1. 前置
首先提出了一个疑问,什么是IA-32?下面从官网和维基百科来解答一下。
关于什么是IA-32,官方没有给出明确的定义,只是在官方手册《Intel® 64 and IA-32 ArchitecturesSoftware Developer’s Manual》中的Vol. 1 2-1的CHAPTER 2 INTEL® 64 AND IA-32 ARCHITECTURES章节中描述了IA-32和Intel的发展史,可以从这里面体会出什么是IA-32。
重点体会一下2.1.1 16-bit Processors and Segmentation (1978) 、 2.1.2 The Intel® 286 Processor (1982) 、 **2.1.3 The Intel386™ Processor (1985)**这个三个章节。
另外,对于IA-32的定义,官方手册是将8086、8088、286这些16位的处理器也包含在内了。上面的三个章节话里话外都表明了,8086、8088、286是属于IA-32 架构的。在2.1.3中的有一句话
The Intel386 processor was the first 32-bit processor in the IA-32 architecture family
这句话翻译过来就是“Intel386处理器是IA-32架构系列中的第一个32位处理器”,也间接表明了,16位的处理器8086、8088、286也属于IA-32。如果这里太隐晦的话,那么在手册的Vol. 3B 23-1的23.1 PROCESSOR FAMILIES AND CATEGORIES章节中:
• IA-32 Processors — All the Intel processors based on the Intel IA-32 Architecture, which include the
8086/88, Intel 286, Intel386, Intel486, Pentium, Pentium Pro, Pentium II, Pentium III, Pentium 4, and Intel
Xeon processors.
• 32-bit Processors — All the IA-32 processors that use a 32-bit architecture, which include the Intel386,
Intel486, Pentium, Pentium Pro, Pentium II, Pentium III, Pentium 4, and Intel Xeon processors.
• 16-bit Processors — All the IA-32 processors that use a 16-bit architecture, which include the 8086/88 and
Intel 286 processors.
这里直接就表明了,16位的处理器就是包含在IA-32中的。
而在英文版的维基百科中,对于IA-32 的定义,是专指从80386开始的3位的x86处理器:
IA-32 (short for "Intel Architecture, 32-bit", commonly called i386 is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of x86 that supports 32-bit computing;[4] as a result, the "IA-32" term may be used as a metonym to refer to all x86 versions that support 32-bit computing.
在袁春风. 计算机系统基础(第2版) [M]. 北京:机械工业出版社一书中的IA-32指令系统概述的这个章节中也表明了,Intel把32位的x86架构的名称x86-32改称为IA-32。
按道理官方不会出错,难道这个官方手册里面所讲的针对IA-32架构的功能也适应8086?很显然不是,在手册的每一个卷,都有说明本手册适配的处理器有哪些。如Vol. 1 1-1的1.1 INTEL® 64 AND IA-32 PROCESSORS COVERED IN THIS MANUAL小节,
This manual set includes information pertaining primarily to the most recent Intel 64 and IA-32 processors, which include:
• Pentium® processors
• P6 family processors
• Pentium® 4 processors
• Pentium® M processors
。。。。。。。。。。。。。。。。。。。等
这句话翻译过来就是“这套手册主要包括与最新的英特尔64和IA-32处理器有关的信息,其中包括”。在包括的处理器列表中,最老的也是Pentium® processors,它是个32位的处理器。所以整个手册是针对32位处理器和64位处理器的。
可以看出本手册是针对32位处理器的,所以可以理解本手册介绍处理器特性的内容虽然用的IA-32术语,但后面所有章节中介绍的处理器的特性是除了8086这些16位处理器以外的,本质还是介绍32位处理器的特性的。所以为了好理解IA-32这个概念,还是直接将IA-32理解
成英文版的维基百科和袁春风对IA-32的那种定义----即只考虑32位的处理器。
提一嘴,2-20 Vol. 1的2.2.10 Intel® 64 Architecture小节里面定义了Intel 64的概念。
下面进入正题。
2.处理器的操作模式和内存管理
在手册的Vol. 3A 2-7中的2.2 MODES OF OPERATION章节:
The IA-32 architecture supports three operating modes and one quasi-operating mode:
• Protected mode — This is the native operating mode of the processor. It provides a rich set of architectural
features, flexibility, high performance and backward compatibility to existing software base.
• Real-address mode — This operating mode provides the programming environment of the Intel 8086
processor, with a few extensions (such as the ability to switch to protected or system management mode).
• System management mode (SMM) — SMM is a standard architectural feature in all IA-32 processors,
beginning with the Intel386 SL processor. This mode provides an operating system or executive with a
transparent mechanism for implementing power management and OEM differentiation features. SMM is
entered through activation of an external system interrupt pin (SMI#), which generates a system management
interrupt (SMI). In SMM, the processor switches to a separate address space while saving the context of the
currently running program or task. SMM-specific code may then be executed transparently. Upon returning
from SMM, the processor is placed back into its state prior to the SMI.
• Virtual-8086 mode — In protected mode, the processor supports a quasi-operating mode known as virtual-
8086 mode. This mode allows the processor execute 8086 software in a protected, multitasking environment.
然后在手册的Vol. 1 3-1中的3.1 MODES OF OPERATION章节中也有:
The IA-32 architecture supports three basic operating modes: protected mode, real-address mode, and system
management mode. The operating mode determines which instructions and architectural features are accessible:
• Protected mode — This mode is the native state of the processor. Among the capabilities of protected mode
is the ability to directly execute “real-address mode” 8086 software in a protected, multi-tasking environment.
This feature is called virtual-8086 mode, although it is not actually a processor mode. Virtual-8086 mode is
actually a protected mode attribute that can be enabled for any task.
• Real-address mode — This mode implements the programming environment of the Intel 8086 processor with
extensions (such as the ability to switch to protected or system management mode). The processor is placed in
real-address mode following power-up or a reset.
• System management mode (SMM) — This mode provides an operating system or executive with a
transparent mechanism for implementing platform-specific functions such as power management and system
security. The processor enters SMM when the external SMM interrupt pin (SMI#) is activated or an SMI is
received from the advanced programmable interrupt controller (APIC).
In SMM, the processor switches to a separate address space while saving the basic context of the currently
running program or task. SMM-specific code may then be executed transparently. Upon returning from SMM,
the processor is placed back into its state prior to the system management interrupt. SMM was introduced with
the Intel386™ SL and Intel486™ SL processors and became a standard IA-32 feature with the Pentium
processor family
我们重点了解一下Protected mode和Real-address mode。SMM模式是中断的时候的模式,暂时不了解。
然后再看下处理器的内存管理,
在Vol. 1 3-6 中 3.3 MEMORY ORGANIZATION
The memory that the processor addresses on its bus is called physical memory. Physical memory is organized as a sequence of 8-bit bytes. Each byte is assigned a unique address, called a physical address. The physical address space ranges from zero to a maximum of 236 − 1 (64 GBytes) if the processor does not support Intel 64 architecture. Intel 64 architecture introduces a set of changes in physical and linear address space; these are described in Section 3.3.3, Section 3.3.4, and Section 3.3.7.
Virtually any operating system or executive designed to work with an IA-32 or Intel 64 processor will use the processor’s memory management facilities to access memory. These facilities provide features such as segmentation and paging, which allow memory to be managed efficiently and reliably. Memory management is described in detail in Chapter 3 “Protected-Mode Memory Management,” in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume3A. The following paragraphs describe the basic methods of addressing memory when memory management is used.
这段话翻译后:
处理器在其总线上寻址的内存被称为物理内存。物理内存被组织成一个8位字节的序列。每个字节都被分配一个唯一的地址,称为物理地址。如果处理器不支持英特尔64架构,物理地址空间范围从零到最大的236-1(64GB字节)。英特尔64架构在物理和线性地址空间中引入了一系列变化;这些变化在第3.3.3节、第3.3.4节和第3.3.7节中有所描述。
几乎所有设计用于IA-32或Intel 64处理器的操作系统或执行程序都将使用处理器的内存管理设施来访问内存。这些设施提供了诸如分段和分页的功能,使内存得到了有效和可靠的管理。内存管理在《英特尔®64和IA-32架构软件开发者手册》第3章 "受保护模式的内存管理 "中作了详细描述。以下段落描述了使用内存管理时对内存进行寻址的基本方法。
可以看出,手册很明确的指示我们IA-32的内存管理都是在Protected mode下的。
在Vol. 1 3-7 3.3.1 IA-32 Memory Models小节中:
When employing the processor’s memory management facilities, programs do not directly address physical
memory. Instead, they access memory using one of three memory models: flat, segmented, or real address mode:
• Flat memory model — Memory appears to a program as a single, continuous address space (Figure 3-3). This
space is called a linear address space. Code, data, and stacks are all contained in this address space. Linear
address space is byte addressable, with addresses running contiguously from 0 to 232 - 1 (if not in 64-bit
mode). An address for any byte in linear address space is called a linear address.
• Segmented memory model — Memory appears to a program as a group of independent address spaces
called segments. Code, data, and stacks are typically contained in separate segments. To address a byte in a
segment, a program issues a logical address. This consists of a segment selector and an offset (logical
addresses are often referred to as far pointers). The segment selector identifies the segment to be accessed
and the offset identifies a byte in the address space of the segment. Programs running on an IA-32 processor
can address up to 16,383 segments of different sizes and types, and each segment can be as large as 232
bytes.
Internally, all the segments that are defined for a system are mapped into the processor’s linear address space.
To access a memory location, the processor thus translates each logical address into a linear address. This
translation is transparent to the application program.
The primary reason for using segmented memory is to increase the reliability of programs and systems. For
example, placing a program’s stack in a separate segment prevents the stack from growing into the code or
data space and overwriting instructions or data, respectively.
• Real-address mode memory model — This is the memory model for the Intel 8086 processor. It is
supported to provide compatibility with existing programs written to run on the Intel 8086 processor. The realaddress mode uses a specific implementation of segmented memory in which the linear address space for the
program and the operating system/executive consists of an array of segments of up to 64 KBytes in size each.
The maximum size of the linear address space in real-address mode is 220 bytes.
See also: Chapter 21, “8086 Emulation,” Intel® 64 and IA-32 Architectures Software Developer’s Manual,
Volume 3B.
实地址模式内存模型 - 这是英特尔8086处理器的内存模型。支持它是为了提供与现有程序的兼容性,这些程序是为在英特尔8086处理器上运行而编写的。实地址模式使用分段式内存的具体实现,其中程序和操作系统/执行器的线性地址空间由每个大小不超过64KB的分段阵列组成。实地址模式下线性地址空间的最大尺寸为220字节。
这里介绍了IA-32支持的三种内存模式。且在下图中表明了Flat和Segmented memory model支持分页,Real-address mode memory model是不支持分页的,此模式是8086的处理器内存模型,由处理器历史可以知道,8086只有实模式是没有保护模式也没有分页的,那后续的处理器还支持这个模式是为了兼容以前在8086上运行的程序。
另外在 3-8 Vol. 1的3.3.2 Paging and Virtual Memory小节中也表明了Flat和Segmented memory model支持分页,Real-address mode memory model是不支持的。而且这里也强调了分页和虚拟内存管理是在Protected-Mode下的。
With the flat or the segmented memory model, linear address space is mapped into the processor’s physical address space either directly or through paging. When using direct mapping (paging disabled), each linear address has a one-to-one correspondence with a physical address. Linear addresses are sent out on the processor’s address lines without translation.
When using the IA-32 architecture’s paging mechanism (paging enabled), linear address space is divided into pages which are mapped to virtual memory. The pages of virtual memory are then mapped as needed into physical memory. When an operating system or executive uses paging, the paging mechanism is transparent to an application program. All that the application sees is linear address space.
In addition, IA-32 architecture’s paging mechanism includes extensions that support:
• Physical Address Extensions (PAE) to address physical address space greater than 4 GBytes.
• Page Size Extensions (PSE) to map linear address to physical address in 4-MBytes pages.
See also: Chapter 3, “Protected-Mode Memory Management,” in the Intel® 64 and IA-32 Architectures Software
Developer’s Manual, Volume 3A.
这段话的翻译:
在平面或分段式内存模型中,线性地址空间被直接或通过分页映射到处理器的物理地址空间。当使用直接映射时(禁用分页),每个线性地址与物理地址有一对一的对应关系。线性地址在处理器的地址线上被发送出去,不需要翻译。
当使用IA-32体系结构的分页机制(分页已启用)时,线性地址空间被划分为被映射到虚拟内存的页面。然后,虚拟内存的页面根据需要被映射到物理内存中。当操作系统或执行系统使用分页时,分页机制对应用程序是透明的。应用程序所看到的只是线性地址空间。
此外,IA-32架构的分页机制包括支持的扩展。
- 物理地址扩展(PAE)以解决大于4GBytes的物理地址空间。
- 页面大小扩展(PSE),以4MB字节的页面将线性地址映射到物理地址。
也请参见。第3章,"受保护模式的内存管理",见《英特尔® 64和IA-32架构软件开发者手册》第3A卷。
上面一段话提到了虚拟内存,啥是虚拟内存呢?
Vol. 3A 3-1 3.1 MEMORY MANAGEMENT OVERVIEW
Paging supports a “virtual memory” environment where a large linear address space is simulated with a small
amount of physical memory (RAM and ROM) and some disk storage.
2-6 Vol. 3A 2.1.5 Memory Management
System architecture supports either direct physical addressing of memory or virtual memory (through paging). When physical addressing is used, a linear address is treated as a physical address. When paging is used: all code, data, stack, and system segments (including the GDT and IDT) can be paged with only the most recently accessed pages being held in physical memory.
4-54 Vol. 3A 4.12 USING PAGING FOR VIRTUAL MEMORY
With paging, portions of the linear-address space need not be mapped to the physical-address space; data for the unmapped addresses can be stored externally (e.g., on disk). This method of mapping the linear-address space is referred to as virtual memory or demand-paged virtual memory.
3.操作模式和内存模式的映射关系
既然谈论完了操作模式,和内存模式,那么它们之间有什么关系呢?在Vol. 1 3-9 3.3.4 Modes of Operation vs. Memory Model中
When writing code for an IA-32 or Intel 64 processor, a programmer needs to know the operating mode the
processor is going to be in when executing the code and the memory model being used. The relationship between
operating modes and memory models is as follows:
• Protected mode — When in protected mode, the processor can use any of the memory models described in
this section. (The real-addressing mode memory model is ordinarily used only when the processor is in the
virtual-8086 mode.) The memory model used depends on the design of the operating system or executive.
When multitasking is implemented, individual tasks can use different memory models.
• Real-address mode — When in real-address mode, the processor only supports the real-address mode
memory model.
• System management mode — When in SMM, the processor switches to a separate address space, called the
system management RAM (SMRAM). The memory model used to address bytes in this address space is similar
to the real-address mode model. See Chapter 32, “System Management Mode,” in the Intel® 64 and IA-32
Architectures Software Developer’s Manual, Volume 3C, for more information on the memory model used in
SMM.
• Compatibility mode — Software that needs to run in compatibility mode should observe the same memory
model as those targeted to run in 32-bit protected mode. The effect of segmentation is the same as it is in 32-
bit protected mode semantics.
• 64-bit mode — Segmentation is generally (but not completely) disabled, creating a flat 64-bit linear-address
space. Specifically, the processor treats the segment base of CS, DS, ES, and SS as zero in 64-bit mode (this
makes a linear address equal an effective address). Segmented and real address modes are not available in 64-
bit mode.
可以看到Real-address mode只能使用real-address mode memory model内存模型,因此Real-address mode不支持分页。
既然说了这么多次了,内存管理是在保护模式下,详细看看都有些啥。
4.保护模式下的内存管理
直接来到手册的 CHAPTER 3 PROTECTED-MODE MEMORY MANAGEMENT
This chapter describes the Intel 64 and IA-32 architecture’s protected-mode memory management facilities,
including the physical memory requirements, segmentation mechanism, and paging mechanism.
本章介绍了Intel 64和IA-32架构的保护模式内存管理设施,包括物理内存要求、分段机制和分页机制。
See also: Chapter 5, “Protection” (for a description of the processor’s protection mechanism) and Chapter 21,
“8086 Emulation” (for a description of memory addressing protection in real-address and virtual-8086 modes).
这里让我们来到第五章,接下来看看第五章的内容。
Vol. 3A 5-1 CHAPTER 5PROTECTION章节
In protected mode, the Intel 64 and IA-32 architectures provide a protection mechanism that operates at both the segment level and the page level. This protection mechanism provides the ability to limit access to certain segments or pages based on privilege levels (four privilege levels for segments and two privilege levels for pages).
For example, critical operating-system code and data can be protected by placing them in more privileged segments than those that contain applications code. The processor’s protection mechanism will then prevent application code from accessing the operating system code and data in any but a controlled, defined manner.
在保护模式下,英特尔64和IA-32架构提供了一个在段级和页级操作的保护机制。这种保护机制提供了根据权限级别限制对某些段或页的访问的能力(段有四个权限级别,页有两个权限级别)。
例如,关键的操作系统代码和数据可以通过把它们放在比包含应用程序代码的段更有特权的段中来保护。然后,处理器的保护机制将阻止应用程序代码以任何方式访问操作系统代码和数据,除非是以受控的、确定的方式。
注意,这里引出来了一个关键词,“privilege”
在5-6 Vol. 3A 5.5 PRIVILEGE LEVELS
The processor’s segment-protection mechanism recognizes 4 privilege levels, numbered from 0 to 3. The greater numbers mean lesser privileges. Figure 5-3 shows how these levels of privilege can be interpreted as rings of protection.
处理器的段保护机制识别了4个权限级别,编号从0到3。 数字越大意味着权限越小。图5-3显示了这些权限级别如何被解释为保护环。
The center (reserved for the most privileged code, data, and stacks) is used for the segments containing the critical software, usually the kernel of an operating system. Outer rings are used for less critical software. (Systems that use only 2 of the 4 possible privilege levels should use levels 0 and 3.)
中心(为最有特权的代码、数据和堆栈保留)用于包含关键软件的段,通常是操作系统的内核。外环用于较不重要的软件。(在4个可能的权限级别中只使用2个的系统应该使用0级和3级。)
The processor uses privilege levels to prevent programs or tasks running at lower privilege levels from accessing segments with greater privileges, except in controlled situations. When the processor detects a privilege level violation, it generates a general protection exception (#GP).
处理器使用权限级别来防止以较低权限级别运行的程序或任务访问具有较大权限的段,除非在受控情况下。当处理器检测到一个特权级别的违反时,它会产生一个一般保护异常(#GP)。
紧接着又出现了一个比较重要的概念CPL
Current privilege level (CPL) — The CPL is the privilege level of the currently executing program or task. It is stored in bits 0 and 1 of the CS and SS segment registers. Normally, the CPL is equal to the privilege level of the code segment from which instructions are being fetched. The processor changes the CPL when program control is transferred to a code segment with a different privilege level. The CPL is treated slightly differently when accessing conforming code segments. Conforming code segments can be accessed from any privilege level that is equal to or numerically greater (less privileged) than the DPL of the conforming code segment.
Also, the CPL is not changed when the processor accesses a conforming code segment that has a different privilege level than the CPL.
当前权限级别(CPL) - CPL是当前执行的程序或任务的权限级别。它存储在CS和SS段寄存器的第0和1位。通常情况下,CPL等于正在获取指令的代码段的权限级别。当程序控制被转移到一个具有不同权限级别的代码段时,处理器会改变CPL。在访问符合要求的代码段时,CPL的处理方式略有不同。符合要求的代码段可以从任何等于或大于(低于)符合要求的代码段的DPL的特权级别进行访问。
另外,当处理器访问一个与CPL不同的符合标准的代码段时,CPL不会被改变。特权级别与CPL不同的代码段时,CPL不会改变。
既然privilege被引出来了,那么和他相关的概念,user mode 和supervisor mode的概念也就出来了。
在5-28 Vol. 3A 5.11.2 Restricting Addressable Domain
The page-level protection mechanism allows restricting access to pages based on two privilege levels:
• Supervisor mode (U/S flag is 0)—(Most privileged) For the operating system or executive,other system software (such as device drivers), and protected system data (such as page tables).
• User mode (U/S flag is 1)—(Least privileged) For application code and data.
The segment privilege levels map to the page privilege levels as follows. If the processor is currently operating at a CPL of 0, 1, or 2, it is in supervisor mode; if it is operating at a CPL of 3, it is in user mode. When the processor is in supervisor mode, it can access all pages; when in user mode, it can access only user-level pages. (Note that the WP flag in control register CR0 modifies the supervisor permissions, as described in Section 5.11.3, “Page Type.”)
页级保护机制允许根据两个权限级别限制对页的访问。
- 监督者模式(U/S标志为0)-(最高权限)用于操作系统或执行程序、其他系统软件(如设备驱动程序)和受保护的系统数据(如页表)。
- 用户模式(U/S标志为1)--(最低权限)用于应用程序代码和数据。
段的权限级别与页的权限级别映射如下。如果处理器目前在CPL为0、1或2的情况下运行,它就处于监督者模式;如果它在CPL为3的情况下运行,它就处于用户模式。当处理器处于监督者模式时,它可以访问所有页面;当处于用户模式时,它只能访问用户级页面。(注意控制寄存器CR0中的WP标志会修改监督员的权限,如第5.11.3节 "页面类型 "中所述)。
所以可以看出来,什么保护环,用户模式,内核模式,都是说的CPU的功能。但是有些参考资料,会将这些概念混淆给操作系统包括英文的维基百科。
5.User space and kernel space
上面讲的都是CPU层面的,下面讲讲和OS有关的一个重要的概念User space and kernel space
有了上面CPU相关的知识,这里直接附上英文维基百科的对User space and kernel space的解释,这里有一句比较重要的话:
A modern computer operating system usually segregates virtual memory into user space and kernel space.Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour.
现代计算机操作系统通常将虚拟内存隔离为用户空间和内核空间。[a]这种隔离主要是为了提供内存保护和硬件保护,防止恶意或错误的软件行为。
Kernel space is strictly reserved for running a privileged operating system kernel, kernel extensions, and most device drivers. In contrast, user space is the memory area where application software and some drivers execute.
内核空间被严格保留用于运行有特权的操作系统内核、内核扩展和大多数设备驱动程序。相比之下,用户空间是应用软件和一些驱动程序执行的内存区域。
A modern computer operating system usually segregates virtual memory into user space and kernel space这句话看到没,操作系统只是把虚拟内存分成了用户空间和内核空间。那么虚拟内存是谁提供的呢?没错在4-54 Vol. 3A 4.12 USING PAGING FOR VIRTUAL MEMORY中讲过,这个虚拟内存还是由CPU提供的。
维基百科也有以下介绍:
The most common way of implementing a user mode separate from kernel mode involves operating system protection rings. Protection rings, in turn, are implemented using CPU modes. Typically, kernel space programs run in kernel mode, also called supervisor mode; normal applications in user space run in user mode.
实现独立于内核模式的用户模式最常见的方式是操作系统保护环。保护环又是通过CPU模式实现的。通常情况下,内核空间的程序在内核模式下运行,也称为监督者模式;用户空间的普通应用程序在用户模式下运行。
在这里维基百科就把保护环归类给了操作系统,但是不影响总体方向。重点知道**kernel space programs run in kernel mode, also called supervisor mode; normal applications in user space run in user mode.**就行了。
6.补充
什么是 8086 program
Vol. 3B 21-1 21.1 REAL-ADDRESS MODE
The IA-32 architecture’s real-address mode runs programs written for the Intel 8086, Intel 8088, Intel 80186, and Intel 80188 processors, or for the real-address mode of the Intel 286, Intel386, Intel486, Pentium, P6 family, Pentium 4, and Intel Xeon processors.
IA-32架构的实地址模式可以运行为英特尔8086、英特尔8088、英特尔80186和英特尔80188处理器编写的程序,或为英特尔286、英特尔386、英特尔486、奔腾、P6系列、奔腾4和英特尔Xeon处理器的实地址模式编写的程序。
对于实模式和保护模式,官方手册不如其他资料那么具有总结性。所以可以先看维基百科的Real mode和Protected mode
