United States Patent £19J
`Cohen
`
`lllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
`5,303,378
`Apr. 12, 1994
`
`US005303378A
`[11] Patent Number:
`[45] Date of Patent:
`
`[54] REENTRANT PROTECTED MODE KERNEL
`USING VIRTUAL 8086 MODE INTERRUPT
`SERVICE ROUTINES
`
`[75]
`
`Inventor: Leonardo Cohen, Spring, Tex.
`
`[73] Assignee: Compaq Computer Corporation,
`Houston, Tex.
`
`[21] Appl. No.: 703,499
`
`[22]
`
`Filed:
`
`May 21, 1991
`
`[51]
`[52]
`
`[58]
`
`[56]
`
`Int. Cl.5 .............................................. G06F 12/00
`U.S. Cl. .................................... 395/700; 395/400;
`364/280.8; 364/280.9; 364/DIG. 1
`Field of Search ............... 395/425, 650, 700, 400;
`364/200, 900
`
`References Cited
`U.S. PATENT DOCUMENTS
`4,779,187 10/1988 Letwin ................................ 395/650
`4.926,322 5/1990 Stimac et al. ....................... 395/500
`4,928,237 5/1990 Bealkowski et al. ............... 395/700
`4,974,159 11/1990 Hargrove et al. .................. 395/650
`5,027,273 6/1991 Letwin ................................ 395/400
`5,125,087 6/1992 Randell ............................... 395/425
`5,144,551 9/1992 Cepulis ................................ 395/700
`
`OTHER PUBLICATIONS
`John Uffenbeck, Microcomputers and Microproces-
`
`sors: The 8080, 8085, and Z-80 Programming, Interfac(cid:173)
`ing, and Troubleshooting, 1985, pp. 257-273.
`James Turley, "Advanced 80386 Programming Tech(cid:173)
`niques", McGraw-Hill, 1988, pp. 283-315.
`Primary Examiner-Gareth D. Shaw
`Assistant Examiner-Dennis M. Butler
`Attorney, Agent, or Firm-Pravel, Hewitt, Kimball &
`Krieger
`ABSTRACT
`[57]
`A method for allowing a protected mode kernel to
`service, in virtual 8086 mode, hardware interrupts
`which occur during execution of ring 0 protected mode
`code. When an interrupt occurs during execution of
`ring 0 code, the microprocessor copies the state of the
`last virtual 8086 environment on the top of the ring 0
`stack and modifies this state to begin execution of the
`appropriate interrupt service routine in virtual 8086
`mode. The kernel utilizes a secondary stack to keep
`track of the last virtual 8086 environment saved on the
`ring 0 stack and updates the ring 0 stack pointer in the
`respective task's task state segment to the new begin(cid:173)
`ning of the ring 0 stack each time a ring transition oc(cid:173)
`curs from ring 3 V86 mode to ring 0 protected mode.
`By manipulating the ring 0 stack and utilizing the sec(cid:173)
`ondary stack to keep track of interrupted V86 environ(cid:173)
`ments, the kernel can allow interrupts to be nested
`down multiple levels.
`
`16 Claims, 18 Drawing Sheets
`
`-
`
`'--
`
`RINGO STACK
`
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`N VARIABLES
`
`~
`
`PM EFLAGS
`
`PMCS
`
`PM EIP
`
`PM DATA
`SEGMENTS
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`TF, IF CLEARED
`CSOF V861SR
`
`EIP OF V86 ISR
`
`-
`
`'--
`
`VMTF#1
`
`PMTF
`
`MODIFIED
`VMTF
`
`r\ VMFS
`
`POINTER 1
`
`~ \
`
`TSS
`
`\..., RING 0 STACK PTR
`SP
`
`ZTE Exhibit 1040
`
`Page 1 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 1 of 18
`
`5,303,378
`
`LINEAR ADDRESS
`(AS SEEN BY
`PROGRAM)
`
`80386
`PAGING
`MECHANISM
`
`PHYSICAL
`MEMORY PAGES
`
`4GB
`
`4GB
`
`--
`-
`.. -
`
`/;
`jj··-1-----1~----~
`··········~~:::_li···
`1---;.>·<//
`PRO~lt-------1
`-~~·:::::::::::,__-:~~----~
`1---f:/...
`······ ...
`1-------1
`: ·.
`·.
`
`\\·················· ... ,__--~~----~
`
`'
`
`0
`
`: ..................................... .1
`
`L . . . . . - - - - - . . . J 0
`
`I'IJCff) I
`PRIOR ART
`
`ATIRIBUTES
`
`PRESENT - - - - - - - - - - - .
`RIGHTS - - - - - - - - - ,
`PRIVILEGE - - - - - - - - ,
`
`ACCESSED - - - - - . . . . . , !
`
`(USER DE~~~~ ----,.........,~ ~
`
`PAGE ADDRESS
`
`111111
`
`I'IJCJ!) ,
`PRIOR ART
`
`Page 2 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 2 of 18
`
`5,303,378
`
`LINEAR ADDRESS
`
`21
`31
`I DIRECTORY
`
`11
`
`PAGE
`
`OFFSET
`
`0
`I
`
`PAGE TABLE
`
`~ ENTRY
`DIR. ENTRY u
`l~
`
`PAGE TABLES
`(1024 ENTRIES
`EACH)
`
`,,.tl.
`
`PRIOR ART
`
`CR3
`
`I
`
`(PAGE TABLE
`DIRECTORY
`BASE)
`
`PAGE TABLE
`DIRECTORY
`(1024 ENTRIES)
`
`USER---
`
`OEM SERVICES
`
`OS SERVICES
`
`4GB.------.
`
`PHYSICAL
`
`~ ADDRESS
`
`.
`
`1-
`
`1-
`
`4KB
`PAGE
`
`1--
`
`0
`
`PHYSICAL
`ADDRESS
`SPACE
`
`,,.tl •
`
`PRIOR ART
`
`USER
`
`FOUR LEVELS OF PROTECTION
`(PROTECTED MODE)
`
`UNPROTECTED SYSTEM
`(REAL MODE)
`
`__ USER
`
`Page 3 of 42
`
`

`
`U.S. Patent
`
`. Apr. 12, 1994
`
`Sheet 3 of 18
`
`5,303,378
`
`DESCRIPTOR
`TABLES
`
`LOGICAL ADDRESS
`
`47
`
`31
`
`0
`
`SEGMENT
`TRANSLATION
`
`LINEAR ADDRESS
`
`31
`
`0
`
`PAGING ENABLED
`
`PAGE
`TABLES
`
`PHYSICAL ADDRESS
`
`31
`
`0
`
`PAGE
`TRANSLATION
`
`31
`
`0
`
`PHYSICAL ADDRESS
`
`LINEAR ADDRESS
`
`,IJCJ~ •
`PRIOR ART
`
`_ 4GB
`_ . ___ __
`. -----------
`-. -- - -.. -. -
`----- -·
`--· .. '==-~·
`
`.
`
`-- . ---- . . . VI
`~·
`
`~ PAGEN
`
`1--
`
`~ PAGE1
`:I i80~6 .
`~ OPERATING
`SYSTEM
`
`PAGEN 1--
`
`1--
`
`PAGE 1 1--
`'. 8086
`OPERATING -
`'SYSTEM.:
`
`EMPTY
`
`..___
`
`r
`
`.t~Sk2 I
`PAGE TABLE:
`
`VIRTUAL
`8086 TASK
`
`PAGE DIRECTORY
`TASK2
`
`EMPTY
`
`;
`• T+SK ~
`,
`I
`'
`,
`1--
`PAGE TABLE
`
`. !
`
`' ;
`
`0
`
`'
`
`r
`
`PHYSICAL
`MEMORY
`
`PAGE DIRECTORY
`TASK1
`._____.·I 8086 OPERATING SYSTEM MEMORY
`1: ~ :~: ~ j 80386 OPERATING SYSTEM MEMORY
`
`VIRTUAL
`8086TASK
`
`.______.I TASK 1 MEMORY
`._____,I TASK 2 MEMORY
`I'IJQt> 6 PRIORART
`
`Page 4 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`. Sheet 4 of 18
`
`5,303,378
`
`RING OSTACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`
`EIP OF VM TASK
`INTERRUPTED
`
`ERROR CODE
`
`VMTF
`
`17'1Clt>,
`PRIOR ART
`
`,._ SS:ESP {NO ERROR CODE) INTERRUPT
`
`-4- SS:ESP (WITH ERROR CODE) EXCEPTION
`
`RMTF
`
`FLAGS
`
`CS OF REAL MODE
`APP
`IP OF REAL MODE
`APP
`
`,,_f) •
`
`PRIOR ART
`
`RING OSTACK
`
`VM DATA ·
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`VMTF
`
`PRIOR ART
`
`Page 5 of 42
`
`

`
`u.s. Patent
`
`Apr. 12, 1994
`
`Sheet 5 of 18
`
`5,303,378
`
`RING OSTACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`RING OSTACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`NEWVM ESP
`(OLD ESP-6)
`EFLAGS
`(IF + TF CLEARED)
`CS OF VM
`INTERRUPT
`HANDLER
`EIPOF VM
`INTERRUPT
`HANDLER
`
`VMTF
`
`VMTF
`
`RMTF
`
`RMTF
`
`RING 3 STACK
`
`VM EFLAGS
`BEFORE INT
`CS OF VM TASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`PRIOR ART
`
`RING 3 STACK
`
`VM EFLAGS
`BEFORE INT
`CS OF VMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`6'1JCI!J fJfJ
`PRIOR ART
`
`RINGO STACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CS OFVM TASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`Page 6 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 6 of 18
`
`5,303,378
`
`100
`
`V86 TASK
`EXECUTING
`
`PROCESSOR TRANSITIONS
`FROM RING 3 V86 MODE TO
`RING 0 PROTECTED MODE
`
`EXECUTEIRET
`INSTRUCTION
`
`.-----~--....., 106
`GETS RING 0 STACK
`POINTER FROM TSS
`
`.---....&...---, 114
`EXECUTE GP
`FAULT HANDLER
`
`,----'-----, 186
`EXECUTE EHI CODE
`TO TRAP TO
`PROTECTED MODE
`
`, - - - - - - ' - - - - , 108
`SAVE VTMF ON TOP OF
`RING 0 STACK POINTED
`TO BY RING 0 STACK PTR
`
`y
`
`r-------'------, 188
`DISCARD VMTF ON RING
`0 CAUSED BY TRAP
`
`190
`
`UPDATE RING 0
`STACK PTR IN TSS
`
`192 r--------''-----,
`RESTORE SEGMENT
`REGISTERS
`
`EXECUTE IRET INSTRUCTION
`TO RETURN TO
`INTERRUPTED PM CODE
`
`194
`
`y
`
`B
`
`Page 7 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 7 of 18
`
`5,303,378
`
`y
`
`A
`
`124
`
`EXECUTE EXCEPTION
`HANDLER CODE
`
`EXECUTE REFLECTION 122
`CODE TO REFLECT
`BACK TO V86 MODE
`
`B
`
`130
`
`132
`
`H
`
`PM HANDLER PUSHES A
`POINTER TO VMTF IN VMFS
`
`INTERRUPTS ARE ENABLED
`AND THE PROTECTED MODE
`SERVICE IS DISPATCHED
`
`134
`
`PROTECTED MODE
`SERVICE EXECUTING
`
`N
`
`....--....,..--.....L-----, 138
`SAVE PTMF ON THE
`RING 0 STACK
`
`148
`
`POP LAST VALUE
`OFFOFVMFS
`
`EXECUTEIRET
`INSTRUCTION TO
`RETURN TO V86 CODE
`
`Page 8 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 8 of 18
`
`5,303,378
`
`y
`
`N
`
`144
`
`EXECUTE PAGE
`FAULT HANDLER
`
`160
`
`SAVE SEGMENT
`REGISTERS ON THE
`RING 0 STACK
`
`GET POINTER TO LAST
`VTMF ON THE RING 0 STACK
`
`COPY LAST VTMF TO THE
`TOP OF THE RING 0 STACK
`TO CREATE NEW VTMF
`
`GET SEGMENT:OFFSET OF
`THE ENTRY POINT OF THE
`ISR FROM THE IVT
`
`MODIFY VMTF TO IRET
`TO THIS ENTRY POINT
`
`UPDATE RING 0 STACK
`POINTER IN TSS TO POINT
`TO MODIFIED VMTF
`
`172
`
`APPEND EHI CODE
`POINTER TO TOP OF
`THE RING 3 STACK
`
`EXECUTE !RET INSTRUCTION
`TO TRANSFER TO V86 MODE
`TO BEGIN ISR
`
`174
`
`162
`
`164
`
`166
`
`168
`
`170
`
`Page 9 of 42
`
`

`
`U.S. Patent
`
`. Apr. 12, 1994
`
`Sheet 9 of 18
`
`5,303,378
`
`-
`.-.
`
`\._
`
`VMFS
`
`POINTER 1
`
`,.
`
`61/GJt>
`
`RINGO STACK
`
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`RING OSTACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`N VARIABLES
`
`RINGO STACK
`
`.-. -
`
`VMFS
`
`POINTER 1
`
`6'1JGJt>
`
`VMFS
`
`POINTER 1
`
`'IJGft>
`
`fjf;
`
`VMTF
`
`VMTF
`
`VMTF
`
`PMTF
`
`.....-
`
`-
`
`....-
`
`..._
`
`-
`
`VM DATA ~
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`
`I--
`
`Page 10 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 10 of 18
`
`5,303,378
`
`VMFS
`
`POINTER 1
`
`FIJGt> ,,
`
`VMTF
`
`COPY
`
`PMTF
`
`VMTF
`
`~-
`~
`
`RINGO STACK
`
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`
`Page 11 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 11 of 18
`
`5,303,378
`
`~
`1-
`
`--
`
`RINGO STACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`INTERRUPTED
`EIP OF VM TASK
`INTERRUPTED
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`TF, IF CLEARED
`CSOF V861SR
`
`EIP OF V86 ISR
`
`VMFS
`
`POINTER 1
`
`61JCt> I
`
`TSS
`
`'- RING 0 STACK PTR
`
`SP
`
`VMTF#1
`
`PMTF
`
`MODIFIED
`VMTF
`
`Page 12 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 12 of 18
`
`5,303,378
`
`VMTF#1
`
`PMTF
`
`VMTF#2
`
`.... -
`
`.....
`._.
`"""":'"
`
`RINGO STACK
`
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA
`SEGMENTS#2
`VM SS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`CS OF VM TASK #2
`
`EIP OF VM TASK
`#2
`
`VMFS
`
`POINTER 1
`
`POINTER2
`
`r
`
`,,c;t> fJ
`
`TSS
`
`'- RING 0 STACK PTR
`
`SP
`
`Page 13 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 13 of 18
`
`5,303,378
`
`VMTF#1
`
`PMTF
`
`VMTF#2
`
`.... -
`
`.....
`~ -
`......
`
`RINGO STACK
`
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA
`SEGMENTS#2
`VM SS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`CS OF VM TASK #2
`
`EIP OF VM TASK
`#2
`N VARIABLES PM
`TASK#2
`
`VMFS
`
`POINTER 1
`
`POINTER2
`
`r
`
`6'11Clf) ~ r
`
`TSS
`
`'- RING 0 STACK PTR
`
`SP
`
`Page 14 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 14 of 18
`
`5,303,378
`
`VMTF#1
`
`r--
`
`......_
`r-
`
`RINGO STACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`N VARIABLES
`
`PM EFLAGS
`
`~
`
`-
`
`PMTF# 1
`
`PMCS
`
`PMEIP
`
`VMFS
`
`POINTER 1
`
`POINTER2
`
`I
`
`,,.f)
`
`PM DATA
`SEGMENTS
`~ VM DATA
`SEGMENTS#2
`
`VM SS#2 ~ '
`
`VMTF#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`TSS
`
`CS OF VM TASK #2
`
`\... RING 0 STACK PTR
`SP
`
`COPY
`
`EIP OF VM TASK
`#2
`N VARIABLES PM
`TASK#2
`PM EFLAGS#2
`
`...._
`
`-
`
`PMTF#2
`
`~
`
`VMTF#2
`
`PM CS#2
`
`PM EIP#2
`
`PM DATA
`SEGMENTS#2
`VM DATA
`SEGMENTS#2
`VMSS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`CS OF VM TASK #2
`
`EIP OF VM TASK
`#2
`
`...._
`
`Page 15 of 42
`
`

`
`U.S. Patent
`
`. Apr. 12, 1994
`
`Sheet 15 of 18
`
`5,303,378
`
`RINGO STACK
`
`VMDATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA
`SEGMENTS#2
`VM SS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`CS OF VM TASK #2
`
`EIP OF VM TASK
`#2
`N VARIABLES PM
`TASK# 2
`PM EFLAGS#2
`
`PMCS#2
`
`PM EIP#2
`
`PM DATA
`SEGMENTS#2
`VM DATA
`SEGMENTS#2
`VMSS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`TF, IF CLEARED
`CS OF V86 ISR #2
`
`EIP OF V86 ISR #2
`
`VMTF#1
`
`PMTF# 1
`
`VMTF#2
`
`PMTF#2
`
`MODIFIED
`VMTF#2
`
`~
`
`VMFS
`
`POINTER 1
`
`POINTER2
`
`r
`
`6'1Glt> ~
`
`~
`
`~ '
`
`TSS
`
`\... RING 0 STACK PTR
`SP
`
`Page 16 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`. Sheet 16 of 18
`
`5,303,378
`
`VMFS
`
`POINTER 1
`
`POINTER2
`
`r
`
`6'1JCJf)
`
`RING OSTACK
`
`VM DATA ~
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`NVARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA ~
`SEGMENTS#2
`VM SS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`CS OF VM TASK #2
`
`EIP OF VM TASK
`#2
`N VARIABLES PM
`TASK# 2
`PM EFLAGS#2
`
`PM CS#2
`
`PM EIP#2
`
`PM DATA
`SEGMENTS#2
`
`VMTF#1
`
`PMTF# 1
`
`VMTF#2
`
`PMTF#2
`
`~ \
`
`TSS
`
`'- RING 0 STACK PTR
`
`SP
`
`Page 17 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 17 of 18
`
`5,303,378
`
`RINGO STACK
`
`VM DATA ~ -
`
`SEGMENTS
`VMSS
`
`VMTF#1
`
`PMTF # 1
`
`VMTF#2
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PMEIP
`
`PM DATA
`SEGMENTS
`VM DATA
`SEGMENTS#2
`VM SS#2
`
`VM ESP#2
`
`VM EFLAGS#2
`
`CS OF VM TASK #2
`
`EIP OF VM TASK
`#2
`N VARIABLES PM
`TASK# 2
`
`....... -
`
`r--
`
`VMFS
`
`POINTER 1
`
`POINTER2
`
`r
`
`FIJGf) ~
`
`TSS
`
`'- RING 0 STACK PTR
`SP
`
`Page 18 of 42
`
`

`
`U.S. Patent
`
`Apr. 12, 1994
`
`Sheet 18 of 18
`
`5,303,378
`
`RINGO STACK
`
`SEGMENTS
`VMSS
`
`~ VM DATA
`
`VMFS
`
`POINTER 1
`
`I
`
`6'11Gf)
`
`TSS
`
`"' RING 0 STACK PTR
`
`SP
`
`VMTF#1
`
`PMTF# 1
`
`VMTF #1
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`
`EIP OF VM TASK
`
`N VARIABLES
`
`PM EFLAGS
`
`PMCS
`
`PM EIP
`
`PM DATA
`SEGMENTS
`
`RING OSTACK
`
`VM DATA
`SEGMENTS
`VMSS
`
`VMESP
`
`VM EFLAGS
`
`CSOFVMTASK
`.
`EIP OF VM TASK
`N VARIABLES
`
`Page 19 of 42
`
`

`
`REEJ'I.'TRANT PROTECTED MODE KERNEL
`USING VIRTUAL 8086 MODE INTERRUPT
`SERVICE ROUTINES
`
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`The present invention relates to operating systems in
`computer systems, and more particularly to an inter(cid:173)
`ruptible protected mode kernel which can service, in 10
`virtual 8086 mode, hardware interrupts which occur
`during execution of ring 0 protected mode code.
`2. Description of the Prior Art
`Many popular personal computers are based on the
`Intel Corporation (Intel) 8086 family of microproces- 15
`sors. This microprocessor family includes the 8088, the
`8086, the 80186, the 80286, the 80386, and the 80486
`microprocessors, among others. These microprocessors
`have been designed for upward compatibility-pro(cid:173)
`grams written for the 8088 and/or the 8086 can be run 20
`on computers having 80286, 80386, or 80486 processors,
`and programs written for the 80286 processor can be
`run by the 80386 or the 80486. For the purposes of this
`disclosure, the upwardly compatible series of Intel pro(cid:173)
`cessors and processors which include the instruction set 25
`of these processors is hereinafter referred to as the Intel
`8086 family of microprocessors. Also, for the purposes
`of this disclosure, the 8088 and the 8086 may be consid(cid:173)
`ered functionally equivalent and will henceforth be
`referred to as "the 8086." In addition, the 80386 and 30
`80486 microprocessors are considered functionally
`equivalent and will henceforth be referred to as "the
`80386."
`The amount of physical memory a microprocessor
`can access depends on the number of address lines that 35
`emanate from the chip. Each additional bit doubles the
`amount of addressable memory. The 8086 can address
`one Megabyte of memory, which requires a 20-bit ad(cid:173)
`dress. Rather than introduce a 20-bit register into the
`8086, the 20-bit address is split into two portions-a 40
`16-bit segment address and a 16-bit offset address,
`which are stored in different registers. The micro(cid:173)
`processor shifts the segment address 4 bits left (thereby
`effectively multiplying it by 16) and then adds the offset
`address. The result is a 20-bit address that an access 1 45
`Megabyte of memory.
`By convention, a 20-bit address can be shown broken
`down into its segment and offset parts using the notation
`0000:0000, the segment being to the left of the colon and
`the offset on the right. For example, a 20-bit address 50
`written as FFE6E in hexadecimal notation could be
`written as FFE4:002E in segmented notation. Each of
`the four segment registers in the 8086 defines a 64 KB
`block of memory called a "segment." If all the segment
`registers are kept constant and equal, then the micro- 55
`processor can access only 64 kbytes of memory.
`The 80286 and the 80386 microprocessors all support
`and go beyond the segmented addressing scheme of the
`8086. When first powered up, they operate in "real
`mode," which uses segment and offset registers in the 60
`same way as the 8086 to access the same one Megabyte
`of memory. Thus the 80286 and the 80386 microproces(cid:173)
`sors are upwardly compatible with the addressing
`scheme of the 8086 chip.
`In addition to real mode operation, the 80286 and the 65
`80386 can operate in "protected mode." The main dif(cid:173)
`ference of protected mode is that the segment register is
`no longer a real (i.e., physical) address. Instead, the
`
`1
`
`5,303,378
`
`2
`80286 and 80386 microprocessors use the value held in
`the segment register to look up a base address which is
`stored in a descriptor table in memory. The 80286 uti(cid:173)
`lizes a 24-bit base address, which allows the 80286 to
`5 access 16 Megabytes of memory (224) instead of 1
`Megabyte (220). The 80286 adds a 16-bit offset address
`to this base address to form a 24 bit address. The 80386
`utilizes a 32-bit base address and a 32-bit offset to form
`a 32-bit address, which allows the 80386 to access 4
`gigabytes of memory.
`In order to more fully understand the present inven(cid:173)
`tion, there follows a discussion of the way in which the
`80386 microprocessor addresses memory.
`The physical address space of most computers is
`organized as a simple array of bytes. With the develop(cid:173)
`ment of memory management units (MMU's), computer
`architectures began to distinguish between the physical
`address space implemented by the memory hardware
`and the logical address space seen by a programmer.
`The MMU translates the logical addresses presented by
`programs into the physical addresses that are provided
`from the microprocessor. The 80386 logical address
`space consists of a collection of one of the following:
`Bytes: The logical address space consists of an array
`of bytes with no other structure (this is sometimes called
`a "flat" or "linear" address space). No MMU translation
`is required because of a logical address is exactly equiv(cid:173)
`alent to a physical address.
`Segments: The logical address space consists of a few
`or many segments, each of which is composed of a
`variable number of bytes. A logical address is given in
`two parts, a segment number and an offset into the
`segment. The MMU translates a logical address into a
`physical address.
`Pages: The logical address space consists of many
`pages, each of which is composed of a fixed number of
`bytes. A logical address is a page number plus an offset
`within the page. The MMU translates a logical address
`into a physical address.
`Paged Segments: The logical address space consists
`of segments which themselves consist of pages. A logi(cid:173)
`cal address is a segment number and an offset. The
`MMU translates the logical address into a linear address
`which is then translated by the paging mechanism into
`a physical address.
`Technically, the 80386 views memory as a collection
`of segments that are optionally paged. In practice, the
`80386 architecture supports operating systems that use
`any of the four views of memory described above.
`There follows a more detailed discussion of the segmen-
`tation and paging mechanisms in the 80386 micro(cid:173)
`processor.
`In protected mode, the segment is the unit the 80386
`provides for defining a task's logical address space.
`Segment registers define the way that memory is orga(cid:173)
`nized between tasks, that is, a task's logical address
`space consists of one or more segments. An instruction
`refers to a memory operand by a two-part logical ad(cid:173)
`dress consisting of a segment selector and an offset into
`the segment. The 80386 uses the selector to look up the
`segment's descriptor in a segment descriptor table, and
`the base address in the descriptor is added to the offset
`to produce the operand's linear address. In this manner,
`the segmentation unit in the 80386 translates a logical
`address into a linear address.
`Each task has its own descriptor table describing the
`segments for that task, and that (along with 80386 regis-
`
`Page 20 of 42
`
`

`
`5,303,378
`
`3
`4
`considers the linear address formed from the segment:-
`ter values) is virtually all that the 80386 needs to store to
`offset to be the physical address and provides it on the
`switch between tasks. Since addresses are stored in the
`address pins. If paging is enabled, the 80386 translates
`descriptor table rather than in the segment registers, the
`the linear address into a physical address with the aid of
`operating system can move memory around without
`5 page tables. The page translation step is optional, and
`application programs being affected.
`Unlike the 8086, 8088, and 80286, the 80386 micro-
`paging must be enabled if the operating system is to
`implement multiple virtual 8086 tasks, page-oriented
`processor incorporates memory paging hardware. This
`protection, or page-oriented virtual memory. FIG. 4
`allows linear addresses to be mapped to physical mem-
`shows. the fundamentals of 80386 logical-to-physical
`ory addresses. This facility allows the efficient imple-
`mentation of virtual memory systems. With memory 10 address translation.
`paging support, the operating system can easily allocate
`In addition to the on-chip memory management rea-
`contiguous memory to an application simply by map-
`ture discussed above, the 80386 includes a protection
`ping a number of noncontiguous physical memory
`scheme in order to support multitasking. The 80386
`pages into the requested logical program space. This
`protection mechanism consists of two parts: the mem-
`mapping of a program's linear address space into physi- 15 ory management scheme discussed above, which is used
`to protect various tasks from each other, and privilege
`cal memory is shown schematically in FIG. 1.
`The mapping of noncontiguous physical memory
`level protection, which is used to selectively protect
`pages into a requested logical program space is per-
`various portions of the operating system and other soft-
`formed by updating the page directory and page tables.
`ware from user applications. As explained above, the
`An 80386 operating system enables paging by setting 20 memory management abilities of the 80386 provides for
`the PG (Paging Enabled) bit in Control Register 0
`the separation of task address spaces by segment de-
`(CRO) with a privileged instruction. When paging is
`scriptor tables and page tables. This separation can
`enabled, the processor translates a linear address to a
`effectively prevent application tasks from interfering
`physical address with the aid of page tables. Page tables
`are the counterparts of segment descriptor tables; as a 25 with each other's code and data. In addition to isolating
`task's segment descriptor table defines its logical ad-
`tasks from each other, the privilege level protection
`dress space, a task's page tables define its linear address
`mechanism provides facilities for protecting the operat-
`space. An 80386 task's page tables are arranged in a
`ing system from application code, for protecting one
`two-level hierarchy as shown in FIG. 2. Each task can
`part of the operating system from other parts, and for
`have its own page table directory. The 80386's CR3 30 protecting a task from some of its own errors.
`(Page Table Directory Base) system register points to
`Referring now to FIG. 5, the privilege level protec-
`the running task's page table directory. The 80386 up-
`tion facilities of the 80386 are based on the notion of a
`dates CR3 on each task switch, obtaining the new direc-
`privilege hierarchy. The 80386 microprocessor has four
`tory address from an area of memory associated with
`levels of protection which can support the needs of a
`that task referred to as the task state segment (TSS). 35 multitasking operating system to isolate and protect
`FIG. 2 shows in functional terms how the 80386 micro-
`user programs from each other and the operating sys-
`processor translate a linear address to a physical address
`tern. In this description, privilege levels are also gener-
`when paging is enabled. The processor uses the upper
`ally referred to as rings, and they are numbered 0
`lO bits of the linear address as an index into the direc-
`through 3. Ring 0 is the most privileged level and ring
`tory. The selected directory entry contains the address 40 3 is the least privileged level.
`of a page table. The processor adds the middle 10 bits of
`FIG. 5 shows how the 80386 privilege levels can be
`the linear address to the page table address to index the
`used to establish different protection policies. An un-
`page table entry that describes the target page. Adding
`protected system can be implemented by simply placing
`the lower 12 bits of the linear address to the page ad-
`all procedures in a segment (or segments) whose privi-
`dress produces the 32-bit physical address.
`45 lege level is 0. Real mode is an example of an unpro-
`FIG. 3 shows the basic content of a page table entry.
`tected system because the operating system (OS) and all
`Directory entries are identical, except that the page
`of the various procedures and applications are operating
`address field is interpreted as the physical address of a
`at ring 0 level. In contrast, protected mode utilizes the
`full privilege and protection capabilities of the 80386.
`page table, rather than a page.
`Tasks can share individual pages or entire page tables. 50 For example, in protected mode, the most critical and
`least changing operating system procedures (referred to
`Entries in different page tables that point to the same
`page are aliases of one another just as descriptors with
`as the operating system kernel) are assigned to ring 0.
`the same base address are aliases of one another. The
`Ring 1 is generally used for the services that are less
`80386's two-level page table structure makes it easier to
`critical and more frequently modified or extended, for
`share pages between tasks by sharing entire page tables. 55 example, device drivers. Ring 2 may be reserved for use
`Since the address of a page shared in this way exists in
`by original equipment manufacturers (OEM's). Such
`a single page table, the operating system has one page
`OEM's could then assign their code privilege level 2,
`table entry to update when it moves the page. This
`leaving ring 3 for the end users. In this way, the OEM
`phase of address transformation implements the basic
`software is protected from the end users; the operating
`features needed for page-oriented virtual memory sys- 60 system is protected from both the OEM and the end
`users; and, the operating system kernel is protected
`terns and page-level protection. FIG. 6 illustrates how
`the 80386 paging mechanism can manage memory for
`from all other software, including that part of the oper-
`multiple virtual-8086 mode machine simulations con-
`ating system that is subject to frequent change.
`currently with protected mode applications, which is
`Therefore, protected mode is so named because seg-
`explained more fully below.
`65 ments belonging to one task are protected from being
`Therefore, the segmentation unit of the 80386 trans-
`corrupted by another task. Tasks are organized in privi-
`lates a logical address as seen by the programmer to a
`lege levels, and certain machine-code instructions are
`linear address. If paging is not enabled, the processor
`prohibited to lower privilege levels: In a well-designed
`
`Page 21 of 42
`
`

`
`5,303,378
`
`5
`protected-mode operating system, a single program or
`task cannot compromise the system's integrity.
`On the 80286 and 80386 microprocessors, the basic
`unit of a multitasking system is the task. A task can be
`defined as either a single program or a group of related 5
`programs operating in the computer system. The 80286
`and 80386 microprocessors include a special segment
`referred to as a task state segment, or TSS, assigned to
`each task. The TSS contains important information
`about a task. The 80286 and 80386 processors use the 10
`TSS to store a task's vital information when the task is
`not running. The processor retrieves the information
`necessary to restart the task from the TSS when the
`task's turn comes again. Therefore, the TSS supports
`task suspension and resumption by holding a complete 15
`image of the register state of the task while the task is
`inactive. When a task is suspended, the current proces(cid:173)
`sor register values are written into fields in the TSS.
`When a task is resumed, the registers are loaded from
`the values saved in the TSS to reestablish the state of 20
`the task. This allows the task to resume execution as if
`it were never suspended.
`In addition to the register save area discussed above,
`the TSS includes a back link field which is used by the
`processor to keep track of a task chain for task switch- 25
`ing or multitasking purposes. A task switch occurs
`when a task executes a CALL instruction that refer(cid:173)
`ences another task or if an interrupt occurs which speci(cid:173)
`fies handling with a task switch. The back link field is
`used with the nested task (NT) bit in the 80386's 30
`EFLAGS register to link the TSS's for tasks suspended
`by CALL instructions or interrupts.
`Each of the privilege levels or rings discussed above
`includes a separate stack which programs use when
`they are operating at that privilege level. Each protec- 35
`tion level includes it own stack to avoid protection
`problems which might occur in a shared stack. The TSS
`for each task includes an inner-level stack pointer
`SS:ESP for each of the inner levels 0, 1, and 2 which are
`used to initialize the respective inner level stack when a 40
`privilege level change or ring transition to an inner level
`occurs. The SS:ESP values which point to the begin(cid:173)
`ning of the respective inner level stack are taken from
`the TSS and loaded into the SS and ESP register to
`begin operation at the proper location in the inner level 45
`stack. Therefore, unless a respective inner-level stack
`pointer is modified, inner-level transitions initialize the
`inner stack to the same point, always starting with a
`"fresh" stack on each inner transition.
`A task's privilege level determines what instructions 50
`it may execute and what subset of the segments and/or
`pages in its address space it may reference. At any in(cid:173)
`stant, a task's privilege is equal to the privilege level of
`the code segment it is executing. In each segment de(cid:173)
`scriptor is a field that defines the privilege level of the 55
`associated segment. The field may take one of four
`values. The processor checks for consistency between a
`task's privilege level and the privilege level of the seg(cid:173)
`ment or page that is the target of an instruction. Any
`attempt by a task to use a more privileged segment or 60
`page makes the processor stop execution of the instruc(cid:173)
`tion and raise a general protection (GP) exception.
`In addition to defining which segments and pages it
`can use, a task's privilege level defines the instructions it
`can execute. The 80386 has a number of instructions 65
`whose execution must be tightly controlled to prevent
`serious system disruption. These instructions are re(cid:173)
`ferred to as privileged instructions, and they are al-
`
`6
`lowed only if the program which includes the instruc(cid:173)
`tions is running at privilege level or ring 0. All of the
`instructions that load new values into the system regis(cid:173)
`ters are examples of privileged instructions. Other ex(cid:173)
`amples of privileged instructions are instructions that
`modify the interrupt flag, alter the segmentation, or
`affect the protection mechanism.
`The descriptors in a task's Local Descriptor Table
`(LOT) and Global Descriptor Table (GOT) define the
`task's logical address space. The segments defined in
`these tables are theoretically addressable, because the
`descriptor tables provide the information necessary to
`compute a segment's address. However, an addressable
`segment may not be accessible to a particular operation
`because of the additional protection checks made by the
`protection mechanism in the 80386. The 80386