iAPX 286 Operating System Writers Guide 1983

More documents

Recommendations

Info

EXTENDED PROTECTIONIndirect NamingThe most general approach to naming avoids giving to less privileged procedures any direct links tothe named objects. Instead, names are indexes (or perhaps pointers) into a name table, which is administeredby the operating system at a highly privileged level. Each entry in the name table holds thetype extension code of the object, the selector of the segment in which the object resides, and any otherinformation needed to ensure appropriate use of the object. This approach not only offers the greatestpotential for protection, but also makes it possible to change the naming scheme without affectingprocedures that use the names and provides a consistent way of naming both those objects that residein dedicated segments and those that are packed into a segment with other objects.PARAMETER VALIDATIONThere is one type of privilege violation that the iAPX 286 cannot automatically check for. Consider,for example, procedure A at PL 3 that passes a pointer parameter via the stack to procedure B atPL 1. Procedure A could (accidently or purposely) pass a pointer that refers to a data structure atPL 2. Doing so would violate the intent of the protection features of the iAPX 286 because procedureA does not have sufficient privilege to operate on the data structure. However, the processor does notdetect the violation because procedure B, which actually addresses the data structure, does have sufficientprivilege to do so.The iAPX 286 provides the RPL field in the selector as well as the instructions shown in table 13-1 tohelp software guard against such protection violations.In addition to type checking as mentioned previously, an operating system can provide two levels ofparameter validation:1. Defensive use of ARPL instruction2. Point-of-entry scrutinyDefensive Use of ARPLSimply by applying the ARPL instruction to every pointer parameter it receives, an operating systemprocedure guards against complicity in accessing a segment that the calling procedure has no right toaccess. ARPL has two selector operands, for example:A R P L seLa , seLbTable 13-1. Access Checking InstructionsASM286MnemonicPL/M-286 Built·lnFunctionDescriptionARPL ADJUST$RPL Adjust requested privilege levelVERR SEGMENT$READABLE Verify segment for readingVERW SEGMENT$WRITABLE Verify segment for writingLAR GET$ACCESS$RIGHTS Load access rightsLSL GET$SEGMENT$LlMIT Load segment limit13-2 121960-001
EXTENDED PROTECTIONARPL adjusts the RPL field of seLa to the greater of its current value and the value of the RPL fieldin seLb.The CPL of the calling procedure is stored in the RPL field of the return pointer on the stack, as figure13-1 illustrates. Assuming the parameter is also on the stack, statements of the formMOVARPLAX, STACK_FRAME.RETURN_SELSTACK_FRAME.PARAM_SEL, AXcan be used to ensure that the RPL field of the parameter is not less that the calling procedure's CPL.When the called procedure uses the parameter, the processor evaluates its right to use the parameteras if it had the privilege level of the calling procedure. If the calling procedure passes a parameter thatit has no right to use, an exception will occur when the called procedure uses the parameter.Every operating system procedure should apply the ARPL instruction to every pointer or selectorparameter it receives, even if the calling procedure is another operating-system procedure. This providesinexpensive protection against accidental use of invalid parameters.Point-of-Entry ScrutinyWhile use of ARPL alone is sufficient to detect such invalid parameters, it has one drawback: it doesnot help to isolate the source of the invalid parameter. An exception will eventually occur when somehigher-level procedure uses the parameter, but this may not happen until several instructions after theprocedure was called, and may not happen until after the called procedure passes the parameter to yet...------STACKHIGHDIRECTIONOF GROWTHIPROCEDURE'SINTERRUPTEDPROCEDURE'S SSINTERRUPTEDSPFLAGSRETURN CSRETURN IPSP_~I..-LOW121960-32Figure 13-1. Caller's CPL13-3 121960-001
Page 2 and 3:
LITERATUREIn addition to the produc
Page 4 and 5:
Intel Corporation makes no warranty
Page 6 and 7:
PREFACEExternal LiteratureMany aspe
Page 8:
Table of ContentsCHAPTER 1PageINTRO
Page 11 and 12:
TABLE OF CONTENTSCHAPTER 9PageVIRTU
Page 13 and 14:
TABLE OF CONTENTSLIST OF FIGURESFig
Page 15:
Introduction to Protected 1Multitas
Page 18 and 19:
INTRODUCTION TO PROTECTED MULTITASK
Page 20 and 21:
inter INTRODUCTION TO PROTECTED MUL
Page 22 and 23:
111'eI INTRODUCTION TO PROTECTED MU
Page 24 and 25:
Page 26 and 27:
Page 29:
Using Hardware2Protection Features
Page 32 and 33:
USING HARDWARE PROTECTION,FEATURESs
Page 34 and 35:
interUSING HARDWARE PROTECTION FEAT
Page 36 and 37:
USING HARDWARE PROTECTION FEATURES(
Page 38 and 39:
USING HARDWARE PROTECTION FEATURES
Page 40 and 41:
USING HARDWARE PROTECTION FEATUREST
Page 42 and 43:
USING HARDWARE PROTECTION FEATURESo
Page 44 and 45:
USING HARDWARE PROTECTION FEATURESL
Page 46 and 47:
USING HARDWARE PROTECTION FEATUREST
Page 48 and 49:
USING HARDWARE PROTECTION FEATURESE
Page 50 and 51:
inl:el~USING HARDWARE PROTECTION FE
Page 52 and 53:
IntelUSING HARDWARE PROTECTION FEAT
Page 54 and 55:
IntelU~ING HARDWARE PROTECTION FEAT
Page 56 and 57:
lSLDTFORMATRt;;SERV~~"O~iA~~.~ijij
Page 59 and 60:
CHAPTER 3REAL MEMORY MANAGEMENTIn d
Page 61 and 62:
REAL MEMORY MANAGEMENTIALLOCATEGATE
Page 63 and 64:
interREAL MEMORY MANAGEMENTBEFOREAF
Page 65 and 66:
REAL MEMORY MANAGEMENTGLOBAL DESCRI
Page 67 and 68:
REAL MEMORY MANAGEMENTTable 3-1. Ac
Page 69 and 70:
REAL MEMORY MANAGEMENTBEFOREI "FREE
Page 71 and 72:
REAL MEMORY MANAGEMENTBEFOREI "FREE
Page 73 and 74:
REAL MEMORY MANAGEMENTPL/M-286 COMP
Page 75 and 76:
Page 77 and 78:
Page 79:
Page 82 and 83:
IIIIIIIIIIIIIIIIIIIIII
Page 84 and 85:
II I telTASK MANAGEMENTCPUTASK REGI
Page 86 and 87:
TASK MANAGEMENTIf the proc~sser, wh
Page 88 and 89:
TASK MANAGEMENTUsually, termination
Page 90 and 91:
TASK MANAGEMENTTASK XTSS TSS TSS TS
Page 92 and 93:
TASK MANAGEMENTSCHEDULING POLICIEST
Page 94 and 95:
TASK MANAGEMENTThe example in figur
Page 96 and 97:
TASK MANAGEMENTREADY QUEUESBY PRIOR
Page 98 and 99:
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
Page 101 and 102:
CHAPTER 5DATA SHARING, ALIASING, AN
Page 103 and 104:
DATA SHARING, ALIASING, AND SYNCHRO
Page 105 and 106:
interDATA SHARING, ALIASING, AND SV
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117:
Page 121 and 122:
CHAPTER 6SIGNALS AND INTERRUPTSInte
Page 123 and 124:
interSIGNALS AND INTERRUPTSlOTGOTTS
Page 125 and 126:
SIGNALS AND INTERRUPTSTable 6-1. In
Page 127 and 128:
SIGNALS AND INTERRUPTSSend interrup
Page 129 and 130:
SIGNALS AND INTERRUPTSprocedure suc
Page 131:
Handling Exception Conditions 7
Page 134 and 135:
HANDLING EXCEPTION CONDITIONSError
Page 136 and 137:
HANDLING EXCEPTION CONDITIONSAn exc
Page 138 and 139:
HANDLING EXCEPTION CONDITIONSA few
Page 140 and 141:
HANDLING EXCEPTION CONDITIONSAn ins
Page 143 and 144:
CHAPTER 8INPUT /OUTPUTMany of the c
Page 145 and 146:
INPUT /OUTPUTYou can still take adv
Page 147 and 148:
INPUT /OUTPUT• Only the operating
Page 149:
INPUT /OUTPUTtask the I/0 procedure
Page 153 and 154:
CHAPTER 9VIRTUAL MEMORYThe memory l
Page 155 and 156:
VIRTUAL MEMORYthose segments that a
Page 157 and 158:
VIRTUAL MEMORY• Return the RAM sp
Page 159 and 160:
VIRTUAL MEMORYReplacementThe operat
Page 161 and 162:
System Initialization10
Page 163 and 164:
CHAPTER 10SYSTEM INITIALIZATIONThe
Page 165 and 166:
SYSTEM INITIALIZATIONStarting the f
Page 167 and 168:
iAPX286 "ACRO ASSEMBLERLOCOBJEnter
Page 169 and 170: iAPX286 MACRO ASSEMBLEtEnter Protec
Page 171 and 172: iAPX286 MACRO ASSEMBLER·· Enter ~
Page 173 and 174: iAPX286 'UCRO USE148LER Ente,. P,.o
Page 175 and 176: iAPX286 MACRO ASSEMBLEREnt9~ P~otec
Page 177: iAPX286 MACRO ASSEMBLE~ INITIAL TAS
Page 181 and 182: CHAPTER 11BINDING AND LOADINGBindin
Page 183 and 184: BINDING AND LOADINGNamingThe names
Page 185 and 186: BINDING AND LOADING$ COMPACT (NUCLE
Page 187 and 188: interBINDING AND LOADINGsystem-IDiA
Page 189 and 190: BIND.ING AND LOADINGConverting a Pr
Page 191 and 192: BINDING AND LOADINGThe OMF of each
Page 193 and 194: interBINDING AND LOADINGsystem-IDiA
Page 195 and 196: BINDING AND LOADINGPL/M-2B6 COMPILE
Page 197 and 198: BINDING AND LOADI.NGPL/M-286 COMPIL
Page 199 and 200: BINDING AND LOADINGPL/M-286 COMPILE
Page 201 and 202: BINDING AND LOADINGPL/M-2B6 COMPILE
Page 203 and 204: BINDING AND LOAD.INGPL/M-286 COMPIL
Page 205 and 206: interBINDING AND LOADINGPL/M-286 CO
Page 207 and 208: BINDING AND LOADINGPL/M-286 COMPILE
Page 209: Numerics Processor Extension 12
Page 212 and 213: NUMERICS PROCESSOR EXTENSIONMath Pr
Page 214 and 215: interNUMERICS PROCESSOR EXTENSION
Page 217: Extended Protection13
Page 222 and 223: EXTENDED PROTECTIONanother procedur
Page 225: Glossary
Page 228 and 229: GLOSSARYbootloadable module: a modu
Page 230 and 231: GLOSSARYexception: a processor-dete
Page 232 and 233: GLOSSARYintersegment reference: a r
Page 234 and 235: GLOSSARYoutward call: the attempt t
Page 236 and 237: GLOSSARYscheduling state: one of se
Page 238 and 239: GLOSSARYvirtual address: an address
Page 240 and 241: INDEXES register, 2-17, 2-18, 2-21,
Page 242 and 243: INDEXpresent bit, 2-2, 2-3, 2-9, 5-
Page 245 and 246: interu.s. SALES OFFICESALAIWIA IlEQ
Page 247 and 248: interu.s. DISTRIBUTORSNEW YORK (C"n
Page 249 and 250: intJINTEL INTERNATIONAL SALES OFFIC
show all

iAPX 286 Operating System Writers Guide 1983

Create successful ePaper yourself

Delete template?

Save as template?