flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > OS Construction > switching to ring3

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
a115433



Joined: 05 Mar 2010
Posts: 144
a115433 05 Mar 2010, 19:19
according to 5.8.4 - it cant.
Instruction Privilege Check Rules
CALL CPL ≤ call gate DPL; RPL ≤ call gate DPL
Destination conforming code segment DPL ≤ CPL
Destination nonconforming code segment DPL ≤ CPL
JMP CPL ≤ call gate DPL; RPL ≤ call gate DPL
Destination conforming code segment DPL ≤ CPL
Destination nonconforming code segment DPL = CPL

as you can see, dpl must be <= cpl, that means less or equally privileged.

bochs agree with it.
check this code
it contain crap data because i experiment, but just compile it:

Code:
use16
org 0x7C00

lgdt fword [gdt]
lidt fword [idt]





mov eax,cr0
inc al
mov cr0,eax
jmp 0x0008:start



use32
start:



mov eax,TSS_DATA
mov word [TSS],104
mov word [TSS+2],ax
ror eax,16
mov byte [TSS+4],al
mov byte [TSS+7],ah
ror eax,16

mov dword [eax+4],stack0
mov word [eax+8],0x0010




mov eax,codew

mov word [CG],ax
shr eax,16
mov word [CG+6],ax


jmp 0x30:0 ;jmp to call gate




cli
hlt


push 0x23
push stack3
pushfd
push 0x1b
push rett
iret

rett:





call 0x30:0



cli
hlt






codew:
mov ax,0x23
mov ds,ax
mov word [ds:0x000b8000],0x0F40
cli
hlt

iret





idt:
dw 100
dd idttable
idttable:
ido1 dw 0
dw 0x0008
db 0
db 10001110b
ido2 dw 0





gdt:
dw 79
dd gdttable
gdttable:
dq 0 ;0
execute db 0xFF, 0xFF, 0x00, 0x00, 0x00, 10011000b, 11001111b, 0x00 ;8
read_write db 0xFF, 0xFF, 0x00, 0x00, 0x00, 10010010b, 11001111b, 0x00 ;10
ring3_execute db 0xFF, 0xFF, 0x00, 0x00, 0x00, 11111000b, 11001111b, 0x00 ;18
ring3_read_write db 0xFF, 0xFF, 0x00, 0x00, 0x00, 11110010b, 11001111b, 0x00 ;20
TSS db 0x00, 0x00, 0x00, 0x00, 0x00, 11101001b, 10000000b, 0x00 ;28
CG db 0,0,0x1b,0,0,11101100b,0,0 ;30, present, DPL = 3, non-system, 32b call gate
db 0xFF, 0xFF, 0x00, 0x00, 0x00, 10011000b, 11001111b, 0x00 ;38
IG db 0,0,0x28,0,0,11100101b,0,0 ;40


TSS_DATA:
rd 26

rd 10
stack0:

rd 10
stack3:

db 510 - ($ - $$) dup 0, 0x55, 0xAA


bochs output:
00012943095i[CPU0 ] 0x0000000000007c5f>> jmp far 0030:00000000 :
[CPU0 ] check_cs(0x001b): non-conforming code seg descriptor dpl != cpl, dpl=3,
cpl=0


btw: what is interrupt/trap gate in GDT?
bochs tell me its not supported, but i keep wondering.
my best guess it works like interrupt/trap gate, but via jmp/call.
cs, eip, and flags are pushed, stack optionally. trap dont clear IF.
call gate - flags are not pushed.
Post 05 Mar 2010, 19:19
View user's profile Send private message Reply with quote
a115433



Joined: 05 Mar 2010
Posts: 144
a115433 05 Mar 2010, 19:22
also note, its not a bug in my code.
change 0x18's DPL to 0, and it will run.
Post 05 Mar 2010, 19:22
View user's profile Send private message Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji 05 Mar 2010, 22:13

I just checked the intel doc (3A/5.8.4)
Indeed, it cant, only less or equal.
Confused

_________________
I am not young enough to know everything (Oscar Wilde)- Image
Post 05 Mar 2010, 22:13
View user's profile Send private message Send e-mail Reply with quote
frednora



Joined: 09 Dec 2018
Posts: 3
frednora 01 Apr 2019, 21:19
You guys need to include EFLAGS on stack .... EIP CS EFLAGS ESP SS ... but you need to use iret Smile
Post 01 Apr 2019, 21:19
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.