Presentation is loading. Please wait.

Presentation is loading. Please wait.

The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode."— Presentation transcript:

1 The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode

2 Impact of IOPL in VM86 mode In virtual-8086 mode, if IOPL<3, then any instructions which could alter the IF-bit in the FLAGS register (Interrupt Flag) cause a General Protection fault (Exception 0xD) This lets the Virtual-8086 Monitor control the actual effect on the CPU Interrupt-Flag The Monitor can ignore the instruction (by just skipping past it) or it can perform the operation on behalf of the VM86 program

3 The six i/o-sensitive opcodes CLI (Clear Interrupt flag) STI (Set Interrupt flag) PUSHF (Push Flags register to stack) POPF (Pop stack to Flags register) IRET (Return from Interrupt) INT-n (Software Interrupt) The 32-bit versions of these instructions are also i/o-sensitive (e.g., PUSHFD / POPFD / IRETD )

4 Role of the VM86 Monitor The GP-fault handler may need to emulate the actions of the CPU when i/o-sensitive instructions trigger faults in VM86 mode CLI and STI are simplest to emulate: all the Monitor needs to do is set or clear the IF-bit (bit #9) in the image of the EFLAGS register that the CPU saved on its ring-0 stack, and increment the image of IP by 1

5 Emulating ‘pushf’ To emulate ‘pushf’ the cpu subtracts 2 from the SP-register’s image (to make room for a new word of its ring-3 stack), copies the saved FLAGS-register image from the ring-0 stack to this new word on its ring-3 stack, then add 1 to the IP image to skip past the ‘pushf’ opcode byte

6 Emulating ‘popf’ To emulate ‘popf’ the cpu copies the top word from its ring-3 stack to the lower half of the saved EFLAGS register-image on its ring-0 stack, adds 2 to the SP-register’s image (to discard the copied word), then adds 1 to the IP image (to skip past ‘popf’)

7 Emulating ‘iret’ To emulate ‘iret’ the cpu copies the three topmost words from its ring-3 stack onto the lower halves of the three doublewords on its ring-0 stack which hold the images of the EIP, CS, and EFLAGS registers, adds 6 to the saved SP-register image (to discard the three words just copied)

8 Emulating ‘int-n’ Emulating ‘int-n’ is the most complex of the i/o-sensitive instruction-emulations We discussed the steps involved during our preceeding lecture (we conducted an in-class exercise that implemented them) Our next slide briefly review those steps

9 Steps for ‘int-n’ emulation Add 2 to the IP register-image (to skip past int-n) Decrement the SP register-image by 6 (to make room for 3 new words on the ring-3 stack), and the copy saved IF, CS, and FLAGS register- images from the ring-0 stack to these new ring-3 stack locations Use the interrupt ID-number (the second byte of ‘int-n’ instruction) to find the IVT entry, and copy its two words to the ring-0 stack locations for IP and CS, respectively Clear bits #8 and #9 of the EFLAGS image

10 Demo: ‘emulate.s’ We have created a demo-program which incorporates these six emulations that we just discussed: CLI / STI, PUSHF / POPF, and IRET / INT-n. But real-mode code for Pentium CPUs can also include 32-bit i/o-sensitive instructions (e.g., PUSHFD / POPFD, and IRETD) These all have the operand-size prefix 0x66 in front of their one-byte opcodes

11 In-class exercise #1 Add emulations for these three additional i/o-sensitive instructions: PUSHFD (0x66, 0x9C) POPFD (0x66, 0x9D) IRETD (0x66, 0xCF) You will need to include some code in your VM86 procedure to ‘test’ your emulations

12 In-class exercise #2 Our emulation for ‘sti’ actually enables the receipt of device interrupts by the CPU But we don’t provide interrupt-handlers! This could easily cause a program crash A ‘solution’ would be to ‘reflect’ any such interrupts to the real-mode ROM-BIOS interrupt-handlers (similar to emulating software interrupts) So add this capability to your ‘emulate.s’

Download ppt "The i/o-sensitive instructions An introduction to the software emulation of i/o-sensitive instructions in Virtual-8086 mode."

Similar presentations

INSTRUCTION SET ARCHITECTURES

INSTRUCTION SET ARCHITECTURES
The Microprocessor and its Architecture

The Microprocessor and its Architecture
Unit 4 Chapter-1 Multitasking. The Task State Segment.

Unit 4 Chapter-1 Multitasking. The Task State Segment.
Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.

Microprocessors system architectures – IA32 real and virtual-8086 mode Jakub Yaghob.
Facilities for x86 debugging

Facilities for x86 debugging
Introduction to 8086 emulation Using ‘Virtual-8086’ mode to execute real-mode procedures in a protected-mode environment.

Introduction to 8086 emulation Using ‘Virtual-8086’ mode to execute real-mode procedures in a protected-mode environment.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
TK 2633 Microprocessor & Interfacing

TK 2633 Microprocessor & Interfacing
8086 emulation Using Virtual-8086 mode to execute real-mode procedures in a protected-mode environment.

8086 emulation Using Virtual-8086 mode to execute real-mode procedures in a protected-mode environment.
Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?

Exceptions and Interrupts How does Linux handle service- requests from the cpu and from the peripheral devices?
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Deferred segment-loading An exercise on implementing the concept of ‘load-on-demand’ for the program-segments in an ELF executable file.

Deferred segment-loading An exercise on implementing the concept of ‘load-on-demand’ for the program-segments in an ELF executable file.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
Using VM controls Examples of ‘event-injection’ by our ‘host’ VMM into its ‘guest’ VM.

Using VM controls Examples of ‘event-injection’ by our ‘host’ VMM into its ‘guest’ VM.
PC hardware and x86 3/3/08 Frans Kaashoek MIT

PC hardware and x86 3/3/08 Frans Kaashoek MIT
Prelude to Multiprocessing Detecting cpu and system-board capabilities with CPUID and the MP Configuration Table.

Prelude to Multiprocessing Detecting cpu and system-board capabilities with CPUID and the MP Configuration Table.
Facilities for x86 debugging Introduction to Pentium features that can assist programmers in their debugging of software.

Facilities for x86 debugging Introduction to Pentium features that can assist programmers in their debugging of software.
Room: E-3-31 Phone: 03-8921 6726 Dr Masri Ayob TK 2633 Microprocessor & Interfacing Lecture 1: Introduction to 8085 Assembly Language.

Room: E-3-31 Phone: Dr Masri Ayob TK 2633 Microprocessor & Interfacing Lecture 1: Introduction to 8085 Assembly Language.
Introduction to Interrupts How we can intervene in the CPU’s interrupt-handling mechanism (in real-mode)

Introduction to Interrupts How we can intervene in the CPU’s interrupt-handling mechanism (in real-mode)

Similar presentations

Ads by Google