在访问中断门描述符之前,用户如何切换到内核模式?
How does the user to kernel mode switch occur before the Interrupt Gate descriptor is accessed?
我目前正在阅读“了解 Linux 内核”。我正在学习中断和异常章节。
我发现在设置IDT时我们可以使用Linux术语中的五种门描述符
- 任务门(DPL:0)
- 中断门(DPL:0)
- 陷阱门(DPL:0)
- 系统中断门(DPL:3)
- 系统门(DPL:3)
现在我意识到可以从用户模式访问具有 DPL 3 的那些。
但是那些 DPL 0 的呢?特别是中断门。
如果 I/O APIC 中断发生在用户模式下,它将无法访问中断门。
所以我的问题是,在访问中断门之前,用户模式到内核模式的切换是如何发生的?
当硬件中断发生时,可以忽略当前执行代码的特权级; CPU 可以简单地切换到中断的特权级别而不检查它。
Intel 64 and IA-32 Architectures Software Developer’s Manual 第 3A 卷:系统编程指南,第 1 部分在第 6.12.1.1 节中说:
Protection of Exception- and Interrupt-Handler Procedures
The privilege-level protection for exception- and interrupt-handler procedures is similar to that used for ordinary
procedure calls when called through a call gate (see Section 5.8.4, “Accessing a Code Segment Through a Call
Gate”). The processor does not permit transfer of execution to an exception- or interrupt-handler procedure in a
less privileged code segment (numerically greater privilege level) than the CPL.
An attempt to violate this rule results in a general-protection exception (#GP). The protection mechanism for
exception- and interrupt-handler procedures is different in the following ways:
- Because interrupt and exception vectors have no RPL, the RPL is not checked on implicit calls to exception and
interrupt handlers.
- The processor checks the DPL of the interrupt or trap gate only if an exception or interrupt is generated with an
INT n, INT 3, or INTO instruction. Here, the CPL must be less than or equal to the DPL of the gate. This
restriction prevents application programs or procedures running at privilege level 3 from using a software
interrupt to access critical exception handlers, such as the page-fault handler, providing that those handlers are
placed in more privileged code segments (numerically lower privilege level). For hardware-generated
interrupts and processor-detected exceptions, the processor ignores the DPL of interrupt and trap gates.
Because exceptions and interrupts generally do not occur at predictable times, these privilege rules effectively
impose restrictions on the privilege levels at which exception and interrupt- handling procedures can run. Either of
the following techniques can be used to avoid privilege-level violations.
- The exception or interrupt handler can be placed in a conforming code segment. This technique can be used for
handlers that only need to access data available on the stack (for example, divide error exceptions). If the
handler needs data from a data segment, the data segment needs to be accessible from privilege level 3, which
would make it unprotected.
- The handler can be placed in a nonconforming code segment with privilege level 0. This handler would always
run, regardless of the CPL that the interrupted program or task is running at.
我目前正在阅读“了解 Linux 内核”。我正在学习中断和异常章节。
我发现在设置IDT时我们可以使用Linux术语中的五种门描述符
- 任务门(DPL:0)
- 中断门(DPL:0)
- 陷阱门(DPL:0)
- 系统中断门(DPL:3)
- 系统门(DPL:3)
现在我意识到可以从用户模式访问具有 DPL 3 的那些。 但是那些 DPL 0 的呢?特别是中断门。
如果 I/O APIC 中断发生在用户模式下,它将无法访问中断门。
所以我的问题是,在访问中断门之前,用户模式到内核模式的切换是如何发生的?
当硬件中断发生时,可以忽略当前执行代码的特权级; CPU 可以简单地切换到中断的特权级别而不检查它。
Intel 64 and IA-32 Architectures Software Developer’s Manual 第 3A 卷:系统编程指南,第 1 部分在第 6.12.1.1 节中说:
Protection of Exception- and Interrupt-Handler Procedures
The privilege-level protection for exception- and interrupt-handler procedures is similar to that used for ordinary procedure calls when called through a call gate (see Section 5.8.4, “Accessing a Code Segment Through a Call Gate”). The processor does not permit transfer of execution to an exception- or interrupt-handler procedure in a less privileged code segment (numerically greater privilege level) than the CPL.
An attempt to violate this rule results in a general-protection exception (#GP). The protection mechanism for exception- and interrupt-handler procedures is different in the following ways:
- Because interrupt and exception vectors have no RPL, the RPL is not checked on implicit calls to exception and interrupt handlers.
- The processor checks the DPL of the interrupt or trap gate only if an exception or interrupt is generated with an INT n, INT 3, or INTO instruction. Here, the CPL must be less than or equal to the DPL of the gate. This restriction prevents application programs or procedures running at privilege level 3 from using a software interrupt to access critical exception handlers, such as the page-fault handler, providing that those handlers are placed in more privileged code segments (numerically lower privilege level). For hardware-generated interrupts and processor-detected exceptions, the processor ignores the DPL of interrupt and trap gates.
Because exceptions and interrupts generally do not occur at predictable times, these privilege rules effectively impose restrictions on the privilege levels at which exception and interrupt- handling procedures can run. Either of the following techniques can be used to avoid privilege-level violations.
- The exception or interrupt handler can be placed in a conforming code segment. This technique can be used for handlers that only need to access data available on the stack (for example, divide error exceptions). If the handler needs data from a data segment, the data segment needs to be accessible from privilege level 3, which would make it unprotected.
- The handler can be placed in a nonconforming code segment with privilege level 0. This handler would always run, regardless of the CPL that the interrupted program or task is running at.