1 / 12

The i/o-sensitive instructions

The i/o-sensitive instructions. An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode. Impact of IOPL in VM86 mode.

josh
Download Presentation

The i/o-sensitive instructions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode

  2. Impact of IOPL in VM86 mode • In virtual-8086 mode, if IOPL<3, then any instructions which could alter the IF-bit in the FLAGS register (Interrupt Flag) cause a General Protection fault (Exception 0xD) • This lets the Virtual-8086 Monitor control the actual effect on the CPU Interrupt-Flag • The Monitor can ignore the instruction (by just skipping past it) or it can perform the operation on behalf of the VM86 program

  3. The six i/o-sensitive opcodes • CLI (Clear Interrupt flag) • STI (Set Interrupt flag) • PUSHF (Push Flags register to stack) • POPF (Pop stack to Flags register) • IRET (Return from Interrupt) • INT-n (Software Interrupt) • The 32-bit versions of these instructions are also i/o-sensitive (e.g., PUSHFD / POPFD / IRETD )

  4. Role of the VM86 Monitor • The GP-fault handler may need to emulate the actions of the CPU when i/o-sensitive instructions trigger faults in VM86 mode • CLI and STI are simplest to emulate: all the Monitor needs to do is set or clear the IF-bit (bit #9) in the image of the EFLAGS register that the CPU saved on its ring-0 stack, and increment the image of IP by 1

  5. Emulating ‘pushf’ • To emulate ‘pushf’ the cpu subtracts 2 from the SP-register’s image (to make room for a new word of its ring-3 stack), copies the saved FLAGS-register image from the ring-0 stack to this new word on its ring-3 stack, then add 1 to the IP image to skip past the ‘pushf’ opcode byte

  6. Emulating ‘popf’ • To emulate ‘popf’ the cpu copies the top word from its ring-3 stack to the lower half of the saved EFLAGS register-image on its ring-0 stack, adds 2 to the SP-register’s image (to discard the copied word), then adds 1 to the IP image (to skip past ‘popf’)

  7. Emulating ‘iret’ • To emulate ‘iret’ the cpu copies the three topmost words from its ring-3 stack onto the lower halves of the three doublewords on its ring-0 stack which hold the images of the EIP, CS, and EFLAGS registers, adds 6 to the saved SP-register image (to discard the three words just copied)

  8. Emulating ‘int-n’ • Emulating ‘int-n’ is the most complex of the i/o-sensitive instruction-emulations • We discussed the steps involved during our preceeding lecture (we conducted an in-class exercise that implemented them) • Our next slide briefly review those steps

  9. Steps for ‘int-n’ emulation • Add 2 to the IP register-image (to skip past int-n) • Decrement the SP register-image by 6 (to make room for 3 new words on the ring-3 stack), and the copy saved IF, CS, and FLAGS register-images from the ring-0 stack to these new ring-3 stack locations • Use the interrupt ID-number (the second byte of ‘int-n’ instruction) to find the IVT entry, and copy its two words to the ring-0 stack locations for IP and CS, respectively • Clear bits #8 and #9 of the EFLAGS image

  10. Demo: ‘emulate.s’ • We have created a demo-program which incorporates these six emulations that we just discussed: CLI / STI, PUSHF / POPF, and IRET / INT-n. • But real-mode code for Pentium CPUs can also include 32-bit i/o-sensitive instructions (e.g., PUSHFD / POPFD, and IRETD) • These all have the operand-size prefix 0x66 in front of their one-byte opcodes

  11. In-class exercise #1 • Add emulations for these three additional i/o-sensitive instructions: • PUSHFD (0x66, 0x9C) • POPFD (0x66, 0x9D) • IRETD (0x66, 0xCF) • You will need to include some code in your VM86 procedure to ‘test’ your emulations

  12. In-class exercise #2 • Our emulation for ‘sti’ actually enables the receipt of device interrupts by the CPU • But we don’t provide interrupt-handlers! • This could easily cause a program crash • A ‘solution’ would be to ‘reflect’ any such interrupts to the real-mode ROM-BIOS interrupt-handlers (similar to emulating software interrupts) • So add this capability to your ‘emulate.s’

More Related