Summary of questions from x86 assembly language from real mode to protected mode

In the x86 assembly language from real mode to protected mode, why is the length of the segment in 14.4.6 0xffffe.
The length of the segment is 4K, the initial value of ESP is 0000 0000, 0xFFFFFFFF-0xFFFFEFFF = 4KB
The actual segment boundary used is 0xFFFFE * 0x1000+0xFFF=0xFFFFEFFF
to get 0xFFFFE

   ; create 0 privilege level stack
         mov ecx,4096
         mov eax,ecx ; Generate stack high-end address to prepare
         mov [es:esi+0x1a],ecx
         shr dword [es:esi+0x1a],12 ;register 0 privilege level stack size to TCB
         call sys_routine_seg_sel:allocate_memory
         add eax,ecx ;stack must use high-end address For the base address
         mov [es:esi+0x1e],eax ;Register 0 privilege level stack base address to TCB
        mov ebx,0xffffe ;Segment length (boundary)
         mov ecx,0x00c09600 ;4KB granularity, read and write, privilege level 0
         call sys_routine_seg_sel:make_seg_descriptor
         mov ebx,esi ;Base address of TCB
         call fill_descriptor_in_ldt
         ;or cx,0000_0000_0000_0000 ;Set the privilege level of selector to 0
         mov [es:esi+0x22],cx ;Register 0 privilege level stack selector to TCB
         mov dword [es:esi+0x24],0 ; register 0 privilege level stack initial ESP to TCB

---------------
iret/iretd how to automatically switch to the program manager task ? What is the processing logic in the middle. . Is this process a processor curing process? ---- Find the TSS pointer of the previous task at the head of the current TSS (ie the program manager task) to update the relevant register data to switch the past. There is only one sentence in the

book , in the middle of 295, "Line 374, by The iretd command switches to the previous task"

This should be a problem with my statement. . . My current understanding: check the NT bit, if it is 1, find the TSS pointer of the previous task in the head of the current TSS (ie the program manager task) update the relevant register data and switch the past

NT to 1, indicating that it is nested When the task is returned, the link field in the current TSS saves the selector of the TSS of the previous task, and the selector is taken out, and the task is switched to complete the return.

If NT is 0, it means that the current task returns, the return pointer EIP and CS are popped from the stack, and then the EFLAG value is popped. Pop up the RPL in CS to determine the privilege level after returning. Next is similar to RET.

In Protected Mode, the action of the IRET instruction depends on the settings of the NT (nested task) and VM flags in the EFLAGS register and the VM flag in the EFLAGS image stored on the current stack. Depending on the setting of these flags, The processor performs the following types of interrupt returns:
• Return from virtual-8086 mode.
• Return to virtual-8086 mode.
• Intra-privilege level return.
• Inter-privilege level return.
• Return from nested task (task switch).

If the NT flag (EFLAGS register) is cleared, the IRET instruction performs a far return from the interrupt procedure, without a task switch. The code segment being returned to must be equally or less privileged than the interrupt handler routine (as indicated by the RPL field of the code segment selector popped from the stack).
As with a real-address mode interrupt return, the IRET instruction pops the return instruction pointer, return code segment selector, and EFLAGS image from the stack to the EIP, CS, and EFLAGS registers, respectively, and then resumes execution of the interrupted program or procedure. If the return is to another privilege level, the IRET instruction also pops the stack pointer and SS from the stack, before resuming  program execution. If the return is to virtual-8086 mode, the processor also pops the
data segment registers from the stack.
If the NT flag is set, the IRET instruction performs a task switch (return) from a nested task (a task called with a CALL instruction, an interrupt, or an exception) back to the calling or interrupted task. The updated state of the task executing the IRET
instruction is saved in its TSS. If the task is re-entered later, the code that follows the IRET instruction is executed.
If the NT flag is set and the processor is in IA-32e mode, the IRET instruction causes a general protection exception.
In 64-bit mode, the instruction’s default operation size is 32 bits. Use of the REX.W prefix promotes operation to 64 bits (IRETQ). See the summary chart at the beginning of this section for encoding data and limits.




--------The following is the QQ exchange record of asking Guandong Rat Man --------------------------------- --------
You go back to the front first p210
[Leader] Kanto Rat 2017/3/20 Monday 09:58:40

Look at the pages on the book.

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 09:59:14

Good
10:00:52
[Captain] Kanto Rat 2017/3/20 Monday 10:00:52

p.214
10 :05:24
[Leader] Kanto Rat 2017/3/20 Monday 10:05:24 Do

you understand?

【Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:05:36

Not yet. .

【Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:05:43

is a bit stupid. .
[Leader] Kanto Rat 2017/3/20 Monday 10:06:08 It's

not stupid, it's the boundary of the stack that is really confusing and brain-burning.

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 10:06:15

The segment limit value in the descriptor *0x1000+0xFFF
[Captain] Kanto Rat 2017/3/20 Monday 10:06:42

Let me ask you, what is the initial value we give to the ESP register?

【Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:06:50

Judging from the code in Chapter 14, his length is 4K

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 10:06:52

0

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 10:07:19

The initial value in ESP should be 0
10:07:35
[Leader] Kanto Rat 2017/3/20 Monday 10:07:35

Okay, when pushing, ESP is first reduced. If the operand is 2 bytes, what is the new value of ESP when pushed on the stack?

【 Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:08:16

FFFFE

【Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:08:21 FFFE

【 Group
Leader】Kanto Rat 2017/3/20 Monday 10:09:01

Confused? ESP is a 32-bit register.

【Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:09:07

Yes. .

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 10:09:12

FFFF
FFFE 10:09:36
[Captain] Kanto Mouse 2017/3/20 Monday 10:09:36

So every time When pushing the stack, the value of ESP must be within the stack limit.
[Leader] Kanto Mouse 2017/3/20 Monday 10:10:48

For the stack, the actual segment boundary used is the lowest address that is not allowed to be accessed.
10:11:38
【Company Commander】^Yu Xiaoxiong^ 2017/3/20 Monday 10:11:38

Well, yes. .

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 10:11:46

So we use 0 - 4k
[Captain] Kanto Rat 2017/3/20 Monday 10:12:44

So, here we are The limit value is 0xFFFFE
So, here, the actual segment limit used is 0xFFFFE * 0x1000+0xFFFF=0xFFFFEFFF
[Leader] Kanto Rat 2017/3/20 Monday 10:12:58

Or in other words, ESP must be 0xFFFFEFFF in size
[Leader] Kanto Rat 2017/3/20 Monday 10:13:03

is greater than
[Captain] Kanto Rat 2017/3/20 Monday 10:13:21

0xFFFFFFFF-0xFFFFEFFF = 4KB

[Company Commander] ^ Yu Xiaoxiong^ 2017/3 /20 Monday 10:13:36

Well, yes, I finally figured it out



[Company Commander] ^ Yu Xiaoxiong ^ 2017/3/20 Monday 10:13:55

This needs to be remarked

[Captain] Kanto Rat 2017 /3/20

When I reprint it on Monday at 10:14:15, I will also change it to make it more clear.
[Leader] linux-guo 2017/3/20 Monday 10:14:19

155.94.235.113 This opening speed is OK
[Leader] linux-fruit 2017/3/20 Monday 10:14:23

155.94.235.113


10:19:08
[Leader] Kanto Rat 2017/3/20 Monday 10:19:08

@^鱼小雄^ You can write this question into a blog, and I will lead civil and military officials to read it.

[Company Commander] ^ Yu Xiaoxiong^ 2017/3/20 Monday 10:19:25

Haha, okay. . .