flat assembler
Message board for the users of flat assembler.
Index
> OS Construction > Privilege level change in long mode... |
Author |
|
Hayden 12 Apr 2007, 16:04
Is the decriptor in the GDT or the LDT? Could we have a code snipet?
|
|||
12 Apr 2007, 16:04 |
|
Adan 12 Apr 2007, 16:39
Both descriptors are in the GDT, I´m posting from another computer now but I´ll post the code later, I promise.
|
|||
12 Apr 2007, 16:39 |
|
Adan 12 Apr 2007, 18:48
Code: . . . GDT: CREATE_GDT_DESCRIPTOR null, 0, 0, 0, 0, 0, 0 ;; 0x08 CREATE_GDT_DESCRIPTOR kernel_code32, GDT_LIMIT_4GB_015, 0, 0, \ GDT_CODE | GDT_SEG_APP | GDT_DPL0 | GDT_SEG_PRESENT, \ GDT_LIMIT_4GB_1619 | GDT_SEG_32BIT | GDT_LIMIT_IN_PAGES, 0 ;; 0x10 CREATE_GDT_DESCRIPTOR kernel_data32, GDT_LIMIT_4GB_015, 0, 0, \ GDT_DATA | GDT_DAT_READ_WRIT | GDT_SEG_APP | GDT_DPL0 | GDT_SEG_PRESENT, \ GDT_LIMIT_4GB_1619 | GDT_SEG_32BIT | GDT_LIMIT_IN_PAGES, 0 ;; 64bit descriptors. ;;;;;;;;;;;;;;;;;;;;; ;; 0x18 CREATE_GDT_DESCRIPTOR kernel_code64_dpl0, GDT_LIMIT_4GB_015, 0, 0, \ GDT_CODE | GDT_SEG_APP | GDT_DPL0 | GDT_SEG_PRESENT, \ GDT_LIMIT_4GB_1619 | GDT_LONG_MODE | GDT_LIMIT_IN_PAGES, 0 ;; 0x20 CREATE_GDT_DESCRIPTOR kernel_code64_dpl3, GDT_LIMIT_4GB_015, 0, 0, \ GDT_CODE | GDT_SEG_APP | GDT_DPL3 | GDT_SEG_PRESENT, \ GDT_LIMIT_4GB_1619 | GDT_LONG_MODE | GDT_LIMIT_IN_PAGES, 0 GDT_end: . . . bits 64 . . . mov r8, 0x300000 ;; Physical address. mov r9, 0x300000 ;; Virtual address. mov r10, (PAG_PRESENT | PAG_READ_WRIT | PAG_USER | PAG_EXECUTABLE) ;; Attributes. call K_Map_Page_Frame INVALIDATE_TLBS ;; Macro to invalidate TLBs content cause we modified the memory map. mov rsi, some_code mov rdi, 0x300000 mov rcx, some_code_end - some_code rep movsb ;; mov rax, 0x300000 ;; jmp 0x20:rax --> THIS IS NOT ALLOWED BY YASM, I DON´T KNOW EXACTLY WHY... ;; So I try: mov ax, 0x20 push ax push 0x300000 retf ;; But this generates a General Protection Fault with error code 0x20, the selector ;; where I´m trying to jump... some_code: jmp $ some_code_end: Any idea?, Thanks... |
|||
12 Apr 2007, 18:48 |
|
MazeGen 12 Apr 2007, 20:43
BTW, there is no instruction like "jmp 0x20:rax". In 64-bit mode, you can't even use "jmp 0x20:0x0000000000300000". But you can still use something like
Code: jmpf [far_jump_address] far_jump_address: dq 0x0000000000300000 dw 0x20 |
|||
12 Apr 2007, 20:43 |
|
Adan 12 Apr 2007, 21:33
Yeah MazeGen, sorry about the misconception in "jmp 0x20:rax".
btw, ´jmpf´ doesn´t exist in Yasm language but I think it can be replaced by ´jmp far´. Anyway, this doesn´t work either resulting in a GP# with error code 0. I´m starting to believe that there is no way to do a direct intersegment call or jmp at least in long mode, I don´t know if it is posible in protected mode. I´d really appreciate if you can tell me the differences between task switching in protected mode and long mode using a TSS. The AMD64 manual states that in long mode there is no support for Hardware Multitasking, that there is only Software Multitasking, but at least one TSS has to be initialized for the OS task. If there is only one TSS, How do you switch to another task with different privilege level? The long mode TSS is also completely different from the protected mode one. This is not clear to me at all and is driving me crazy I really don´t what to do because THERE IS NO CODE EXAMPLES for this architecture on the net, I´ve searched for hours. |
|||
12 Apr 2007, 21:33 |
|
LocoDelAssembly 12 Apr 2007, 21:50
AMD64 doesn't support 80-bit far jumps/calls http://board.flatassembler.net/topic.php?t=4267
|
|||
12 Apr 2007, 21:50 |
|
Adan 13 Apr 2007, 00:10
Well, I know that now and thanks, but I still don't understand how to switch the procesor into CPL3 in long mode. How do you set up a RING 3 task for execution? Is there any example or some info that could be useful? Sorry for insisting in this too much. Thanks again.
|
|||
13 Apr 2007, 00:10 |
|
Chewy509 13 Apr 2007, 02:52
Adan wrote: Well, I know that now and thanks, but I still don't understand how to switch the procesor into CPL3 in long mode. How do you set up a RING 3 task for execution? Is there any example or some info that could be useful? Sorry for insisting in this too much. Thanks again. iret is your answer... simply push ss, rsp, cs, rip and eflags onto the stack and issue an iret. It'll perform all the privilege level changes and load at the correct stack for you at the same time... PS. There is no difference between 32bit and 64bit modes if utilising a pure flat memory model... |
|||
13 Apr 2007, 02:52 |
|
MazeGen 13 Apr 2007, 06:16
LocoDelAssembly wrote: AMD64 doesn't support 80-bit far jumps/calls http://board.flatassembler.net/topic.php?t=4267 Many thanks, I overlooked this fact! |
|||
13 Apr 2007, 06:16 |
|
Adan 13 Apr 2007, 18:20
No, I´m sorry but the IRET thingy didn´t work (or I´m doing something wrong). But what I´m looking for in fact is how to do a control transfer through a TSS DESCRIPTOR. I´ve seen a protected mode example in which you have one TSS and one TSS DESCRIPTOR for each task. But, I´ve read somewhere too that you can perform multitasking in PM with ONLY ONE TSS. How do you acomplish that? Is there in fact MULTIPLE TSS but ONLY ONE TSS DESCRIPTOR and the descriptor base address is patched with every task switch? Where do you save the state of the more than one tasks suspended if you have only one TSS as I´ve read?
Is this applicable to the x86-64 where hardware multitasking doesn´t exist? All this is really confusing to me. What about SYSCALL/SYSRET interface and STAR, LSTAR and SFMASK? Is it posible to use SYSRET to jump "out of the kernel" (I mean, from CPL0 to CPL3) for the first time? Could anybody help me with this? Returning to the IRET method, Chewy509, I really thank you for sharing it, but could you give me some example with real values? Just to know if I´m doing things correctly. Sorry but I´m not completely sure that this method can be used in long mode. Thank you all people for your attention. |
|||
13 Apr 2007, 18:20 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.