- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
这个问题的灵感来自 Reddit question in r/osdev除了这个问题集中在SS寄存器上。有人可能会说 RTFM(ISA 条目 MOV
),但当这个问题出现时,即使在操作系统开发人员中也可能得到不同的答案。
问题:在64位中使用MOV
指令将SS设置为0x0000是否会导致一般保护错误#GP(0)
模式?例如:如果我处于 64 位模式,当前权限级别 (CPL) 为 0,我是否应该看到包含以下代码片段的 #GP(0)
:
NULL_SEL_RPL0 EQU 0
mov eax, NULL_SEL_RPL0 ; EAX = 0x0000 = NULL Selector with
; Requested Privilege Level (RPL) 0.
mov ss, eax ; Try to set SS with NULL selector 0x0000
; Should this cause a #GP(0) fault?
英特尔 x86 指令集引用的内容 MOV
是:
Operation
DEST ← SRC;
Loading a segment register while in protected mode results in special checks and actions, as described in the
following listing. These checks are performed on the segment selector and the segment descriptor to which it
points.
IF SS is loaded
THEN
IF segment selector is NULL
THEN #GP(0); FI;
IF segment selector index is outside descriptor table limits
OR segment selector's RPL ≠ CPL
OR segment is not a writable data segment
OR DPL ≠ CPL
THEN #GP(selector); FI;
IF segment not marked present
THEN #SS(selector);
ELSE
SS ← segment selector;
SS ← segment descriptor; FI;
FI;
IF DS, ES, FS, or GS is loaded with non-NULL selector
THEN
IF segment selector index is outside descriptor table limits
OR segment is not a data or readable code segment
OR ((segment is a data or nonconforming code segment) AND ((RPL > DPL) or (CPL > DPL)))
THEN #GP(selector); FI;
IF segment not marked present
THEN #NP(selector);
ELSE
SegmentRegister ← segment selector;
SegmentRegister ← segment descriptor; FI;
FI;
IF DS, ES, FS, or GS is loaded with NULL selector
THEN
SegmentRegister ← segment selector;
SegmentRegister ← segment descriptor;
FI;
特别是这部分:
IF SS is loaded
THEN
IF segment selector is NULL
THEN #GP(0); FI;
我期望的行为:我正在使用 NULL 选择器 (0x0000) 加载 SS。我从这个文档中推测我应该得到一个#GP(0)
。在真实硬件、VirtualBox、QEMU 和 BOCHS 上,代码片段不会出现错误。
观察到的行为:没有发生错误,64 位代码继续按预期执行。
为什么我期望的行为与文档似乎建议的不同?
<小时/>将其设为 Minimal Complete Verifiable Example可以在模拟器/虚拟机和真实硬件上测试代码片段,我提供以下代码。出于测试目的,下面的测试代码被放置在引导加载程序的第 2 阶段。进入长模式并非易事。代码创建一个GDT; IDT 导致所有异常和 IRQ 出现三重故障;禁用 PIC 上的中断;刷新挂起的 IRQ;启用分页;身份映射内存的前 2MiB;直接从实模式进入64位模式。 64 位代码片段来自标签 longmode64
最底部的代码:
stage2.asm:
STAGE2_OFS EQU 0x7e00 ; Origin point (VMA) of stage2
; Offset form base of memory where stage2 starts
VIDEO_TEXT_ADDR EQU 0xb8000
; Hard code beginning of text video memory
ATTR_WHITE_ON_MAGENTA EQU 0x57 ; White on magenta attribute
EFLAGS_IF_BIT EQU 9 ; Interrupt Flag (IF) bit = 9
org STAGE2_OFS ; Set origin point (VMA) of stage2
bits 16
; Stage2 Entry point
; Upon entry these have all been set:
; Direction Flag (DF) = 0
; DS=ES=GS=FS=0x0000
; SS:SP = 0x0000:0x7c00
stage2:
mov si, nolm_err ; Default error message to long mode error
call check_longmode ; Is long mode available on this CPU?
jz .error ; If not print error and stop
mov si, noa20_err ; Default error message to A20 enable error
call a20_enable ; Enable A20 line
jz .error ; If the A20 line isn't enabled then print error and stop
mov edi, PAGING_BASE_ADDR ; DS:EDI set to 4KiB aligned memory address 0x0000:0x1000
jmp switch_longmode_64 ; Switch to 64-bit mode and
; and continue at label 'longmode64_entry'
.error:
call print_string ; Print error message
.end:
cli ; Disable interrupts
.endloop:
hlt ; Halt CPU
jmp .endloop ; Loop in case we get an NMI (non-maskable interrupt)
; Function: check_longmode
; Check if long mode is available on the CPU
;
; Inputs: None
; Clobbers: EAX, ECX
; Returns: Zero Flag (ZF) set if CPU support long mode
check_longmode:
call check_386
jz .nolongmode
; Check whether CPUID is supported or not. If we can successfully
; flip bit 21 in EFLAGS then CPUID is supported.
pushfd
pop eax ; Get current EFLAGS
mov ecx, eax ; ECX = copy of original EFLAGS
xor eax, 1<<21 ; Flip bit 21
push eax
popfd ; Set new EFLAGS
pushfd
pop eax ; ECX = updated EFLAGS
push ecx
popfd ; Restore original EFLAGS
xor eax, ecx ; Are any bits different between original and new EFLAGS
jz .nolongmode ; If they are then CPUID is supported
mov eax, 0x80000000 ; Get Highest Extended Function Implemented
cpuid
cmp eax, 0x80000001 ; Check support for at least Extended Function 0x80000001
jb .nolongmode ; If not, long mode not supported
mov eax, 0x80000001 ; Get Extended Processor Info and Feature Bits
cpuid
test edx, 1 << 29 ; Test if the LM bit is set
jz .nolongmode ; If not set then long mode isn't supported
ret ; Otherwise long mode is supported return with ZF = 1
.nolongmode:
xor eax, eax ; Return with ZF = 0
ret
; Function: print_string
; Display a string to the console on display page 0
;
; Inputs: SI = Offset of address to print
; Clobbers: AX, BX, SI
print_string:
mov ah, 0x0e ; BIOS tty Print
xor bx, bx ; Set display page to 0 (BL)
jmp .getch
.repeat:
int 0x10 ; print character
.getch:
lodsb ; Get character from string
test al,al ; Have we reached end of string?
jnz .repeat ; if not process next character
.end:
ret
; Function: wait_8042_cmd
; Wait until the Input Buffer Full bit in the keyboard controller's
; status register becomes 0. After calls to this function it is
; safe to send a command on Port 0x64
;
; Inputs: None
; Clobbers: AX
; Returns: None
KBC_STATUS_IBF_BIT EQU 1
wait_8042_cmd:
in al, 0x64 ; Read keyboard controller status register
test al, 1 << KBC_STATUS_IBF_BIT
; Is bit 1 (Input Buffer Full) set?
jnz wait_8042_cmd ; If it is then controller is busy and we
; can't send command byte, try again
ret ; Otherwise buffer is clear and ready to send a command
; Function: wait_8042_data
; Wait until the Output Buffer Empty (OBE) bit in the keyboard controller's
; status register becomes 0. After a call to this function there is
; data available to be read on port 0x60.
;
; Inputs: None
; Clobbers: AX
; Returns: None
KBC_STATUS_OBE_BIT EQU 0
wait_8042_data:
in al, 0x64 ; Read keyboard controller status register
test al, 1 << KBC_STATUS_OBE_BIT
; Is bit 0 (Output Buffer Empty) set?
jz wait_8042_data ; If not then no data waiting to be read, try again
ret ; Otherwise data is ready to be read
; Function: a20_kbd_enable
; Enable the A20 line via the keyboard controller
;
; Inputs: None
; Clobbers: AX, CX
; Returns: None
a20_kbd_enable:
pushf
cli ; Disable interrupts
call wait_8042_cmd ; When controller ready for command
mov al, 0xad ; Send command 0xad (disable keyboard).
out 0x64, al
call wait_8042_cmd ; When controller ready for command
mov al, 0xd0 ; Send command 0xd0 (read output port)
out 0x64, al
call wait_8042_data ; Wait until controller has data
in al, 0x60 ; Read data from keyboard
mov cx, ax ; CX = copy of byte read
call wait_8042_cmd ; Wait until controller is ready for a command
mov al, 0xd1
out 0x64, al ; Send command 0xd1 (write output port)
call wait_8042_cmd ; Wait until controller is ready for a command
mov ax, cx
or al, 1 << 1 ; Write value back with bit 1 set
out 0x60, al
call wait_8042_cmd ; Wait until controller is ready for a command
mov al, 0xae
out 0x64, al ; Write command 0xae (enable keyboard)
call wait_8042_cmd ; Wait until controller is ready for command
popf ; Restore flags including interrupt flag
ret
; Function: a20_fast_enable
; Enable the A20 line via System Control Port A
;
; Inputs: None
; Clobbers: AX
; Returns: None
a20_fast_enable:
in al, 0x92 ; Read System Control Port A
test al, 1 << 1
jnz .finished ; If bit 1 is set then A20 already enabled
or al, 1 << 1 ; Set bit 1
and al, ~(1 << 0) ; Clear bit 0 to avoid issuing a reset
out 0x92, al ; Send Enabled A20 and disabled Reset to control port
.finished:
ret
; Function: a20_bios_enable
; Enable the A20 line via the BIOS function Int 15h/AH=2401
;
; Inputs: None
; Clobbers: AX
; Returns: None
a20_bios_enable:
mov ax, 0x2401 ; Int 15h/AH=2401 enables A20 on BIOS with this feature
int 0x15
ret
; Function: a20_check
; Determine if the A20 line is enabled or disabled
;
; Inputs: None
; Clobbers: AX, CX, ES
; Returns: ZF=1 if A20 enabled, ZF=0 if disabled
a20_check:
pushf ; Save flags so Interrupt Flag (IF) can be restored
push ds ; Save volatile registers
push si
push di
cli ; Disable interrupts
xor ax, ax
mov ds, ax
mov si, 0x600 ; 0x0000:0x0600 (0x00600) address we will test
mov ax, 0xffff
mov es, ax
mov di, 0x610 ; 0xffff:0x0610 (0x00600) address we will test
; The physical address pointed to depends on whether
; memory wraps or not. If it wraps then A20 is disabled
mov cl, [si] ; Save byte at 0x0000:0x0600
mov ch, [es:di] ; Save byte at 0xffff:0x0610
mov byte [si], 0xaa ; Write 0xaa to 0x0000:0x0600
mov byte [es:di], 0x55 ; Write 0x55 to 0xffff:0x0610
xor ax, ax ; Set return value 0
cmp byte [si], 0x55 ; If 0x0000:0x0600 is 0x55 and not 0xaa
je .disabled ; then memory wrapped because A20 is disabled
dec ax ; A20 Disable, set AX to -1
.disabled:
; Cleanup by restoring original bytes in memory. This must be in reverse
; order from the order they were originally saved
mov [es:di], ch ; Restore data saved data to 0xffff:0x0610
mov [si], cl ; Restore data saved data to 0x0000:0x0600
pop di ; Restore non-volatile registers
pop si
pop ds
popf ; Restore Flags (including IF)
test al, al ; Return ZF=1 if A20 enabled, ZF=0 if disabled
ret
; Function: a20_enable
; Enable the A20 line
;
; Inputs: None
; Clobbers: AX, BX, CX, DX
; Returns: ZF=0 if A20 not enabled, ZF=1 if A20 enabled
a20_enable:
call a20_check ; Is A20 already enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_bios_enable ; Try enabling A20 via BIOS
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_kbd_enable ; Try enabling A20 via keyboard controller
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
call a20_fast_enable ; Try enabling A20 via fast method
call a20_check ; Is A20 now enabled?
jnz .a20_on ; If so then we're done ZF=1
.a20_err:
xor ax, ax ; If A20 disabled then return with ZF=0
.a20_on:
ret
; Function: check_386
; Check if this processor is at least a 386
;
; Inputs: None
; Clobbers: AX
; Returns: ZF=0 if Processor earlier than a 386, ZF=1 if processor is 386+
check_386:
xor ax, ax ; Zero EFLAGS
push ax
popf ; Push zeroed flags
pushf
pop ax ; Get the currently set flags
and ax, 0xf000 ; if high 4 bits of FLAGS are not set then
cmp ax, 0xf000 ; CPU is an 8086/8088/80186/80188
je .error ; and exit with ZF = 0
mov ax, 0xf000 ; Set the high 4 bits of FLAGS to 1
push ax
popf ; Update the FLAGS register
pushf ; Get newly set FLAGS into AX
pop ax
and ax, 0xf000 ; if none of the high 4 bits are set then
jnz .noerror ; CPU is an 80286. Return success ZF = 1
; otherwise CPU is a 386+
.error:
xor ax, ax ; Set ZF = 0 (Earlier than a 386)
.noerror:
ret
; Function: switch_longmode_64
; Switch processor to 64-bit mode directly from real mode
; See: https://wiki.osdev.org/Entering_Long_Mode_Directly
; - Enable Interrupts (IF=1)
; - Enable paging
; - Identity Map first 2MiB of memory with a large page
; by setting up proper PML4, PDPT, and PD
; - Disable interrupts on the Master and Slave PICs
; - Flush any pending external interrupts
; - Use LIDT to load an IDT record with size of 0 to force
; all software and hardware interrupts to triple fault
; - Jump to 64-bit mode at label `longmode64_entry`
;
; Inputs: DS:EDI 4KiB aligned address where there is at least
; 12KiB of physical memory available
; Clobbers: N/A
; Returns: Jumps to label 'longmode64_entry', doesn't return
PAGE_PRESENT EQU (1<<0)
PAGE_WRITE EQU (1<<1)
PAGE_USER EQU (1<<2)
PAGEDIR_SIZE_LARGE EQU (1<<7)
PAGING_STRUCT_SIZE EQU 3*4096 ; Size of memory area to hold PML4, PDPT, and PD
PAGING_BASE_ADDR EQU 0x1000 ; Offset in first 64Kb that is the start of a 16KiB
; region that can be used for a default paging tree
PML4_OFS EQU 0x0000 ; Offset of PML4 table
PDPT_OFS EQU 0x1000 ; Offset of Page Directory Pointer Table
PD_OFS EQU 0x2000 ; Offset of Page Directory Table
switch_longmode_64:
push dword 1<<EFLAGS_IF_BIT; Reset all the EFLAG bits to 0 except IF=1
popfd
; Zero out the 12KiB buffer used for PML4, PDPT, PD.
; We are using rep stosd (DWORD) thus the count should be bytes / 4.
push di ; Temporarily store DI
mov ecx, (PAGING_STRUCT_SIZE/4)
; Number of DWORDS to set
xor eax, eax ; Value to set 0x00000000
rep stosd ; Zero the memory
pop di ; Restore DI
; DI = 4KiB aligned address to base of paging structures
; Create Page Map Level 4 Table (PML4)
lea eax, [di + PDPT_OFS] ; EAX = address of Page Directory Pointer Table (PDPT)
or eax, PAGE_PRESENT | PAGE_WRITE | PAGE_USER
; Set present flag, writable and user flags
mov [di + PML4_OFS], eax ; Store the address the PDPT to the first PML4 entry
; Create the Page Directory Pointer Table (PDPT)
lea eax, [di + PD_OFS] ; EAX = address of Page Directory (PD)
or eax, PAGE_PRESENT | PAGE_WRITE | PAGE_USER
; Set present flag, writable and user flags
mov [di + PDPT_OFS], eax ; Store page directory address as the first PDPT entry
; Create Page Directory (PD)
mov dword [di + PD_OFS], PAGE_PRESENT | PAGE_WRITE | PAGE_USER | \
PAGEDIR_SIZE_LARGE | 0 << 21
; Set first PD entry to present, writable, user, and
; large page. Identity map to the first 2MiB in
; physical memory
; Disable IRQs on the Master and Slave PICs
mov al, 0xFF ; Bits that are 1 disable interrupts, 0 = enable
out 0xA1, al ; Disable all interrupts on Slave PIC
out 0x21, al ; Disable all interrupts on Master PIC
; Flush any pending IRQs
mov ecx, 8
; Do a loop to allow pending interrupts to be processed.
; Execute enough instructions to process all 16 interrupts.
.irqflush:
dec ecx
jnz .irqflush
lidt [idtr] ; Load a zero length IDT so that any hardware
; interrupt or CPU exception causes a triple fault
; Enter long mode directly from real mode without entering compatibility mode
movzx esp, sp ; Zero extend SP to ESP
mov eax, 10100000b
mov cr4, eax ; Set CR4 PAE and PGE bits on and other features off
mov cr3, edi ; Set CR3 to address of PML4 (@ 0x00001000)
mov ecx, 0xC0000080
rdmsr ; Read EFER MST to EDX:EAX
or eax, 0x00000100 ; Set the LME bit
wrmsr ; Write back changes to EFER MSR
mov eax, cr0 ; Get current CR0
or eax, 0x80000001 ; Enable both paging and protected mode bits
mov cr0, eax ; Update CR0
jmp .flushipfq ; This JMP is to flush instruction prefetch queue
.flushipfq:
lgdt [gdtr] ; Load gdt from gdtr
jmp CODE64_PL0_SEL:longmode64_entry
; Start executing code in 64-bit mode
noa20_err db "A20 line couldn't be enabled", 10, 13, 0
nolm_err db "Processor doesn't support x86-64 mode", 10, 13, 0
; Zero length IDT record to force all interrupts to triple fault
align 4
idtr:
.len dw 0
.base dd 0
; Macro to build a GDT descriptor entry
%define MAKE_GDT_DESC(base, limit, access, flags) \
(((base & 0x00FFFFFF) << 16) | \
((base & 0xFF000000) << 32) | \
(limit & 0x0000FFFF) | \
((limit & 0x000F0000) << 32) | \
((access & 0xFF) << 40) | \
((flags & 0x0F) << 52))
; GDT structure
align 4
gdt_start: dq MAKE_GDT_DESC(0, 0, 0, 0)
; Null descriptor
gdt64_code_pl0: dq MAKE_GDT_DESC(0, 0x00000000, 10011010b, 0010b)
; 64-bit code, privilege level 0, l=1, sz=0
gdt64_data_pl0: dq MAKE_GDT_DESC(0, 0x00000000, 10010010b, 0000b)
; 64-bit data, privilege level 0, l=0, sz=0
gdt64_code_pl3: dq MAKE_GDT_DESC(0, 0x00000000, 11111010b, 0010b)
; 64-bit code, privilege level 3, l=1, sz=0
gdt64_data_pl3: dq MAKE_GDT_DESC(0, 0x00000000, 11110010b, 0000b)
; 64-bit data, privilege level 3, l=0, sz=0
end_of_gdt:
; GDT record
align 4
dw 0 ; Padding align dd GDT in gdtr on 4 byte boundary
gdtr:
dw end_of_gdt - gdt_start - 1
; limit (Size of GDT - 1)
dd gdt_start ; base of GDT
NULL_SEL_RPL0 EQU 0
NULL_SEL_RPL1 EQU 1
NULL_SEL_RPL2 EQU 2
NULL_SEL_RPL3 EQU 3
CODE64_PL0_SEL EQU gdt64_code_pl0 - gdt_start
DATA64_PL0_SEL EQU gdt64_data_pl0 - gdt_start
CODE64_PL3_SEL EQU gdt64_code_pl3 - gdt_start
DATA64_PL3_SEL EQU gdt64_data_pl3 - gdt_start
; Entry point for 64-bit mode
; Upon entry these have all been set:
; - CPU is running at Current Privilege Level (CPL) = 0 aka kernel mode
; - Interrupts are enabled (IF=1)
; - External interrupts are disabled on the Master and Slave PICs
; - Direction Flag clear (DF=0)
BITS 64
longmode64_entry:
mov eax, DATA64_PL0_SEL ; Set DS/ES/FS/GS/SS to a
; privilege level 0 data selector
mov ds, eax
mov es, eax
mov fs, eax
mov gs, eax
mov ss, eax
; Insert 64-bit code to test here
mov eax, NULL_SEL_RPL0 ; EAX = 0x0000 = NULL Selector with
; Requested Privilege Level (RPL) 0
; Should loading a NULL selector with RPL 0 (0x0000) fail
; and cause an exception / triple fault / reboot? When tested in VMs and
; real hardware it works and `LM` is printed to the display below
mov ss, eax ; Try to set SS with NULL selector
; Write the letters "LM" (long mode) to upper left hand corner of display
; starting at text video memory address 0xb8000 using white on magenta attribute
mov dword [VIDEO_TEXT_ADDR], (ATTR_WHITE_ON_MAGENTA << 8 | 'M') << 16 | \
(ATTR_WHITE_ON_MAGENTA << 8 | 'L')
hlt
stage2_end:
要使用 NASM 组装此文件,请使用:
nasm -f bin stage2.asm -o stage2.bin
此代码旨在使用的引导加载程序可以在 Stackoverflow answer 中找到。 。该答案中的代码以可启动的 1.44MiB 软盘镜像的形式充当测试工具。要构建磁盘 - 将 boot.asm
和 bpb.inc
复制到包含 stage2.asm
的目录(上面)并使用以下命令:
nasm -f bin boot.asm -o disk.img
要在 QEMU 中进行测试,您可以运行以下命令:
qemu-system-x86_64 -fda disk.img
如果没有错误,输出应与此类似:
如果代码没有错误,它应该在屏幕左上角打印 LM
。
最佳答案
如果此代码在 64 位模式下 CPL=0 处执行:
NULL_SEL_RPL0 EQU 0
mov eax, NULL_SEL_RPL0 ; EAX = 0x0000 = NULL Selector with
; Requested Privilege Level (RPL) 0.
mov ss, eax ; Try to set SS with NULL selector 0x0000
; Should this cause a #GP(0) fault?
预期行为不与#GP(0)
有关。这似乎与您引用的 ISA 文档相反。您没有考虑到的内容在序言中:
Loading a segment register while in protected mode results in special checks and actions, as described in the following listing.
关键是显示的伪代码适用于保护模式,而不是长模式。虽然您需要启用 PE
(保护模式启用位)才能达到 64 位模式((长模式子模式),但长模式实际上并不是保护模式。维基百科有一个图表x86-64 operating modes 很好地显示了关系:
多年来,这已经困扰了许多开发人员。在英特尔 ISA 的某些部分中,有完整的伪代码来涵盖所有情况和不同模式。 MOV
指令的记录方式并不完全相同。
如果您进一步查看文档,您会发现定义 64 位异常的表格:
64-Bit Mode Exceptions
#GP(0)
If the memory address is in a non-canonical form.
If an attempt is made to load SS register with NULL segment selector when CPL = 3.
If an attempt is made to load SS register with NULL segment selector when CPL < 3 and CPL ≠ RPL.
在您的代码中,您使用 MOV
将 0x0000 加载到 SS 中。 0x0000 是请求权限级别为 0 (RPL=0) 的 NULL 选择器。您正在以当前权限 0 (CPL=0) 运行。在您的 GDT 中,您使用的代码选择器的描述符权限级别为 0 (DPL=0)。
您的代码不会从内存操作数加载要存储在SS中的选择器,因此第一个条件不会导致#GP(0)
。您正在 CPL=0 下运行,因此第二个条件不会导致 #GP(0)
。您的 CPL(0) < 3 但 RPL(0) == CPL(0),因此第三个条件不会导致 #GP(0)
。
但是如果您要这样做:
NULL_SEL_RPL0 EQU 3
mov eax, NULL_SEL_RPL3 ; EAX = 0x0003 = NULL Selector with
; Requested Privilege Level (RPL) 3.
mov ss, eax ; This cause a #GP(0) fault?
在这里,您仍然是 CPL=0,但您的 NULL 选择器1 的 RPL 为 3(用户模式)。现在,您的 CPL(0) < 3 且 CPL(3) ≠ RPL(0),因此在第三个条件下,代码应出现 #GP(0)
错误。
尽管当您在真实硬件上 CPL=0 时设置 RPL=3 的 NULL 选择器是预期行为 - 并非所有模拟器都会捕获此异常!特别是没有 KVM 的 QEMU 似乎不会执行此检查,因此不会出现故障。如果您使用的系统具有硬件虚拟化和启用 KVM 的操作系统,并使用选项 -enable-kvm
运行 QEMU,则应按预期出现 #GP(0)
错误。 BOCHS 还将引发 #GP(0)
异常。 注意:这个故事的寓意是,您不一定依赖特定的模拟器或虚拟机来真正遵守管理真实 CPU 的规则。
要测试第二种情况,即在 CPL=3 处使用 NULL 选择器加载 SS 时会出现 #GP(0)
错误,longmode64_entry
代码可更改为:
longmode64_entry:
mov eax, DATA64_PL0_SEL ; Set DS/ES/FS/GS/SS to a privilege level 0 data selector
mov ds, eax
mov es, eax
mov fs, eax
mov gs, eax
mov ss, eax
; Insert 64-bit code to test here
; Change to ring 3 (user mode)
mov rax, rsp ; Save current RSP and use it as stack pointer in ring 3
push DATA64_PL3_SEL | 3 ; User mode SS = 64 data segment with a DPL of 3, RPL=3
push rax ; User mode RSP
pushfq ; Push current flags
push CODE64_PL3_SEL | 3 ; User mode CS = 64 code segment with a DPL of 3, RPL=3
push .usermode ; User mode RIP - enter ring 3 at label '.usermode'
iretq ; Use IRETQ to perform ring transition from CPL 0 to CPL 3
.usermode:
mov eax, NULL_SEL_RPL3 ; EAX = 0x0003 = NULL Selector with
; Requested Privilege Level (RPL) 3
mov ss, eax ; Try to set SS with a NULL selector at CPL=3
; This should fault with #GP(0)
; Write the letters "LM" (long mode) to upper left hand corner of display
; starting at text video memory address 0xb8000 using white on magenta attribute
mov dword [VIDEO_TEXT_ADDR], (ATTR_WHITE_ON_MAGENTA << 8 | 'M') << 16 | \
(ATTR_WHITE_ON_MAGENTA << 8 | 'L')
jmp $ ; Can't use HLT in Ring 3
<小时/>
关于assembly - 在64位模式下使用MOV指令将SS设置为0x0000是否会导致故障#GP(0)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57436125/
问题故障解决记录 -- Java RMI Connection refused to host: x.x.x.x .... 在学习JavaRMI时,我遇到了以下情况 问题原因:可
我正在玩 Rank-N-type 并尝试输入 x x .但我发现这两个函数可以以相同的方式输入,这很不直观。 f :: (forall a b. a -> b) -> c f x = x x g ::
这个问题已经有答案了: How do you compare two version Strings in Java? (31 个回答) 已关闭 8 年前。 有谁知道如何在Java中比较两个版本字符串
这个问题已经有答案了: How do the post increment (i++) and pre increment (++i) operators work in Java? (14 个回答)
下面是带有 -n 和 -r 选项的 netstat 命令的输出,其中目标字段显示压缩地址 (127.1/16)。我想知道 netstat 命令是否有任何方法或选项可以显示整个目标 IP (127.1.
我知道要证明 : (¬ ∀ x, p x) → (∃ x, ¬ p x) 证明是: theorem : (¬ ∀ x, p x) → (∃ x, ¬ p x) := begin intro n
x * x 如何通过将其存储在“auto 变量”中来更改?我认为它应该仍然是相同的,并且我的测试表明类型、大小和值显然都是相同的。 但即使 x * x == (xx = x * x) 也是错误的。什么
假设,我们这样表达: someIQueryable.Where(x => x.SomeBoolProperty) someIQueryable.Where(x => !x.SomeBoolProper
我有一个字符串 1234X5678 我使用这个正则表达式来匹配模式 .X|..X|X. 我得到了 34X 问题是为什么我没有得到 4X 或 X5? 为什么正则表达式选择执行第二种模式? 最佳答案 这里
我的一个 friend 在面试时遇到了这个问题 找到使该函数返回真值的 x 值 function f(x) { return (x++ !== x) && (x++ === x); } 面试官
这个问题在这里已经有了答案: 10年前关闭。 Possible Duplicate: Isn't it easier to work with foo when it is represented b
我是 android 的新手,我一直在练习开发一个针对 2.2 版本的应用程序,我需要帮助了解如何将我的应用程序扩展到其他版本,即 1.x、2.3.x、3 .x 和 4.x.x,以及一些针对屏幕分辨率
为什么案例 1 给我们 :error: TypeError: x is undefined on line... //case 1 var x; x.push(x); console.log(x);
代码优先: # CASE 01 def test1(x): x += x print x l = [100] test1(l) print l CASE01 输出: [100, 100
我正在努力温习我的大计算。如果我有将所有项目移至 'i' 2 个空格右侧的函数,我有一个如下所示的公式: (n -1) + (n - 2) + (n - 3) ... (n - n) 第一次迭代我必须
给定 IP 字符串(如 x.x.x.x/x),我如何或将如何计算 IP 的范围最常见的情况可能是 198.162.1.1/24但可以是任何东西,因为法律允许的任何东西。 我要带198.162.1.1/
在我作为初学者努力编写干净的 Javascript 代码时,我最近阅读了 this article当我偶然发现这一段时,关于 JavaScript 中的命名空间: The code at the ve
我正在编写一个脚本,我希望避免污染 DOM 的其余部分,它将是一个用于收集一些基本访问者分析数据的第 3 方脚本。 我通常使用以下内容创建一个伪“命名空间”: var x = x || {}; 我正在
我尝试运行我的test_container_services.py套件,但遇到了以下问题: docker.errors.APIError:500服务器错误:内部服务器错误(“ b'{” message
是否存在这两个 if 语句会产生不同结果的情况? if(x as X != null) { // Do something } if(x is X) { // Do something } 编
我是一名优秀的程序员,十分优秀!