1.2.1 Gates in IA-32e Mode(關于IA32E模式下的門)
In
IA-32e mode, the following descriptors are 16-byte descriptors (expanded to allow
a 64-bit
base): LDT descriptors, 64-bit TSSs, call gates, interrupt gates, and trap
gates.
在IA32E模式下,下面們的描述符是16位的(擴展到話,要求是64位的):LDT描述符,64位任務段,調用門,中斷門,陷入門。
Call
gates facilitate transitions between 64-bit mode and compatibility mode. Task
gates
are not supported in IA-32e mode. On privilege level changes, stack segment
selectors
are not read from the TSS. Instead, they are set to NULL.
調用門減輕了64位模式與其兼容模式過渡的負擔。IA32E不支持任務門。當運行權限改變時,棧段選擇器不是從任務段中湖區,相反,它們沒設置成NULL。
2.1.3 Task-State Segments and Task Gates(任務狀態段和任務門)
The TSS
(see Figure 2-1) defines the state of the execution environment for a task.
It
includes the state of general-purpose registers, segment registers, the EFLAGS
register,
the EIP register, and segment selectors with stack pointers for three stack
segments
(one stack for each privilege level). The TSS also includes the segment
selector
for the LDT associated with the task and the page-table base address.
任務狀態段定義了一個任務的運行環境的狀態。它包含通用寄存器,段寄存器,EFLAGS寄存器,EIP寄存器的狀態,它包含擁有指向空閑任務段的棧指針的段選擇器(一個用于每個運行權限等級的棧)。任務狀態段同時也包含跟任務相關的局部描述符表(LDT)的段選擇器,以及頁表的基地值。
All
program execution in protected mode happens within the context of a task
(called
the
current task). The segment selector for the TSS for the current task is stored
in
the task
register. The simplest method for switching to a task is to make a call or
jump to
the new task. Here, the segment selector for the TSS of the new task is given
in the
CALL or JMP instruction. In switching tasks, the processor performs the
following
actions:
所有在保護模式下運行的程序都與一個任務上下文相關。任務狀態段中關于當前任務的段選擇器是存儲在任務寄存器中。最簡單的切換任務段方法是執行一個跳到新任務段調用。在這里新任務的段選擇器是有CALL 或者JMP指令提供的。在任務切換的時候,處理器執行下面的動作:
1.
Stores the state of the current task in the current TSS.(保存當前任務狀態段中關于當前任務的狀態。
2. Loads
the task register with the segment selector for the new task.(將新任務的段選擇器導入到任務寄存器中
3.
Accesses the new TSS through a segment descriptor in the GDT.(通過全局描述符里的段描述符來訪問新任務狀態段)
4. Loads
the state of the new task from the new TSS into the general-purpose
registers,
the segment registers, the LDTR, control register CR3 (page-table base
address),
the EFLAGS register, and the EIP register.(從新任務狀態段中獎新任務的狀態導入到通用寄存器,任務寄存器,LDTR,控制寄存器CR3(頁表基地址),EFLAGS寄存器,EIP寄存器。
5.
Begins execution of the new task.(執行新任務)
A task
can also be accessed through a task gate. A task gate is similar to a call
gate,
except
that it provides access (through a segment selector) to a TSS rather than a
code
segment.
還可以通過任務門來訪問一個任務。除了任務門提供訪問任務狀態段的的渠道,任務門跟調用門十分相似。
2.1.3.1 Task-State Segments in IA-32e Mode(IA32E模式下的任務狀態段)
Hardware
task switches are not supported in IA-32e mode. However, TSSs continue
to
exist. The base address of a TSS is specified by its descriptor.
A 64-bit
TSS holds the following information that is important to 64-bit operation:
硬件上的任務切換在IA32E模式下是不支持的。但是,可以通過任務狀態段實現。任務狀態段的基地值有它自己的描述符指明。64位的任務狀態段包含以下對64位操作十分重要的信息:
• Stack pointer addresses for each privilege level(每個權限等級的棧指針基地址)
• Pointer addresses for the interrupt stack table(中斷棧表的指針地址)
• Offset address of the IO-permission bitmap (from the TSS base)??
The task
register is expanded to hold 64-bit base addresses in IA-32e mode. See also:
Section
6.7, “Task Management in 64-bit Mode.”
在IA32E模式下,任務寄存器擴展到可以存儲64位基地址。
2.1.4 Interrupt and Exception Handling(中斷和異常捕捉)
External
interrupts, software interrupts and exceptions are handled through the
interrupt
descriptor table (IDT). The IDT stores a collection of gate descriptors that
provide
access to interrupt and exception handlers. Like the GDT, the IDT is not a
segment.
The linear address for the base of the IDT is contained in the IDT register
(IDTR).
外部中斷,軟件中斷和異常都是通過中斷來描述符表(IDT)來捕捉。中斷描述符表是一個可以通過其來訪問中斷和異常捕捉者的門描述符的集合。如同全局描述符表,中斷描述符表也不是段。中斷描述符表達線性地址的基地值存儲在IDT寄存器(IDTR)里。
Gate
descriptors in the IDT can be interrupt, trap, or task gate descriptors. To
access
an
interrupt or exception handler, the processor first receives an interrupt
vector
(interrupt
number) from internal hardware, an external interrupt controller, or from
software
by means of an INT, INTO, INT 3, or BOUND instruction. The interrupt
vector
provides an index into the IDT. If the selected gate descriptor is an interrupt
gate or
a trap gate, the associated handler procedure is accessed in a manner similar
to
calling a procedure through a call gate. If the descriptor is a task gate, the
handler
is
accessed through a task switch.
中斷描述符表里的門描述符可以是中斷描述符,陷入描述符,或者任務門描述符。要訪問中斷或者異常捕捉器,處理器首先內部硬件要獲得一個從中斷向量(中斷數值),一個外部中斷控制器,或者從軟件中的(INT,INT3,或者BOUND指令中獲得。如果選中的門描述符是一個中斷門或者陷入門,相關的的捕捉器程序的訪問以跟通過調用門調用一個程序的方式相似。如果描述符是一個任務門,捕捉器通過一個任務門被調用。
2.1.4.1 Interrupt and Exception Handling IA-32e Mode(IA32E模式下的中斷和異常捕獲)
In
IA-32e mode, interrupt descriptors are expanded to 16 bytes to support 64-bit
base
addresses. This is true for 64-bit mode and compatibility mode.
The IDTR
register is expanded to hold a 64-bit base address. Task gates are not
supported.
在IA32E模式下,中斷描述符擴展至16個字節以支持64位基地值。這種情況是真實的在64位模式下和其所兼容的模式下。
2.1.5 Memory Management(內存管理)
System
architecture supports either direct physical addressing of memory or virtual
memory
(through paging). When physical addressing is used, a linear address is
treated
as a physical address. When paging is used: all code, data, stack, and system
segments
(including the GDT and IDT) can be paged with only the most recently
accessed
pages being held in physical memory.
系統架構同時支持內存的直接物理尋址和虛擬內存(通過分頁).當使用直接物理地址尋址,線性地址被認為是一個物理地址。當使用分頁時,所有代碼,數據,棧,系統段(包括GDT和IDT)可以進行分頁,只有最近訪問的頁面保存在物理內存中。
The
location of pages (sometimes called page frames) in physical memory is
contained
in two types of system data structures: page directories and page tables.
Both
structures reside in physical memory (see Figure 2-1).
頁(有時成為頁片)在物理內存中斷的位置存儲在兩種類型的系統數據結構中:頁目錄和頁表。
兩種數據類型都存在物理內存中(看圖2-1)。
The base
physical address of the page directory is contained in control register CR3.
An entry
in a page directory contains the physical address of the base of a page table,
access
rights and memory management information. An entry in a page table
contains
the physical address of a page frame, access rights and memory management
information.
頁表的物理基地值保存在控制寄存器CR3中。頁表的入口包含了頁表的物理基地址,訪問權限和內存管理信息。頁表的入口包含了頁片的物理基地值,訪問權限,以及內存管理信息。
To use
this paging mechanism, a linear address is broken into three parts. The parts
provide
separate offsets into the page directory, the page table, and the page frame.
A system
can have a single page directory or several. For example, each task can
have its
own page directory.
通過使用分頁的方式,一個線性地址分成了三部分:這幾部分提供了訪問頁目錄,頁表,葉片的各自偏移值。一個系統能有一個頁目錄,或者幾個頁目錄。例如,每個任務可以擁有它自己的頁目錄。
2.1.5.1 Memory Management in IA-32e Mode(IA32E模式下的內存管理)
In
IA-32e mode, physical memory pages are managed by a set of system data structures.
In
compatibility mode and 64-bit mode, four levels of system data structures
are
used. These include:
在IA32E模式下,通過一系列的系統數據結構來管理物理內存的分頁。在兼容模式和64位模式下,采用數據結構的四個級別,分別包括:
• The page map level 4 (PML4) — An entry in a PML4 table contains the physical
address
of the base of a page directory pointer table, access rights, and memory
management
information. The base physical address of the PML4 is stored in
CR3.
等級四的頁地圖(PML4):一個等級四的頁地圖的一個入口包含了頁目錄指針表的物理基地址,訪問權限和內存管理信息。PML4的物理基地值存在CR3里。
• A set of page directory pointers — An entry in a page directory pointer table
contains
the physical address of the base of a page directory table, access rights,
and
memory management information.
頁目錄指針集合:頁目錄指針表的一個入口包含一個頁目錄表的物理基地址,訪問權限和內存管理信息。
• Sets of page directories — An entry in a page directory table contains the
physical
address of the base of a page table, access rights, and memory
management
information.
頁目錄的集合:頁目錄表的一個入口包含了一個頁表的物理基地址,訪問權限,以及內存管理信息。
• Sets of page tables — An entry in a page table contains the physical address of
a page
frame, access rights, and memory management information.
頁表的集合: 頁表的一個入口包含了一個頁片的物理地址,訪問權限,以及內存管理信息。
2.1.6 System Registers(系統寄存器)
To
assist in initializing the processor and controlling system operations, the
system
architecture
provides system flags in the EFLAGS register and several system
registers:
為了幫助處理器的初始化以及系統操作的控制,系統架構提供了一些系統標識,存在EFLAGS寄存器和系統寄存器里。
• The system flags and IOPL field in the EFLAGS register control task and
mode
switching,
interrupt handling, instruction tracing, and access rights. See also:
Section
2.3, “System Flags and Fields in the EFLAGS Register.”
EFLAGS寄存器里的系統標識和IOPL塊控制任務和模式的切換,中斷的捕捉,指令的陷入,以及訪問權限。
看章節2.3
• The control registers (CR0, CR2, CR3, and CR4) contain a variety of flags
and
data
fields for controlling system-level operations. Other flags in these registers
are used
to indicate support for specific processor capabilities within the
operating
system or executive. See also: Section 2.5, “Control Registers.”
控制寄存器(CR0,CR2,CR3,CR4)包含了各種各樣的用于控制系統級的操作的標識和數據塊。
關于操作系統的處理器的一些特別的特性的支持,通過控制寄存器里的其他標識來指明。看章節2.5
• The debug registers (not shown in Figure 2-1) allow the setting of
breakpoints for
use in
debugging programs and systems software. See also: Chapter 18,
“Debugging
and Performance Monitoring.”
通過調試寄存器(沒有在圖2-1里標明),可以設置斷點來調試程序程序和系統軟件。具體看18章。
• The GDTR, LDTR, and IDTR registers contain the linear addresses and sizes
(limits)
of their respective tables. See also: Section 2.4, “Memory-Management
Registers.”
GDTR寄存器,LDTR寄存器,IDTR寄存器包含了他們各自的表達線性地址和大小。看章節2.4.
• The task register contains the linear address and size of the TSS for the
current
task.
See also: Section 2.4, “Memory-Management Registers.”
任務寄存器包含了當前任務的任務狀態段的線性地址和大小。看章節2.4
• Model-specific registers (not shown in Figure 2-1).??
The
model-specific registers (MSRs) are a group of registers available primarily to
operating-system
or executive procedures (that is, code running at privilege level 0).
These
registers control items such as the debug extensions, the
performance-monitoring
counters,
the machine- check architecture, and the memory type ranges
(MTRRs).
The
number and function of these registers varies among different members of the
Intel 64
and IA-32 processor families. See also: Section 9.4, “Model-Specific Registers
(MSRs),”
and Appendix B, “Model-Specific Registers (MSRs).”
MSRs是操作系統或者程序(運行在級別0)的主要的可用寄存器的集合。這些寄存器控制關于調試擴展,性能監控計數器,機器自檢架構以及內存類型范圍等東西。
這些寄存器的數量和函數在intel64位和IA32處理器家中的不同成員間是不同。看章節9.4.
Most
systems restrict access to system registers (other than the EFLAGS register) by
application
programs. Systems can be designed, however, where all programs and
procedures
run at the most privileged level (privilege level 0). In such a case,
application
programs
would be allowed to modify the system registers.
大多數操作系統限制了程序訪問系統寄存器(例如FFLAGS寄存器)。然而,如果系統被設計成所有的程序都運行在最低權限下,那么程序就可以修改系統寄存器里的數據。
2.1.6.1 System Registers in IA-32e Mode,(IA32E模式下的系統寄存器)
In
IA-32e mode, the four system-descriptor-table registers (GDTR, IDTR, LDTR, and
TR) are
expanded in hardware to hold 64-bit base addresses. EFLAGS becomes the
64-bit
RFLAGS register. CR0-CR4 are expanded to 64 bits. CR8 becomes available.
CR8
provides read-write access to the task priority register (TPR) so that the
operating
system
can control the priority classes of external interrupts.
In
64-bit mode, debug registers DR0–DR7 are 64 bits. In compatibility mode,
address-matching
in DR0-DR3 is also done at 64-bit granularity. 在IA32E模式下,四個系統描述符表計算器被從硬件上擴展,以存儲64位的基地址。FELAGS寄存器變成了64位的EFLAGS寄存器。CR0至CR4寄存器擴展至64位。CR8變為可用。CR8寄存器提供了任務權限寄存器(TPR)的讀-寫訪問,這樣操作系統可以控制了外部中斷的權限等級。
在64位模式下,調試寄存器DR0至DR7是64位的。在兼容模式下,DR0至DR3的地址匹配以及跟64位的粒度一樣。
On
systems that support IA-32e mode, the extended feature enable register
(IA32_EFER)
is available. This model-specific register controls activation of IA-32e
mode and
other IA-32e mode operations. In addition, there are several modelspecific
registers
that govern IA-32e mode instructions:
在支持IA32E的操作系統上,額外特性使能寄存器變為可用。在IA32E模式下和其他IA32E模式下的操作,model-specific寄存器被激活。另外一些modelspecific寄存器控制了IA32E模式下的下面指令:
• IA32_KernelGSbase — Used by SWAPGS instruction.
• IA32_LSTAR — Used
by SYSCALL instruction.
• IA32_SYSCALL_FLAG_MASK — Used by SYSCALL instruction.
• IA32_STAR_CS — Used by SYSCALL and SYSRET instruction.
2.1.7 Other System Resources(系統的其他資源)
Besides
the system registers and data structures described in the previous sections,
system
architecture provides the following additional resources:
除了前面章節描述的系統寄存器和數據結構,系統架構還提供了下面額外的資源:
• Operating system instructions (see also: Section 2.6, “System Instruction
Summary”).操作系統指令
• Performance-monitoring counters (not shown in Figure 2-1).性能監控計數器
• Internal caches and buffers (not shown in Figure 2-1).內部緩沖
Performance-monitoring
counters are event counters that can be programmed to
count
processor events such as the number of instructions decoded, the number of
interrupts
received, or the number of cache loads. See also: Section 18, “Debugging
and
Performance Monitoring.”
性能監控計數器是一些可以通過編程來實現處理器事件計數的事件計數器,處理器事件的計數包括指令譯碼的數量,接收中斷的數量,導入高速緩沖的數量。看章節18.
The
processor provides several internal caches and buffers. The caches are used to
store
both data and instructions. The buffers are used to store things like decoded
addresses
to system and application segments and write operations waiting to be
performed.
See also: Chapter 10, “Memory Cache Control.”
處理器提供了一些高速緩沖和緩沖。這些緩沖用于存儲數據和指令。一些信息,例如系統段和程序段的地址譯碼,等待被寫入的操作等可以存在緩沖里。看章節10.
Intel. 64 and IA-32 Architectures Software Developer's Manual