当 CPU 处于内核态时，它可以读写任何寄存器吗? [英] When the CPU is in kernel mode, can it read and write to any register?

问题描述

当CPU处于内核态时，是否可以读写任何寄存器，或者是否存在一些即使在内核态下也无法访问的寄存器?

When the CPU is in kernel mode, can it read and write to any register, or are there some registers that are inaccessible even in kernel mode?

推荐答案

在 x86 上，没有存储寄存器，因此所有寄存器在架构上同时可见.

On x86, there aren't banked registers so all the registers are architecturally visible at the same time.

是的，在内核模式(ring 0)下，x86 可以写入任何寄存器.(只要内核运行在64位模式，否则无法访问x/ymm8..16或zmm8..31，或r8..r15)

And yes, in kernel mode (ring 0) x86 can write any register. (As long as the kernel is running in 64-bit mode, otherwise it can't access x/ymm8..16 or zmm8..31, or r8..r15).

是的，从 64 位用户空间进入内核后切换到 32 位模式的内核是可能的；Solaris x86-64 显然是这样做的，MacOS X 曾经这样做，以便与 32 位内核驱动程序兼容.在内存小于 4GB 和缓存较小的机器上，在内核中使用较小的指针有一些好处，但缺点可能没有那么大.

And yes, a kernel that switches to 32-bit mode after entering the kernel from 64-bit userspace is possible; Solaris x86-64 apparently did this, and MacOS X used to do this for compatibility with 32-bit kernel drivers. On machines with less than 4GB of RAM and smaller caches, using smaller pointers in the kernel has some benefits and the downsides maybe aren't as huge.

wrmsr(写入特定于模型的寄存器)需要内核模式.rdmsr 读取 MSR 也是如此.因此，与用户空间可以自由使用的整数和向量寄存器(rax..rsi/r8..r15 和 xmm0..15)不同，有只有内核可以修改的寄存器.

wrmsr (Write Model-Specific Register) requires kernel mode. So does rdmsr to read MSRs. So unlike the integer and vector regs (rax..rsi/r8..r15 and xmm0..15), which user-space can freely use, there are registers that only the kernel can modify.

可能有一些特定于模型的 regs 只能在系统管理模式下访问.(有时称为 ring -1)我不知道，我对 SMM 的了解不多.和/或与 SGX 相关的寄存器(用于飞地")，我还没有研究过.

There might possibly be some model-specific regs that are only accessible in system-management mode. (sometimes called ring -1) I don't know, I haven't read much about SMM. And/or registers associated with SGX (used for "enclaves), which again I haven't looked into.

可能还有一些只读 MSR，您永远无法用 wrmsr 编写.IDK，如果这就是您的意思，或者如果您只计算通常被认为是在上下文切换时保存/恢复的架构状态的一部分的寄存器，例如通用整数寄存器.所有这些 regs 都可以在任何模式下写入，甚至是段 regs.

There might also be some read-only MSRs that you can never write with wrmsr. IDK if that's what you mean, or if you're only counting registers that are normally considered part of the architectural state that's saved/restored on context switches, like the general-purpose integer registers. All of those regs are writeable in any mode, even segment regs.

内部段基址/限制寄存器不是直接可读的，但在 64 位长模式下，它们固定为 base=0/limit=-1，除了 FS 和 GS.但是，这些基础可以通过 MSR_GS_BASE/MSR_FS_BASE 上的 rdmsr/wrmsr 访问.

The internal segment base/limit registers are not directly readable, but in 64-bit long mode they're fixed at base=0 / limit=-1 except for FS and GS. But those bases are accessible with rdmsr/wrmsr on MSR_GS_BASE / MSR_FS_BASE.

FSGSBASE ISA 扩展添加了 wrfsbase 等.这确实让您更直接地读/写 FS 和 GS 碱基，比 MSR 更有效.(无论哪种方式，内核都不必实际修改 GDT 或 LDT 条目并重新加载 fs 来更新线程本地存储的 fs 基础).Linux x86 64 中 MSR_GS_BASE 的详细信息

The FSGSBASE ISA extension added wrfsbase etc. which does let you more directly read/write the FS and GS bases, more efficiently than the MSR. (Either way, the kernel doesn't have to actually modify a GDT or LDT entry and reload fs to update the fs base for thread-local storage). Detail about MSR_GS_BASE in linux x86 64

但我不认为 cs/ds/es/ss base/limit 是通过 MSR 公开的，而那些与 32 位保护模式相关.(或用于切换回实模式以创建虚幻"模式.)

But I don't think the cs/ds/es/ss base/limit are exposed via MSRs, and those are relevant for 32-bit protected mode. (Or for switching back to real mode to create "unreal" mode.)

这篇关于当 CPU 处于内核态时，它可以读写任何寄存器吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！