定义全局描述符表有什么用? [英] What is the use of defining a Global Descriptor Table?
问题描述
我阅读了有关GDT(全局描述符表)的教程,该教程将GDT定义为定义了内存某些部分的基本访问特权的那个".这意味着GDT用于内存保护.
I read a tutorial on GDT (Global Descriptor Table) which defines GDT as " the one that defines base access privileges for certain parts of memory ". That means GDT is used for memory protection.
除上述以外,它还执行其他任何任务吗?
Does it perform any other tasks other than the above?
在操作系统中实施GDT是必须的吗?
Is it a must to implement a GDT in an Operating System?
简而言之,如果有人能够以一种易于理解的方式详细介绍GDT,那就更好了.
In short it would be better if anyone could elaborate on GDT in a way easy to understand.
谢谢
推荐答案
All the images have been taken from Intel Manual 3A, §5.1.
For further details the OP should read that manual, here I will expose just some concepts simplified for the sake of brevity and to avoid a link-only answer.
顾名思义, Global Descriptor Table 是由 descriptors 组成的数组,可用于指定和定义系统范围的资源(因此描述 ).
As the name suggests the Global Descriptor Table is an array of descriptors available to specify and define system wide resources (hence describe those resources).
资源经常是连续内存的区域,但是还有其他非常重要的资源.
More often than not the resource is an area of continuous memory but there are other kinds of very important resources too.
描述符的分类法是
Descriptors
Non system descriptors
Code segment descriptor
Data segment descriptor
Stack segment descriptor (Alias of the previous)
System descriptors
System segment descriptors
LDT segment descriptor
TSS segment descriptor
Gate descriptors
Call gate descriptor
Interrupt gate descriptor
Trap gate descriptor
Task gate descriptor
除了 GDT 之外,还有另一个表 Local Descriptor Table (本地描述符表),该表描述了OS仅可用于特定上下文的资源.
Other than the GDT there is another table, the Local Descriptor Table that describes resources made available by the OS to specific contexts only.
描述符由其表( GDT 或 LDT )及其在表中的位置, index 标识.
A descriptor is identified by its table (either GDT or LDT) and its position on the table, its index.
该索引被写入特定的寄存器,称为选择器寄存器(以前称为段寄存器).
每条隐式或显式访问内存的指令都使用选择器之一.
Such index is written into specific registers, called selector registers (previously known as segment registers).
Every instruction that accesses memory implicitly or explicitly uses one of the selectors.
xor eax, eax ;eax is zero
xor esp, esp ;esp is zero
xor ebx, ebx ;ebx is zero
mov ecx, DWORD [eax] ;Use DS selector (implicit)
mov ecx, DWORD [esp] ;Use SS selector (implicit)
mov ecx, DWORD [fs:ebx] ;Use FS selector (explicit)
所有这些指令均读取逻辑地址,但CPU使用描述符来计算一个称为线性地址的新地址并执行安全检查.
因此,这三个指令最终可能会读取完全不同的地址.
All these instructions read the logical address 0 but the CPU uses the descriptor to compute a new address, called linear address and perform security checks.
So those three instructions may end up reading totally different addresses.
每个选择器还指定执行操作时应使用的特权.
cs选择器很特殊,因为它不能再用mov更改(实际上已经有一段时间了),而只能用分支指令(jmp,ret,call,...)更改.
它的目的不仅是在获取代码时使用,而且还具有代码特权级别.
CPU使用此特权级别来检查是否可以访问资源(具有请求的特权),检查并不总是那么简单.
Each selector also specifies the privilege which should be used when carrying out an operation.
The cs selector is special because it cannot be longer changed (it has been a while actually) with a mov but only with a branch instruction (jmp, ret, call, ...).
Its purpose is not only to be used when fetching code, it also holds the code privilege level.
This privilege level is used by the CPU to check if a resource can be accessed (with the requested privilege), checks are not always trivial.
您将看到,每个描述符都有一个 DPL 字段来设置其特权级别.
因此,它们是保护的一种形式.
As you will see, every descriptor has a DPL field to set its privilege level.
So they are a form of protection.
非系统描述符用于定义用于存储代码或数据及其属性的内存区域.
Non system descriptors are used to define regions of memory intended to store code or data along with their attributes.
如您所见,这种描述符的目的是指定内存区域并为其添加一些属性.
特别是基地址,限制(大小),访问它所需的特权( DPL 字段,检查实际上比此要复杂得多),代码的大小(仅代码),如果允许读/写,等等.
As you can see, the purpose of this kind of descriptors is to designate an area of memory and attach some attributes to it.
In particular the base address, the limit (size), the privilege needed to access it (the DPL field, checks are actually more involved than this), the size of the code (code only), if read/write is allowed and so on.
长模式(64位)更改了属性的解释方式,请注意.
Long mode (64 bits) changed how the attributes are interpreted, beware of that.
操作系统使用系统描述符来控制用户模式程序.
System descriptors are used by the OS to control user mode programs.
这些描述符定义用于存储 LDT 的内存区域以及称为任务状态段的另一种结构(Intel为简化任务切换而提供的一种机制).
系统上可以有一个以上的结构,所选的结构由 ldtr (LDT寄存器)和 tsr (TS寄存器)指示.
These descriptors define the memory area used for storing the LDT and another structure called Task State Segment (a mechanism Intel provided for easing task switching).
There can be more than one of these structures on the system, the selected ones are indicated by the ldtr (LDT register) and tsr (TS register) registers.
这些用于将控制权转移到其他(或多或少有特权的)代码.
These are used to transfer control to other (more or less privileged) code.
呼叫门
如果看图片,您会发现呼叫门本质上是元描述符,它指定一个选择器和该描述符指定的区域的偏移量以及特权.
它用于将控制权传递给特权例程.
If you look at the picture you can see that a call gate is essentially a meta descriptor, it specifies a selector and an offset into the area designated by that descriptor along with privileges.
It is used to pass control to privileged routines.
call fs:0badbabeh
假设fs拥有门的索引,CPU根本不会使用立即地址 0badbabeh ,它将使用门本身的信息.
Assuming fs holds a gate's index, the CPU won't use the immediate address 0badbabeh at all, it will instead use the information on the gate itself.
中断和陷阱门
这些与中断一起使用,两者之间的区别在于前者清除了 if 标志,而后者则没有.
These are used with interrupts, the difference between the two is that the former clear the if flag, the latter doesn't.
它们与呼叫门非常相似.
They are very similar to call gates.
这些描述符实际上放置在另一个表中,通常是中断描述符表.
该其他表未使用选择器索引,但使用中断号索引.
如果我没记错的话,它们也可以放在 GDT / LDT 中,并像其他大门一样使用.
These descriptors are actually placed into another table, the Interrupt Descriptor Table usually.
This other table is not indexed with selectors but with interrupt numbers.
If I recall correctly they can also be placed in the GDT/LDT and used like other gates.
任务门可用于执行任务切换.
A Task gate can be used to perform a task switch.
任务门
这些类似于呼叫门,但是将控制权转移到新任务(任务切换).
These are like the call gates but transfer control to a new task (task switching).
某些资源不是简单的内存区域,它们可以是 gates
Some resources are not simple memory area, they can be gates
这篇关于定义全局描述符表有什么用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
