7.1 Task State Segment 任务状态段
All the information the processor needs in order to manage a task is stored in a special type of segment, a task state segment (TSS). Figure 7-1 shows the format of a TSS for executing 80386 tasks. (Another format is used for executing 80286 tasks; refer to Chapter 13.)
处理器为了管理任务而需要知道的信息都存储在一个特定类型的段中,任务状态段(TSS)。图7-1展示了执行80386任务的TSS的格式。(另外执行80286任务的格式,参见第13章。)
The fields of a TSS belong to two classes:
TSS的各段分成两类:
- A dynamic set that the processor updates with each switch from the task. This set includes the fields that store:
当每次任务切换时由处理器更新的动态设置。这些设置包括保存的字段:
- The general registers (EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI). 通用寄存器(EAX、ECX、EDX、EBX、ESP、EBP、ESI、EDI)。
- The segment registers (ES, CS, SS, DS, FS, GS). 段寄存器(ES、CS、SS、DS、FS、GS)
- The flags register (EFLAGS). 标志寄存器()
- The instruction pointer (EIP).指令指针寄存器(EIP)
- The selector of the TSS of the previously executing task (updated only when a return is expected).当前执行任务的TSS选择子(当返回时更新)
- A static set that the processor reads but does not change. This set includes the fields that store:
处理器读取但不修改的静态设置。这些设置包括以下保存的字段:
- The selector of the task's LDT. 任务的LDT选择子
- The register (PDBR) that contains the base address of the task's page directory (read only when paging is enabled).
包含任务页目录基址的寄存器(PDBR)(当分页被启用时只读)。
- Pointers to the stacks for privilege levels 0-2.
为特权0-2级准备的栈指针。
- The T-bit (debug trap bit) which causes the processor to raise a debug exception when a task switch occurs . (Refer to Chapter 12 for more information on debugging.)
当任务切换发生时导致处理器引发调试异常的T位(调试陷阱位)。(参见第12章关于调试的更多信息。)
- The I/O map base (refer to Chapter 8 for more information on the use of the I/O map).
I/O映射基址(参见第8章如日你哥使用I/O映射的更多信息)。
Task state segments may reside anywhere in the linear space. The only case that requires caution is when the TSS spans a page boundary and the higher-addressed page is not present. In this case, the processor raises an exception if it encounters the not-present page while reading the TSS during a task switch. Such an exception can be avoided by either of two strategies:
任务状态段可以保存在线性地址空间的任何位置。唯一需要注意的是,当TSS跨越一个页时,以及高位地址页不可存在时。在这种情况下,在切换任务期间,读取TSS时,遇到页不存在时,处理器会触发异常。这样的异常可以使用以下策略避免:
- By allocating the TSS so that it does not cross a page boundary.
通过给TSS分配空间,以便不会交叉页边界。
- By ensuring that both pages are either both present or both not-present at the time of a task switch. If both pages are not-present, then the page-fault handler must make both pages present before restarting the instruction that caused the task switch.
确保在任务切换时所有页要么都存在,要么都不存在。如果两个页都不存在,那么在页错误处理例程必须使两个页在重新执行导致任务切换的指令之前都存在。
7.2 TSS Descriptor TSS描述符
The task state segment, like all other segments, is defined by a descriptor. Figure 7-2 shows the format of a TSS descriptor.
任务状态段,象所有其他段一样,通过描述符定义。图7-2所示的是TSS描述符格式。
The B-bit in the type field indicates whether the task is busy. A type code of 9 indicates a non-busy task; a type code of 11 indicates a busy task. Tasks are not reentrant. The B-bit allows the processor to detect an attempt to switch to a task that is already busy.
类型字段中是B位(位9)表明任务是否忙。类型代码9(B位为0)表示一个不忙的任务;代码11(B位为1)表示任务忙。任务不是可重入的。B位允许处理器来侦测试图来切换一个对已处于忙状态的任务。
The BASE, LIMIT, and DPL fields and the G-bit and P-bit have functions similar to their counterparts in data-segment descriptors. The LIMIT field, however, must have a value equal to or greater than 103. An attempt to switch to a task whose TSS descriptor has a limit less that 103 causes an exception. A larger limit is permissible, and a larger limit is required if an I/O permission map is present. A larger limit may also be convenient for systems software if additional data is stored in the same segment as the TSS.
BASE、LIMIT、DPL、G位和P位和他们在数据段描述符中有相似的功能。然而,LIMIT其值必须等于或大于103。试图切换一个TSS描述的限长小于103的任务会引发异常。较大的限长是允许的,如果I/O允许映射存在,就需要一个大的限长。大的限长也方便系统软件保存额外数据在TSS所在段。
A procedure that has access to a TSS descriptor can cause a task switch. In most systems the DPL fields of TSS descriptors should be set to zero, so that only trusted software has the right to perform task switching.
程序访问TSS描述符会引起任务切换。在大部分系统中,TSS描述符的DPL段应当被设置为0,这样仅信任的软件有权执行任务切换。
Having access to a TSS-descriptor does not give a procedure the right to read or modify a TSS. Reading and modification can be accomplished only with another descriptor that redefines the TSS as a data segment. An attempt to load a TSS descriptor into any of the segment registers (CS, SS, DS, ES, FS, GS) causes an exception.
访问TSS描述符不会给一个程序权力去读取或修改一个TSS。仅能通过另一个描述符将TSS重新定义成一个数据段来达到读取和修改的目的。一个将TSS描述符装入任何段寄存器(CS、SS、DS、Es、FS、GS)的企图都会引发异常。
TSS descriptors may reside only in the GDT. An attempt to identify a TSS with a selector that has TI=1 (indicating the current LDT) results in an exception.
TSS描述符只能保存在GDT中。企图用TI位为1(TI = 1, 表明当前描述符在LDT中)的选择子来标识TSS会引发异常。
7.3 Task Register 任务寄存器
The task register (TR) identifies the currently executing task by pointing to the TSS. Figure 7-3 shows the path by which the processor accesses the current TSS.
任务寄存器(TR)通过指向TSS来标识当前运行的任务。图7-3展示处理器访问当前TSS的路径。
The task register has both a "visible" portion (i.e., can be read and changed by instructions) and an "invisible" portion (maintained by the processor to correspond to the visible portion; cannot be read by any instruction). The selector in the visible portion selects a TSS descriptor in the GDT. The processor uses the invisible portion to cache the base and limit values from the TSS descriptor. Holding the base and limit in a register makes execution of the task more efficient, because the processor does not need to repeatedly fetch these values from memory when it references the TSS of the current task.
任务寄存器有两个可见部(可以被指令读取和修改)和一个不可见部分(处理器保存不可见部分;不能被指令读取和修改)。可见部分的选择子选择GDT中的TSS描述符。处理器使用不可见部分缓存TSS描述符中的基址和限长值。在寄存器中持有基址和限长使执行任务更高效,因为当处理器引用 当前任务的TSS时不需要重复地从内存中取得这些值。
The instructions LTR and STR are used to modify and read the visible portion of the task register. Both instructions take one operand, a 16-bit selector located in memory or in a general register.
指令LTR和STR用来修改的读取任务寄存器的可见部分。这两个指令都使用一个操作数,即放有16位选择子的内存或通用寄存器。
LTR (Load task register) loads the visible portion of the task register with the selector operand, which must select a TSS descriptor in the GDT. LTR also loads the invisible portion with information from the TSS descriptor selected by the operand. LTR is a privileged instruction; it may be executed only when CPL is zero. LTR is generally used during system initialization to give an initial value to the task register; thereafter, the contents of TR are changed by task switch operations.
LTR(装入任务寄存器)将选择子操作数装入任务寄存器的可见部分,选择子必须 选择一个在GDT中的TSS描述符。LTR也从操作数据提供的TSS描述符中取出信息装入不可见部分。LTR是特权指令;它只能在CPL为0时被执行。LTR一般在系统初始化时使用,用来为任务寄存器给定一个初始化值;因此,TR寄存器的内容在任务切换时被修改。
STR (Store task register) stores the visible portion of the task register in a general register or memory word. STR is not privileged.
STR(保存任务寄存器)保存任务寄存器的可见部分到通用寄存器或内存字中。STR不是特权指令。
7.4 Task Gate Descriptor 任务门描述符
A task gate descriptor provides an indirect, protected reference to a TSS. Figure 7-4 illustrates the format of a task gate.
任务门描述符提供一个对TSS的非直接的、保护的引用。图7-4解释了任务门的格式。
The SELECTOR field of a task gate must refer to a TSS descriptor. The value of the RPL in this selector is not used by the processor.
任务门的选择子部分必须引用一个TSS描述符。处理器不使用选择子中的RPL值。
The DPL field of a task gate controls the right to use the descriptor to cause a task switch. A procedure may not select a task gate descriptor unless the maximum of the selector's RPL and the CPL of the procedure is numerically less than or equal to the DPL of the descriptor. This constraint prevents untrusted procedures from causing a task switch. (Note that when a task gate is used, the DPL of the target TSS descriptor is not used for privilege checking.)
任务门的DPL段控制着用描述符来引发任务切换的权限。程序不能选择一个任务门描述符,除非,选择子的RPL和程序的CPL之间的最大者在数值上小于或等于描述符的DPL。这个约束阻止不被信任的程序引起任务切换。(注意,当使用一个任务门时,目的TSS描述符的DPL不用来进行特权检验。)
A procedure that has access to a task gate has the power to cause a task switch, just as a procedure that has access to a TSS descriptor. The 80386 has task gates in addition to TSS descriptors to satisfy three needs:
有权访问任务门的程序有能力引发任务切换,仅当任务访问TSS描述符时发生。除TSS描述符之外,80386的任务门还满足以下三个需求:
- The need for a task to have a single busy bit. Because the busy-bit is stored in the TSS descriptor, each task should have only one such descriptor. There may, however, be several task gates that select the single TSS descriptor.
对于一个任务有一个单独的忙位(busy bit)的需求。因为忙位保存在TSS描述符中,每个任务仅有一个这样的描述符。因此,几个任务门可以使用一个单独的TSS描述符。
- The need to provide selective access to tasks. Task gates fulfill this need, because they can reside in LDTs and can have a DPL that is different from the TSS descriptor's DPL. A procedure that does not have sufficient privilege to use the TSS descriptor in the GDT (which usually has a DPL of 0) can still switch to another task if it has access to a task gate for that task in its LDT. With task gates, systems software can limit the right to cause task switches to specific tasks.
提供对任务有选择的访问需求。任务门满足这个需求,因为他们能被保存在LDT中,可以有一个与TSS描述符不同的DPL。程序没有足够的特权来使用保存在GDT中的TSS描述符(通常它的DPL是0),但假如它有权访问保存在LDT中的任务门就可以切换到另一个任务,通过任务门,系统软件可以限制切换到特殊任务的权力。
- The need for an interrupt or exception to cause a task switch. Task gates may also reside in the IDT, making it possible for interrupts and exceptions to cause task switching. When interrupt or exception vectors to an IDT entry that contains a task gate, the 80386 switches to the indicated task. Thus, all tasks in the system can benefit from the protection afforded by isolation from interrupt tasks.
中断或异常可以引发任务切换的需求。任务门也能保存在IDT中,这样就使中断和异常引发任务切换变成了可能。当IDT项中指向中断或异常的向量包含一个任务门时,80386切换到指明的任务。这样,系统中的所有任务都能通过与中断任务隔离的保护中受益。
Figure 7-5 illustrates how both a task gate in an LDT and a task gate in the IDT can identify the same task.
图7-5解释了LDT中的一个任务门和IDT中的一个任务门如何指向相同任务。
