调用门、中断门、陷阱门的区别? [英] The difference between Call Gate, Interrupt Gate, Trap Gate?
问题描述
我正在学习英特尔保护模式.我发现调用门、中断门、陷阱门几乎是一样的.事实上,除了 Call Gate 有参数 counter 的字段,而且这 3 个门的 type 字段不同之外,它们在所有其他字段上都是相同的.
I am studying Intel Protected Mode. I found that Call Gate, Interrupt Gate, Trap Gate are almost the same. In fact, besides that Call Gate has the fields for parameter counter, and that these 3 gates have different type fields, they are identical in all other fields.
就其功能而言,它们都是用来将代码控制转移到某个代码段内的某个过程中.
As to their functions, they are all used to transfer code control into some procedure within some code segment.
我想知道,因为这 3 个门都包含跨权限边界调用所需的信息.为什么我们需要 3 种?1 还不够好吗?
I am wondering, since these 3 gates all contain the information needed for the call across privilege boundaries. Why do we need 3 kinds of them? Isn't 1 just good enough?
感谢您的时间和回复.
一个相关问题:何时使用中断门或陷阱门?
今天我想到了这个想法:
Today I came up with this thought:
不同的目的,不同的门,并以不同的 CPU 行为细节进行.比如IF标志处理.
Different purpose, different gates, and with different CPU behavior details carried out. Such as IF flag handling.
推荐答案
门(调用、中断、任务或陷阱)用于跨段转移执行控制.根据目的地类型和使用的指令,权限级别检查会有所不同.
A gate (call, interrupt, task or trap) is used to transfer control of execution across segments. Privilege level checking is done differently depending on the type of destination and instruction used.
调用门使用 CALL 和 JMP 指令.呼叫门将控制权从较低特权代码转移到较高特权代码.门 DPL 用于确定哪些特权级别可以访问门.调用门正在(或可能已经)逐渐放弃,取而代之的是更快的 SYSENTER/SYSEXIT 机制.
A call gate uses the CALL and JMP instructions. Call gates transfer control from lower privilege code to higher privilege code. The gate DPL is used to determine what privilege levels have access to the gate. Call gates are (or have been, probably) gradually abandoned in favour of the SYSENTER/SYSEXIT mechanism, which is faster.
任务门用于硬件多任务支持.硬件任务切换可以自愿发生(CALL/JMP 到任务门描述符),也可以在 NT 标志设置时通过中断或 IRET 发生.它与中断或陷阱门的工作方式相同.据我所知,没有使用任务门,因为内核通常需要在任务切换时完成额外的工作.
Task gates are used for hardware multitasking support. A hardware task switch can occur voluntarily (CALL/JMP to a task gate descriptor), or through an interrupt or an IRET when the NT flag is set. It works the same way with interrupt or trap gates. Task gates are not used, to the best of my knowledge, as kernels usually want extra work done when task switching.
中断&陷阱门与任务门一起被称为中断描述符表.它们的工作方式与调用门相同,只是将参数从一个特权堆栈传输到另一个特权堆栈.一个区别是中断门清除 EFLAGS 中的 IF 位,而陷阱门不会.这使它们成为服务硬件中断的理想选择.陷阱广泛用于硬件辅助虚拟化.
Interrupt & trap gates, together with task gates, are known as the Interrupt Descriptor Table. They work the same as call gates, except the transfer of parameters, from one privilege stack to another. One difference is that interrupt gates clear the IF bit in EFLAGS, while trap gates do not. This makes them ideal for serving hardware interrupts. Traps are widely used in hardware-assisted virtualization.
有关详细信息,请参阅有关您感兴趣的处理器的英特尔架构手册.
For more information, see the Intel Architecture Manuals on the processors that interest you.
回答评论:
区分中断和陷阱的原因有很多.一是范围的不同:中断门指向内核空间(毕竟,管理硬件的是内核),而陷阱是在用户空间中调用的.响应硬件事件调用中断处理程序,响应 CPU 指令执行陷阱.
There are many reasons to distinguish interrupts from traps. One is the difference in scope: interrupt gates point to kernel space (after all, it's the kernel who manages the hardware) while traps are called in userspace. Interrupt handlers are called in response to hardware events, while traps are executed in response to an CPU instruction.
举一个简单(但不切实际)的例子来更好地理解为什么中断和陷阱门对待 EFLAGS 的方式不同,考虑一下如果我们在单处理器系统上为硬件事件编写中断处理程序并且我们无法清除 IF 会发生什么在我们上菜的时候有点.当我们忙于为第一个中断提供服务时,可能会出现第二个中断.然后我们的中断处理程序将在 IH 执行期间的某个随机点被处理器调用.这可能会导致数据损坏、死锁或其他不良魔法.实际上,中断禁用是确保将一系列内核语句视为临界区的机制之一.
For a simple (but impractical) example to better understand why interrupt and trap gates treat EFLAGS differently, consider what would happen in case we were writing an interrupt handler for hardware events on a uniprocessor system and we couldn't clear the IF bit while we were serving one. It would be possible for a second interrupt to arrive while we were busy serving the first. Then our interrupt handler would be called by the processor at some random point during our IH execution. This could lead to data corruption, deadlocking, or other bad magic. Practically, interrupt disabling is one of the mechanisms to ensure that a series of kernel statements is treated like a critical section.
不过,上面的示例假设了可屏蔽中断.无论如何,您都不想忽略 NMI.
The above example is assuming maskable interrupts, though. You wouldn't want to ignore NMIs, anyway.
今天也基本无关紧要.如今,快速和慢速中断处理程序之间几乎没有区别(搜索对于快速和慢速处理程序"),中断处理程序可以嵌套方式执行,SMP 处理器强制将本地中断禁用与自旋锁结合起来,等等.
It's largely irrelevant today, too. Today there's practically no distinction between fast and slow interrupt handlers (search for "Fast and Slow Handlers"), interrupt handlers can execute in nested fashion, SMP processors make it mandatory to couple local interrupt disabling with spin locks, and so forth.
现在,陷阱门确实用于服务软件中断、异常等.处理器中的页面错误或除以零异常可能是通过陷阱门处理的.使用陷阱门控制程序执行的最简单示例是 INT 3 指令,它用于在调试器中实现断点.在进行虚拟化时,虚拟机管理程序在环 0 中运行,而客户内核通常在环 1 中运行 - 特权代码会因一般异常错误而失败.Witchel 和 Rosenblum 开发了 二进制翻译,基本上是重写指令来模拟它们的效果.发现关键指令并用陷阱代替.然后当陷阱执行时,控制权交给 VMM/管理程序,它负责模拟环 0 中的关键指令.
Now, trap gates are indeed used to service software interrupts, exceptions, etc. A page fault or division by zero exception in your processor is probably handled through a trap gate. The simplest example of using trap gates to control program execution is the INT 3 instruction, which is used to implement breakpoints in debuggers. When doing virtualization, what happens is that the hypervisor runs in ring 0, and the guest kernel usually in ring 1 - where privileged code would fail with general exception fault. Witchel and Rosenblum developed binary translation, which is basically rewriting instructions to simulate their effects. Critical instructions are discovered and replaced with traps. Then when the trap executes, control is yielded to the VMM/hypervisor, which is responsible for emulating the critical instructions in ring 0.
借助硬件辅助虚拟化,陷阱和模拟技术的使用受到了一定的限制(因为它相当昂贵,尤其是当它是动态的时),但二进制转换的实践是 仍在广泛使用.
With hardware-assisted virtualization, the trap-and-emulate technique has been somewhat limited in its use (since it's quite expensive, especially when it's dynamic) but the practice of binary translation is still widely used.
有关更多信息,我建议您查看:
For more information, I'd suggest you check out:
- Linux Device Drivers, Third Edition (available online)
- For binary translation, QEMU is an excellent start.
- Regarding trap-and-emulate, check out a comparison between software/hardware techniques.
希望这会有所帮助!
这篇关于调用门、中断门、陷阱门的区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
