العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolPROTECTED MODE
In computing, 'protected mode', also called 'protected virtual address mode',[1] is an operational mode of x86-compatible central processing units (CPU). It was first added to the x86 architecture in 1982,[2] with the release of Intel's 80286 (286) processor and later extended with the release of the 80386 (386) in 1985.[3] Protected mode allows system software to utilize features such as multi-tasking, paging, and other features designed to increase an operating system's control over application software.[4][5]
When a processor that supports x86 protected mode is powered on, it begins executing instructions in real mode, in order to maintain backwards compatibility with earlier x86 processors.[6] Protected mode may only be entered after the system software sets up several descriptor tables and enables the Protection Enable (PE) bit in the Control Register 0 (CR0).[7]
Due to the enhancements added by protected mode, it has become widely adopted and has become the foundation for all subsequent enhancements onto the x86 architecture.[8]
History
The 8086, the predecessor to the 286, was originally designed with a 20-bit memory address bus.[9] This allowed the processor to access 220 bytes of memory, equivalent to 1 megabyte.9At the time, 1 megabyte was considered a relatively large amount of memory,[10] so the designers of the IBM Personal Computer reserved the first 640 kilobytes for application and the operating system usage and the remaining 384 kilobytes were reserved for the Basic Input/Output System (BIOS) and memory for add-on devices.[11]
As time progressed, the cost of memory continuously decreased and utilization increased. The 1 MB limitation eventually became a significant problem. Intel intended to solve this limitation along with others with the release of the 286.11
The 286
An Intel 80286 microprocessor
The initial protected mode, released with the 286, was not widely used. Several shortcomings such as the inability to access the BIOS and the inability to switch back to real mode without reseting the processor prevented widespread usage.[12] This was hampered by the fact that the 286 only allowed memory access in 16 bit segments, meaning only 216 bytes, equivalent to 64 kilobytes, could be accessed at a time.
The 286 maintained backwards compatibility with the previous 8086 by initially entering real mode on power up.6 Real mode functions identically to the 8086 and allowed older software to run unmodified on the newer 286. To access the extended functionality of the 286, the operating system would set the processor into protected mode. This enabled 24 bit addressing which allowed the processor to access 224 bytes of memory, equivalent to 16 megabytes.
The 386
.png)
An Intel 80386 microprocessor
With the release of the 386 in 1985,3 many of the issues preventing widespread adoption of the previous protected mode were addressed.11
The 386 was released with an address bus size of 32 bits, which allows for 232 bytes of memory accessing, equivalent to 4 gigabytes.[13] The segment sizes were also increased to 32 bits, meaning that the full address space of 4 gigabytes could be accessed without the need to switch between multiple segments.13 In addition to the increased size of the address bus and segment registers, many other new features were added with the intention of increasing operational security and stability.[14]
Protected mode is now utilized in virtually all modern operating systems which run on the x86 architecture, such as Microsoft Windows, Linux, and many others.[15]
386 additions to protected mode
With the release of the 386, the following additional features were added to protected mode:4
★ Paging
★ 32-bit physical and virtual address space
★
★ 32-bit segment offsets
★ Ability to switch back to real mode
★ Virtual 8086 mode
★
Entering and exiting protected mode
Until the release of the 386, protected mode did not offer a direct method to switch back into real mode once protected mode was entered. IBM created a workaround which involved resetting the CPU and saving the system registers, stack pointer and often times the interrupt mask in the Programmable Interrupt Controller (PIC). This allowed the BIOS to restore the CPU to a similar state and begin executing code before the reset.
To enter protected mode, the Global Descriptor Table (GDT) must first be created with a minimum of three entries: a null descriptor, a code segment descriptor and data segment descriptor. The 20th address line (A20 line) also must be enabled to allow access to the rest of the electric address lines so that the CPU can access beyond 1 megabyte of memory. After performing those two steps, and optionally performing the steps required to switch back to real mode if using the 286, the PE bit must be set in the CR0 register and a far jump must be made to clear the prefetch input queue.
; set PE bit
mov eax, cr0
or eax, 1
mov cr0, eax
; far jump (cs = selector of code segment)
jmp cs:@pm
@pm:
; Now we are in PM.
With the release of the 386, protected mode could be exited by loading the segment registers with real mode values, disabling the A20 line and clearing the PE bit in the CR0 register, without the need to perform the initial setup steps required with the 286.
Features
Protected mode has a number of new features designed to enhance an operating system's control over application software, in order to increase security and system stability.5 These additions allow the operating system to function in a way that would be otherwise significantly more difficult or even impossible without proper hardware support.[17]
Privilege levels
Example of privilege ring usage in a typical operating system.
In protected mode, there are four privilege levels or rings, numbered from 0 to 3, with ring 0 being the most privileged and 3 being the least. The use of rings allows for system software to restrict tasks from accessing data, call gates or executing privileged instructions.[18]
In most environments, the operating system and some device drivers run in ring 0 and applications run in ring 3.
Real mode application compatibility
According to the ''Intel 80286 Programmer's Reference Manual'',
[19]
For the most part, the binary compatibility with real-mode code, the ability to access up to 16 MB of physical memory, and 1 GB of virtual memory, were the most apparent changes to application programmers.[19] This was although not without limitations, if an application utilized or relied on any of the below functions it wouldn't run:[21]
★ Segment arithmetic
★ Privileged instructions
★ Direct hardware access
★ Writing to a code segment
★ Executing data
★ Overlapping segments
★ Use of BIOS functions, due to the BIOS interrupts being reserved by Intel[22]
In reality, almost all DOS application programs violated these rules.[23] Due to these limitations, virtual 8086 mode was created and released with the 386. Despite such potential setbacks, Windows 3.x could take advantage of the binary compatibility with real mode to run many Windows 2.x applications, which ran in real mode in Windows 2.x, in protected mode.[24]
Virtual 8086 mode
With the release of the 386, protected mode offers what the Intel manuals call 'virtual 8086 mode'. Virtual 8086 mode is designed to allow code previously written for the 8086, to run unmodified and concurrently with other tasks, without compromising security or system stability.[25] Virtual 8086 mode although is not completely backwards compatible with all programs. Programs that require segment manipulation, privileged instructions, direct hardware access, or use self-modifying code, will generate an exception and not be executable.[26] In addition, applications running in virtual 8086 mode generate a trap with the use of instructions that involve Input/output (I/O), which can negatively impact performance.[27]
Due to these limitations, many programs originally designed to run on the 8086 can not be run in virtual 8086 mode. As a result, system software is forced to either compromise system security or backwards compatibility when dealing with legacy software. An example of such a compromise can be seen with the release of Windows NT, which dropped backwards compatibility for many DOS applications.[28]
Paging
Common method of using paging to create a virtual address space.
In addition to adding virtual 8086 mode, the 386 also added 'paging' to protected mode.[29] Through paging, system software can restrict and control a task's access to pages, which are sections of memory. In many operating systems, paging is used to create an independent virtual address space for each task. This prevents one task from manipulating the memory of another. Paging also allows for pages to be moved out of primary storage and onto a slower and larger secondary storage, such as a hard disk.[30] This allows for more memory to be used than physically available in primary storage.30 The x86 architecture allows control of pages through two arrays: page directories and page tables.
Originally, a page directory was the size of one page, 4 kilobytes, and contained 1,024 page directory entries (PDE), although subsequent enhancements to the x86 architecture have added the ability to use larger page sizes. Each PDE contained a pointer to a page table. A page table was also originally 4 kilobytes in size and contained 1,024 page table entries (PTE). Each PTE contained a pointer to the actual page's physical address and are only used when 4 kilobyte pages are used. At any given time, only one page directory may be in active use.[31]
Multitasking
Through the use of the rings, privileged call gates, and the Task State Segment (TSS), introduced with the 386, preemptive multitasking was made possible on the x86 architecture. The TSS allows general-purpose registers, segment selector fields, and stacks to all be modified without affecting those of another task. The TSS also allows a task's privilege level, and I/O port permissions to be independent of another task's.
In many operating systems, the full features of the TSS are not used.[32] This is commonly due to portability concerns or due to the performance issues created with hardware task switches.32 As a result many operating systems use both hardware and software to create a multitasking system.[33]
See also
★ Assembly language
★ Intel
★ Ring (computer security)
★ x86
★ x86 assembly language
External links
★ Protected Mode Basics
★ Introduction to Protected-Mode
★ Overview of the Protected Mode Operations of the Intel Architecture
★ Intel® 64 and IA-32 Architectures Software Developer's Manuals
References
1.
Memory access control method and system for realizing the same - US Patent 5483646
2.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
3.
Intel Global Citizenship Report 2003
4.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
5.
Guide: What does protected mode mean?
6.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
7.
Protected Mode Basics
8.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
9.
A+ - Hardware - PC Microprocessor Developments and Features Tutorials
10.
A CPU History
11.
Introduction to Protected-Mode
12.
Upgrading and Repairing PCs, 17th Edition, , Scott, Mueller, Que, 2006,
13.
Intel 80386 Programmer's Reference Manual 1986, , , , Intel, 1986,
14.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
15.
Write Great Code, , Randall, Hyde, O'Reilly, ,
16.
Intel 80386 processor family
17.
Intel 80386 Programmer's Reference Manual 1986, , , , Intel, 1986,
18. Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
19.
Intel 80286 Programmer's Reference Manual 1987, , , , Intel, 1987,
20.
Intel 80286 Programmer's Reference Manual 1987, , , , Intel, 1987,
21.
Intel 80286 Programmer's Reference Manual 1987, , , , Intel, 1987,
22.
Memory access control method and system for realizing the same - US Patent 5483646
23.
Virtual 8086 Mode
24.
Virtual 8086 Mode
25.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
26.
Intel 64 and IA-32 Architectures Software Developer's Manual, , , , Intel, ,
27.
Virtual 8086 Mode
28.
Undocumented Windows NT, , Prasad, Dabak, Hungry Minds, 1999,
29.
ProtectedMode overview [deinmeister.de]
30.
What Is PAE X86?
31.
Advanced Embedded x86 Programming: Paging
32.
NewOrer - news: Multitasking for x86 explained #1
33.
NewOrer - news: Multitasking for x86 explained #1
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
