search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* better
[mascara-docs.git] / hw / i386.reference / s08_03.htm
blob0ceea87ce27c9bb89e051565ca667bbb86fc0ef8
1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2 <HTML>
3 <HEAD>
4 <TITLE>80386 Programmer's Reference Manual -- Section 8.3</TITLE>
5 </HEAD>
6 <BODY>
7 <B>up:</B> <A HREF="c08.htm">
8 Chapter 8 -- Input/Output</A><BR>
9 <B>prev:</B> <A HREF="s08_02.htm">8.2 I/O Instructions</A><BR>
10 <B>next:</B> <A HREF="c09.htm">Chapter 9 -- Exceptions and Interrupts</A>
11 <P>
12 <HR>
13 <P>
14 <H1>8.3 Protection and I/O</H1>
15 Two mechanisms provide protection for I/O functions:
16 <OL>
17 <LI> The IOPL field in the EFLAGS register defines the right to use
18 I/O-related instructions.
19 <LI> The I/O permission bit map of a 80386 TSS segment defines the right
20 to use ports in the I/O address space.
21 </OL>
22 These mechanisms operate only in protected mode, including virtual 8086
23 mode; they do not operate in real mode. In real mode, there is no protection
24 of the I/O space; any procedure can execute I/O instructions, and any I/O
25 port can be addressed by the I/O instructions.
26
27 <H2>8.3.1 I/O Privilege Level</H2>
28 Instructions that deal with I/O need to be restricted but also need to be
29 executed by procedures executing at privilege levels other than zero. For
30 this reason, the processor uses two bits of the flags register to store the
31 I/O privilege level (IOPL). The IOPL defines the privilege level
32 needed to execute I/O-related instructions.
33 <P>
34 The following instructions can be executed only if CPL <= IOPL:
35 <UL>
36 <LI> <A HREF="IN.htm">IN</A> -- Input
37 <LI> <A HREF="INS.htm">INS</A> -- Input String
38 <LI> <A HREF="OUT.htm">OUT</A> -- Output
39 <LI> <A HREF="OUTS.htm">OUTS</A> -- Output String
40 <LI> <A HREF="CLI.htm">CLI</A> -- Clear Interrupt-Enable Flag
41 <LI> <A HREF="STI.htm">STI</A> -- Set Interrupt-Enable
42 </UL>
43 These instructions are called "sensitive" instructions, because they are
44 sensitive to IOPL.
45 <P>
46 To use sensitive instructions, a procedure must execute at a privilege
47 level at least as privileged as that specified by the IOPL (CPL <= IOPL). Any
48 attempt by a less privileged procedure to use a sensitive instruction
49 results in a general protection exception.
50 <P>
51 Because each task has its own unique copy of the flags register, each task
52 can have a different IOPL. A task whose primary function is to perform I/O
53 (a device driver) can benefit from having an IOPL of three, thereby
54 permitting all procedures of the task to perform I/O. Other tasks typically
55 have IOPL set to zero or one, reserving the right to perform I/O
56 instructions for the most privileged procedures.
57 <P>
58 A task can change IOPL only with the
59 <A HREF="POPF.htm">POPF</A> instruction; however, such
60 changes are privileged. No procedure may alter IOPL (the I/O privilege level
61 in the flag register) unless the procedure is executing at privilege level
62 0. An attempt by a less privileged procedure to alter IOPL does not result
63 in an exception; IOPL simply remains unaltered.
64 <P>
65 The <A HREF="POPF.htm">POPF</A> instruction may be used in addition to
66 <A HREF="CLI.htm">CLI</A> and <A HREF="STI.htm">STI</A> to alter the
67 interrupt-enable flag (IF); however, changes to IF by
68 <A HREF="POPF.htm">POPF</A> are
69 IOPL-sensitive. A procedure may alter IF with a
70 <A HREF="POPF.htm">POPF</A> instruction only when
71 executing at a level that is at least as privileged as IOPL. An attempt by a
72 less privileged procedure to alter IF in this manner does not result in an
73 exception; IF simply remains unaltered.
74
75 <H2>8.3.2 I/O Permission Bit Map</H2>
76 The I/O instructions that directly refer to addresses in the processor's
77 I/O space are
78 <A HREF="IN.htm">IN</A>,
79 <A HREF="INS.htm">INS</A>,
80 <A HREF="OUT.htm">OUT</A>,
81 <A HREF="OUTS.htm">OUTS</A>. The 80386 has the ability to selectively
82 trap references to specific I/O addresses. The structure that enables
83 selective trapping is the I/O Permission Bit Map in the TSS segment (see
84 <A HREF="#fig8-2">Figure 8-2</A>).
85 The I/O permission map is a bit vector. The size of the map
86 and its location in the TSS segment are variable. The processor locates the
87 I/O permission map by means of the I/O map base field in the fixed portion
88 of the TSS. The I/O map base field is 16 bits wide and contains the offset
89 of the beginning of the I/O permission map. The upper limit of the I/O
90 permission map is the same as the limit of the TSS segment.
91 <P>
92 In protected mode, when it encounters an I/O instruction
93 (<A HREF="IN.htm">IN</A>,
94 <A HREF="INS.htm">INS</A>,
95 <A HREF="OUT.htm">OUT</A>, or
96 <A HREF="OUTS.htm">OUTS</A>), the processor first checks whether CPL <= IOPL.
97 If this condition is
98 true, the I/O operation may proceed. If not true, the processor checks the
99 I/O permission map. (In virtual 8086 mode, the processor consults the map
100 without regard for IOPL . Refer to
101 <A HREF="c15.htm">Chapter 15</A>.)
102 <P>
103 Each bit in the map corresponds to an I/O port byte address; for example,
104 the bit for port 41 is found at I/O map base + 5, bit offset 1. The
105 processor tests all the bits that correspond to the I/O addresses spanned by
106 an I/O operation; for example, a doubleword operation tests four bits
107 corresponding to four adjacent byte addresses. If any tested bit is set,
108 the processor signals a general protection exception. If all the tested bits
109 are zero, the I/O operation may proceed.
110 <P>
111 It is not necessary for the I/O permission map to represent all the I/O
112 addresses. I/O addresses not spanned by the map are treated as if they had
113 one bits in the map. For example, if TSS limit is equal to I/O map base +
114 31, the first 256 I/O ports are mapped; I/O operations on any port greater
115 than 255 cause an exception.
116 <P>
117 If I/O map base is greater than or equal to TSS limit, the TSS segment has
118 no I/O permission map, and all I/O instructions in the 80386 program cause
119 exceptions when CPL > IOPL.
120 <P>
121 Because the I/O permission map is in the TSS segment, different tasks can
122 have different maps. Thus, the operating system can allocate ports to a task
123 by changing the I/O permission map in the task's TSS.
124 <P>
125 <A NAME="fig8-2">
126 <IMG align=center SRC="fig8-2.gif" border=0>
127 <P>
128 <HR>
129 <P>
130 <B>up:</B> <A HREF="c08.htm">
131 Chapter 8 -- Input/Output</A><BR>
132 <B>prev:</B> <A HREF="s08_02.htm">8.2 I/O Instructions</A><BR>
133 <B>next:</B> <A HREF="c09.htm">Chapter 9 -- Exceptions and Interrupts</A>
134 </BODY>