Intel. 64 and IA-32 Architectures Software Developer's Manual
2.1 OVERVIEW
OF THE SYSTEM-LEVEL ARCHITECTURE(系统级的架构简要介绍
System-level architecture consists of a set of registers,
data structures, and instructions
designed to support basic system-level operations such as memory management,
interrupt and exception handling, task management, and control of multiple
processors.
Figure 2-1 provides a summary of system registers and data structures that
applies
to 32-bit modes. System registers and data structures that apply to IA-32e mode
are
shown in Figure 2-2.
系统级的架构包括一系列的寄存器,数据结构,指令。通过指令,可以实现内存管理,中断和异常捕捉,任务管理,多处理器控制。
图2.1提供了32位模式下关于系统寄存器和数据结构的摘要。IA-32e的寄存器和数据结构在图2-2展示:
2.1.1 Global and Local Descriptor Tables(全局描述符表和局部描述符表)
When
operating in protected mode, all memory accesses pass through either the
global
descriptor table (GDT) or an optional local descriptor table (LDT) as shown in
Figure
2-1. These tables contain entries called segment descriptors. Segment
descriptors
provide the base address of segments well as access rights, type, and
usage
information.
在保护模式下执行操作时,所用内存的存取都要通过全局描述符表或者局部描述符表,如图2-1所示。
这些表包含了所有调用的段描述符。段描述符提供了段的基地址,包含访问权限,类型和使用信息。
Each
segment descriptor has an associated segment selector. A segment selector
provides
the software that uses it with an index into the GDT or LDT (the offset of its
associated
segment descriptor), a global/local flag (determines whether the selector
points
to the GDT or the LDT), and access rights information.
每个段描述符包含了与之相关的段选择器。段选择为软件提供了访问全局描述符表或者局部描述表的方式(段描述符在表里的偏移值),一个全局/局部的套件(决定选择器是否指向一个全局描述符表还是局部描述符表),以及访问权限的信息。
To
access a byte in a segment, a segment selector and an offset must be supplied.
The
segment selector provides access to the segment descriptor for the segment (in
the GDT
or LDT). From the segment descriptor, the processor obtains the base
address
of the segment in the linear address space. The offset then provides the
location
of the byte relative to the base address. This mechanism can be used to
access
any valid code, data, or stack segment, provided the segment is accessible
from the
current privilege level (CPL) at which the processor is operating. The CPL is
defined
as the protection level of the currently executing code segment.
如果需要访问段里面的字节,必须知道一个段选择器和偏移值。段选择器提供了访问段的段描述符的渠道(在GDT或者LDT里)。通过段描述符,处理器可以获取段在现行地址空间的起始地址。然后通过偏移值,就可以锁定基于基地址的字节的位置。通过上面描述的方式,就可以访问任何合法的代码,数据,或者当前权限等级(CPL)下处理器正在操作的堆栈段。CPL是为当前执行的代码段儿定义的保护等级。
See
Figure 2-1. The solid arrows in the figure indicate a linear address, dashed
lines
indicate
a segment selector, and the dotted arrows indicate a physical address. For
simplicity,
many of the segment selectors are shown as direct pointers to a segment.
However,
the actual path from a segment selector to its associated segment is always
through
a GDT or LDT.
看图2-1.实心箭头指向了一个线性地址,虚线指向了一个段选择器,点状箭头指向一个物理地址。简单来说,很多段选择器是直接指向一个段的。但是,一个段选择器中关于跟它相关联的段的地址,是通过一个GDT或者LDT的。
The
linear address of the base of the GDT is contained in the GDT register (GDTR);
the
linear address of the LDT is contained in the LDT register (LDTR).
GDT基地址的线性地址是存在GDT寄存器中(简称GDTR);LDT基地址的线性地址是存在LDT寄存器中(简称LDTR);
2.1.1.1 Global and Local Descriptor Tables in IA-32e Mode(IA-32E模式下的全局描述符表和局部描述符表)
GDTR and
LDTR registers are expanded to 64-bits wide in both IA-32e sub-modes
(64-bit
mode and compatibility mode). For more information: see Section 3.5.2,
“Segment
Descriptor Tables in IA-32e Mode.”
对于64位模式和与其相兼容的模式),GDTR和LDTR寄存器扩展到64位.关于更多的信息,请查看3.5.2章节。
Global
and local descriptor tables are expanded in 64-bit mode to support 64-bit base
addresses,
(16-byte LDT descriptors hold a 64-bit base address and various
attributes).
In compatibility mode, descriptors are not expanded.
为实现支持64位基地址(16个自己的LDT描述符包含了64位的基地址和很多其他的信息),全局描述符表和局部描述表扩展到64位模式。在其他兼容的模式下,描述符不扩展。
2.1.2 System Segments, Segment Descriptors, and Gates(系统段,段描述符,和访问门)
Besides
code, data, and stack segments that make up the execution environment of
a
program or procedure, the architecture defines two system segments: the
taskstate
segment
(TSS) and the LDT. The GDT is not considered a segment because it is
not
accessed by means of a segment selector and segment descriptor. TSSs and LDTs
have
segment descriptors defined for them.
除了由代码,数据,堆栈组成的执行程序运行的环境外,系统架构还定义了两个系统段:任务段(TSS)和局部描述符表。全局描述符表不被认为是一个段,因为它不能通过段选择器和段描述符来访问,而任务段和局部描述符段则拥有为他们定义的段描述符。
The architecture
also defines a set of special descriptors called gates (call gates,
interrupt
gates, trap gates, and task gates). These provide protected gateways to
system
procedures and handlers that may operate at a different privilege level than
application
programs and most procedures. For example, a CALL to a call gate can
provide
access to a procedure in a code segment that is at the same or a numerically
lower
privilege level (more privileged) than the current code segment. To access a
procedure
through a call gate, the calling procedure1 supplies the selector for the call
gate.
The processor then performs an access rights check on the call gate, comparing
the CPL
with the privilege level of the call gate and the destination code segment
pointed
to by the call gate.
架构还定义了一系列的特殊的描述符,叫门(调用门,中断们,陷入门,和任务门)。这些门为系统程序和句柄提供了保护的访问方式,而系统程序和句柄大部分是和一般的程序运行在不同的权限级别的。例如,通过调用调用门可以访问比当前代码段里的权限相同或者低调代码段里的程序。通过被调用程序提供的调用们的选择器,就可以通过调用门来访问程序。然后处理器就会进行关于调用门的权限检测,对比当前CPU运行级别和调用门的权限级别和调用门指向的目标代码段的权限。
If
access to the destination code segment is allowed, the processor gets the
segment
selector
for the destination code segment and an offset into that code segment from
the call
gate. If the call requires a change in privilege level, the processor also
switches
to the stack for the targeted privilege level. The segment selector for the
new
stack is obtained from the TSS for the currently running task. Gates also
facilitate
transitions
between 16-bit and 32-bit code segments, and vice versa.
如果允许访问目标代码段,处理器会从门中获得关于目标代码段的选择器和偏移值。如果调用要求更改运行的权限级别,处理器会切换到要求的权限级别的栈。从当前运行的任务的任务段(TSS)中可以获取到新栈的段选择器。门减轻了从16位代码段向32位代码段迁移的负担,反之亦然。
2.1.2.1 Gates in IA-32e Mode(关于IA32E模式下的门)
In
IA-32e mode, the following descriptors are 16-byte descriptors (expanded to allow
a 64-bit
base): LDT descriptors, 64-bit TSSs, call gates, interrupt gates, and trap
gates.
在IA32E模式下,下面们的描述符是16位的(扩展到话,要求是64位的):LDT描述符,64位任务段,调用门,中断门,陷入门。
Call
gates facilitate transitions between 64-bit mode and compatibility mode. Task
gates
are not supported in IA-32e mode. On privilege level changes, stack segment
selectors
are not read from the TSS. Instead, they are set to NULL.
调用门减轻了64位模式与其兼容模式过渡的负担。IA32E不支持任务门。当运行权限改变时,栈段选择器不是从任务段中湖区,相反,它们没设置成NULL。
2.1.3 Task-State Segments and Task Gates(任务状态段和任务门)
The TSS
(see Figure 2-1) defines the state of the execution environment for a task.
It
includes the state of general-purpose registers, segment registers, the EFLAGS
register,
the EIP register, and segment selectors with stack pointers for three stack
segments
(one stack for each privilege level). The TSS also includes the segment
selector
for the LDT associated with the task and the page-table base address.
任务状态段定义了一个任务的运行环境的状态。它包含通用寄存器,段寄存器,EFLAGS寄存器,EIP寄存器的状态,它包含拥有指向空闲任务段的栈指针的段选择器(一个用于每个运行权限等级的栈)。任务状态段同时也包含跟任务相关的局部描述符表(LDT)的段选择器,以及页表的基地值。
All
program execution in protected mode happens within the context of a task
(called
the
current task). The segment selector for the TSS for the current task is stored
in
the task
register. The simplest method for switching to a task is to make a call or
jump to
the new task. Here, the segment selector for the TSS of the new task is given
in the
CALL or JMP instruction. In switching tasks, the processor performs the
following
actions:
所有在保护模式下运行的程序都与一个任务上下文相关。任务状态段中关于当前任务的段选择器是存储在任务寄存器中。最简单的切换任务段方法是执行一个跳到新任务段调用。在这里新任务的段选择器是有CALL 或者JMP指令提供的。在任务切换的时候,处理器执行下面的动作:
1.
Stores the state of the current task in the current TSS.(保存当前任务状态段中关于当前任务的状态。
2. Loads
the task register with the segment selector for the new task.(将新任务的段选择器导入到任务寄存器中
3.
Accesses the new TSS through a segment descriptor in the GDT.(通过全局描述符里的段描述符来访问新任务状态段)
4. Loads
the state of the new task from the new TSS into the general-purpose
registers,
the segment registers, the LDTR, control register CR3 (page-table base
address),
the EFLAGS register, and the EIP register.(从新任务状态段中奖新任务的状态导入到通用寄存器,任务寄存器,LDTR,控制寄存器CR3(页表基地址),EFLAGS寄存器,EIP寄存器。
5.
Begins execution of the new task.(执行新任务)
A task
can also be accessed through a task gate. A task gate is similar to a call
gate,
except
that it provides access (through a segment selector) to a TSS rather than a
code
segment.
还可以通过任务门来访问一个任务。除了任务门提供访问任务状态段的的渠道,任务门跟调用门十分相似。
2.1.3.1 Task-State Segments in IA-32e Mode(IA32E模式下的任务状态段)
Hardware
task switches are not supported in IA-32e mode. However, TSSs continue
to
exist. The base address of a TSS is specified by its descriptor.
A 64-bit
TSS holds the following information that is important to 64-bit operation:
硬件上的任务切换在IA32E模式下是不支持的。但是,可以通过任务状态段实现。任务状态段的基地值有它自己的描述符指明。64位的任务状态段包含以下对64位操作十分重要的信息:
• Stack pointer addresses for each privilege level(每个权限等级的栈指针基地址)
• Pointer addresses for the interrupt stack table(中断栈表的指针地址)
• Offset address of the IO-permission bitmap (from the TSS base)??
The task
register is expanded to hold 64-bit base addresses in IA-32e mode. See also:
Section
6.7, “Task Management in 64-bit Mode.”
在IA32E模式下,任务寄存器扩展到可以存储64位基地址。
2.1.4 Interrupt and Exception Handling(中断和异常捕捉)
External
interrupts, software interrupts and exceptions are handled through the
interrupt
descriptor table (IDT). The IDT stores a collection of gate descriptors that
provide
access to interrupt and exception handlers. Like the GDT, the IDT is not a
segment.
The linear address for the base of the IDT is contained in the IDT register
(IDTR).
外部中断,软件中断和异常都是通过中断来描述符表(IDT)来捕捉。中断描述符表是一个可以通过其来访问中断和异常捕捉者的门描述符的集合。如同全局描述符表,中断描述符表也不是段。中断描述符表达线性地址的基地值存储在IDT寄存器(IDTR)里。
Gate
descriptors in the IDT can be interrupt, trap, or task gate descriptors. To
access
an
interrupt or exception handler, the processor first receives an interrupt
vector
(interrupt
number) from internal hardware, an external interrupt controller, or from
software
by means of an INT, INTO, INT 3, or BOUND instruction. The interrupt
vector
provides an index into the IDT. If the selected gate descriptor is an interrupt
gate or
a trap gate, the associated handler procedure is accessed in a manner similar
to
calling a procedure through a call gate. If the descriptor is a task gate, the
handler
is
accessed through a task switch.
中断描述符表里的门描述符可以是中断描述符,陷入描述符,或者任务门描述符。要访问中断或者异常捕捉器,处理器首先内部硬件要获得一个从中断向量(中断数值),一个外部中断控制器,或者从软件中的(INT,INT3,或者BOUND指令中获得。如果选中的门描述符是一个中断门或者陷入门,相关的的捕捉器程序的访问以跟通过调用门调用一个程序的方式相似。如果描述符是一个任务门,捕捉器通过一个任务门被调用。
2.1.4.1 Interrupt and Exception Handling IA-32e Mode(IA32E模式下的中断和异常捕获)
In
IA-32e mode, interrupt descriptors are expanded to 16 bytes to support 64-bit
base
addresses. This is true for 64-bit mode and compatibility mode.
The IDTR
register is expanded to hold a 64-bit base address. Task gates are not
supported.
在IA32E模式下,中断描述符扩展至16个字节以支持64位基地值。这种情况是真实的在64位模式下和其所兼容的模式下。
2.1.5 Memory Management(内存管理)
System
architecture supports either direct physical addressing of memory or virtual
memory
(through paging). When physical addressing is used, a linear address is
treated
as a physical address. When paging is used: all code, data, stack, and system
segments
(including the GDT and IDT) can be paged with only the most recently
accessed
pages being held in physical memory.
系统架构同时支持内存的直接物理寻址和虚拟内存(通过分页).当使用直接物理地址寻址,线性地址被认为是一个物理地址。当使用分页时,所有代码,数据,栈,系统段(包括GDT和IDT)可以进行分页,只有最近访问的页面保存在物理内存中。
The
location of pages (sometimes called page frames) in physical memory is
contained
in two types of system data structures: page directories and page tables.
Both
structures reside in physical memory (see Figure 2-1).
页(有时成为页片)在物理内存中断的位置存储在两种类型的系统数据结构中:页目录和页表。
两种数据类型都存在物理内存中(看图2-1)。
The base
physical address of the page directory is contained in control register CR3.
An entry
in a page directory contains the physical address of the base of a page table,
access
rights and memory management information. An entry in a page table
contains
the physical address of a page frame, access rights and memory management
information.
页表的物理基地值保存在控制寄存器CR3中。页表的入口包含了页表的物理基地址,访问权限和内存管理信息。页表的入口包含了页片的物理基地值,访问权限,以及内存管理信息。
To use
this paging mechanism, a linear address is broken into three parts. The parts
provide
separate offsets into the page directory, the page table, and the page frame.
A system
can have a single page directory or several. For example, each task can
have its
own page directory.
通过使用分页的方式,一个线性地址分成了三部分:这几部分提供了访问页目录,页表,叶片的各自偏移值。一个系统能有一个页目录,或者几个页目录。例如,每个任务可以拥有它自己的页目录。
2.1.5.1 Memory Management in IA-32e Mode(IA32E模式下的内存管理)
In
IA-32e mode, physical memory pages are managed by a set of system data structures.
In
compatibility mode and 64-bit mode, four levels of system data structures
are
used. These include:
在IA32E模式下,通过一系列的系统数据结构来管理物理内存的分页。在兼容模式和64位模式下,采用数据结构的四个级别,分别包括:
• The page map level 4 (PML4) — An entry in a PML4 table contains the physical
address
of the base of a page directory pointer table, access rights, and memory
management
information. The base physical address of the PML4 is stored in
CR3.
等级四的页地图(PML4):一个等级四的页地图的一个入口包含了页目录指针表的物理基地址,访问权限和内存管理信息。PML4的物理基地值存在CR3里。
• A set of page directory pointers — An entry in a page directory pointer table
contains
the physical address of the base of a page directory table, access rights,
and
memory management information.
页目录指针集合:页目录指针表的一个入口包含一个页目录表的物理基地址,访问权限和内存管理信息。
• Sets of page directories — An entry in a page directory table contains the
physical
address of the base of a page table, access rights, and memory
management
information.
页目录的集合:页目录表的一个入口包含了一个页表的物理基地址,访问权限,以及内存管理信息。
• Sets of page tables — An entry in a page table contains the physical address of
a page
frame, access rights, and memory management information.
页表的集合: 页表的一个入口包含了一个页片的物理地址,访问权限,以及内存管理信息。
2.1.6 System Registers(系统寄存器)
To
assist in initializing the processor and controlling system operations, the
system
architecture
provides system flags in the EFLAGS register and several system
registers:
为了帮助处理器的初始化以及系统操作的控制,系统架构提供了一些系统标识,存在EFLAGS寄存器和系统寄存器里。
• The system flags and IOPL field in the EFLAGS register control task and
mode
switching,
interrupt handling, instruction tracing, and access rights. See also:
Section
2.3, “System Flags and Fields in the EFLAGS Register.”
EFLAGS寄存器里的系统标识和IOPL块控制任务和模式的切换,中断的捕捉,指令的陷入,以及访问权限。
看章节2.3
• The control registers (CR0, CR2, CR3, and CR4) contain a variety of flags
and
data
fields for controlling system-level operations. Other flags in these registers
are used
to indicate support for specific processor capabilities within the
operating
system or executive. See also: Section 2.5, “Control Registers.”
控制寄存器(CR0,CR2,CR3,CR4)包含了各种各样的用于控制系统级的操作的标识和数据块。
关于操作系统的处理器的一些特别的特性的支持,通过控制寄存器里的其他标识来指明。看章节2.5
• The debug registers (not shown in Figure 2-1) allow the setting of
breakpoints for
use in
debugging programs and systems software. See also: Chapter 18,
“Debugging
and Performance Monitoring.”
通过调试寄存器(没有在图2-1里标明),可以设置断点来调试程序程序和系统软件。具体看18章。
• The GDTR, LDTR, and IDTR registers contain the linear addresses and sizes
(limits)
of their respective tables. See also: Section 2.4, “Memory-Management
Registers.”
GDTR寄存器,LDTR寄存器,IDTR寄存器包含了他们各自的表达线性地址和大小。看章节2.4.
• The task register contains the linear address and size of the TSS for the
current
task.
See also: Section 2.4, “Memory-Management Registers.”
任务寄存器包含了当前任务的任务状态段的线性地址和大小。看章节2.4
• Model-specific registers (not shown in Figure 2-1).??
The
model-specific registers (MSRs) are a group of registers available primarily to
operating-system
or executive procedures (that is, code running at privilege level 0).
These
registers control items such as the debug extensions, the
performance-monitoring
counters,
the machine- check architecture, and the memory type ranges
(MTRRs).
The
number and function of these registers varies among different members of the
Intel 64
and IA-32 processor families. See also: Section 9.4, “Model-Specific Registers
(MSRs),”
and Appendix B, “Model-Specific Registers (MSRs).”
MSRs是操作系统或者程序(运行在级别0)的主要的可用寄存器的集合。这些寄存器控制关于调试扩展,性能监控计数器,机器自检架构以及内存类型范围等东西。
这些寄存器的数量和函数在intel64位和IA32处理器家中的不同成员间是不同。看章节9.4.
Most
systems restrict access to system registers (other than the EFLAGS register) by
application
programs. Systems can be designed, however, where all programs and
procedures
run at the most privileged level (privilege level 0). In such a case,
application
programs
would be allowed to modify the system registers.
大多数操作系统限制了程序访问系统寄存器(例如FFLAGS寄存器)。然而,如果系统被设计成所有的程序都运行在最低权限下,那么程序就可以修改系统寄存器里的数据。
2.1.6.1 System Registers in IA-32e Mode,(IA32E模式下的系统寄存器)
In
IA-32e mode, the four system-descriptor-table registers (GDTR, IDTR, LDTR, and
TR) are
expanded in hardware to hold 64-bit base addresses. EFLAGS becomes the
64-bit
RFLAGS register. CR0-CR4 are expanded to 64 bits. CR8 becomes available.
CR8
provides read-write access to the task priority register (TPR) so that the
operating
system
can control the priority classes of external interrupts.
In
64-bit mode, debug registers DR0–DR7 are 64 bits. In compatibility mode,
address-matching
in DR0-DR3 is also done at 64-bit granularity. 在IA32E模式下,四个系统描述符表计算器被从硬件上扩展,以存储64位的基地址。FELAGS寄存器变成了64位的EFLAGS寄存器。CR0至CR4寄存器扩展至64位。CR8变为可用。CR8寄存器提供了任务权限寄存器(TPR)的读-写访问,这样操作系统可以控制了外部中断的权限等级。
在64位模式下,调试寄存器DR0至DR7是64位的。在兼容模式下,DR0至DR3的地址匹配以及跟64位的粒度一样。
On
systems that support IA-32e mode, the extended feature enable register
(IA32_EFER)
is available. This model-specific register controls activation of IA-32e
mode and
other IA-32e mode operations. In addition, there are several modelspecific
registers
that govern IA-32e mode instructions:
在支持IA32E的操作系统上,额外特性使能寄存器变为可用。在IA32E模式下和其他IA32E模式下的操作,model-specific寄存器被激活。另外一些modelspecific寄存器控制了IA32E模式下的下面指令:
• IA32_KernelGSbase — Used by SWAPGS instruction.
• IA32_LSTAR — Used
by SYSCALL instruction.
• IA32_SYSCALL_FLAG_MASK — Used by SYSCALL instruction.
• IA32_STAR_CS — Used by SYSCALL and SYSRET instruction.
2.1.7 Other System Resources(系统的其他资源)
Besides
the system registers and data structures described in the previous sections,
system
architecture provides the following additional resources:
除了前面章节描述的系统寄存器和数据结构,系统架构还提供了下面额外的资源:
• Operating system instructions (see also: Section 2.6, “System Instruction
Summary”).操作系统指令
• Performance-monitoring counters (not shown in Figure 2-1).性能监控计数器
• Internal caches and buffers (not shown in Figure 2-1).内部缓冲
Performance-monitoring
counters are event counters that can be programmed to
count
processor events such as the number of instructions decoded, the number of
interrupts
received, or the number of cache loads. See also: Section 18, “Debugging
and
Performance Monitoring.”
性能监控计数器是一些可以通过编程来实现处理器事件计数的事件计数器,处理器事件的计数包括指令译码的数量,接收中断的数量,导入高速缓冲的数量。看章节18.
The
processor provides several internal caches and buffers. The caches are used to
store
both data and instructions. The buffers are used to store things like decoded
addresses
to system and application segments and write operations waiting to be
performed.
See also: Chapter 10, “Memory Cache Control.”
处理器提供了一些高速缓冲和缓冲。这些缓冲用于存储数据和指令。一些信息,例如系统段和程序段的地址译码,等待被写入的操作等可以存在缓冲里。看章节10.
Intel. 64 and IA-32 Architectures Software Developer's Manual