Table of contents
1 Segment Descriptor Structure
1.5.1 Application Descriptor (S=1)
1.5.1.3 Difference between consistent segment and non-consistent segment
1 Segment Descriptor Structure
In the x86 architecture, a segment descriptor is a data structure used to define the attributes of a memory segment. Each segment descriptor occupies 8 bytes (16 bytes in 64-bit mode) and contains the following fields:
In 64-bit mode, the structure of the segment descriptor is similar to the above description, but the field size and number of bits will be different. For example, the segment limit length becomes a 48-bit field, the segment base address becomes a 64-bit field, and the number of bits and definition methods of privilege level, descriptor type, P flag and other fields will also be different.
1.1 Segment Limit
The segment limit field specifies the size of the segment, and the processor combines the two segment limit fields into a 20-bit segment limit value. Wait, didn't you say that the segment limit is 32 bits when explaining the segment register before, why is it only 20 bits now? That's because the CPU will handle the segment length limit in two different ways according to the flag bit G
1.2 G
Granularity flag, if the G flag is 0, and the unit of Segment Limit is byte, then add 3 0s in front of the 20-bit Segment Limit; if the G flag is 1, the unit of Segment Limit is byte 4K bytes , so it is necessary to add 3 Fs after the 20-digit Segment Limit to be the real segment limit. For example, the spliced value of two segment length limit fields is 0xFFFFF, if the G bit is 0, the segment limit length is 0x000FFFFF, otherwise it is 0xFFFFFFFF.
This flag bit does not affect the granularity of the segment base address, which is always bytes.
1.3 Base Address
The base address field, which determines the location of byte 0 of the segment in the 4GB linear address space. The CPU combines these three base address fields to form a 32-bit address value.
1.4 S
Descriptor type flag, if the S flag bit is 0, it means that the descriptor is a system segment descriptor; if the S flag bit is 1, it means that the descriptor is a code segment or data segment descriptor.
1.5 Type
The type field, how to interpret this field depends on whether the descriptor is an application descriptor (code segment or data segment) or a system descriptor, which is determined by the S flag.
1.5.1 Application Descriptor (S=1)
When the S flag (descriptor type) in the segment descriptor is 1, the descriptor is a code segment descriptor or a data segment descriptor, and the explanation of the type field is as follows:
The highest bit of the type field (bit 11 of the second double word of the segment descriptor) will determine whether the descriptor is a data segment descriptor (when it is 0) or a code segment descriptor (when it is 1).
1.5.1.1 Data segment
For the data segment, the lower 3 bits (bits 8, 9, 10) of the descriptor's type field are interpreted as the access bit (A-accessed), whether it can be written (W-write), the expansion direction (E-expand ).
The access bit (A) indicates whether the segment has been accessed. Whenever the CPU puts the segment selector of the segment into a segment register, it sets the access bit to 1.
The writable bit (W) indicates whether the segment is writable, and the ds segment can be read-only (when it is 0) or a segment that can be read and written (when it is 1), depending on whether the flag is writable. The ss segment must be a readable and writable data segment.
The extension direction bit (E) indicates the extension direction of the segment. If it is extended upward (when it is 0), the effective area of the segment is between Base Address and Base Address + Segment Limit; if it is extended downward (when it is 0), Then the valid area of this segment is the area between non-Base Address and Base Address + Segment Limit, that is, the area between Base Address and Base Address + Segment Limit is invalid. Note that this bit is valid for data segments.
1.5.1.2 Code snippets
For the code segment, the lower 3 bits (bits 8, 9, 10) of the descriptor's type field are interpreted as the access bit (A-accessed), the readable bit (R-read), and the consistent bit (C-conforming ).
The access bit (A) is the same as the data segment, indicating whether the segment has been accessed. Whenever the CPU puts the segment selector of the segment into a segment register, it sets the access bit to 1.
The readable bit (R) indicates whether the segment is readable, and the cs segment can be executable only (when it is 0) or executable and readable (when it is 1).
Consistent bit (C). If the flag bit is set to 0, the code segment is an inconsistent code segment; if the flag bit is set to 1, the code segment is a consistent code segment.
1.5.1.3 Difference between consistent segment and non-consistent segment
A consistent code segment means that it can be called by a code segment of the current privilege level or lower, and when called, the code segment will automatically switch to the same privilege level as the caller. A non-conforming code segment means that only code segments with the same privilege level are allowed to access and execute.
Regardless of whether the target segment is a consistent code segment or not, the process cannot be transferred to a code segment with a low privilege level (larger privilege value) for execution due to call or jmp.
All data segments are non-consistent, which means that data segments cannot be accessed by processes with lower privilege levels (executing code with higher privilege values). But unlike the code segment, the data segment with lower privilege level can be accessed by processes with higher privilege level.
| Privilege level low -> high | Privilege level high -> low | same privilege level | |
| inconsistent code segment | × | × | √ |
| consistent code segment | √ | × | √ |
| data segment (always inconsistent) |
× | √ | √ |
1.5.2 System Descriptor (S=0)
When the S flag (descriptor type) in the segment descriptor is 0, the descriptor is a system descriptor. System descriptors can be divided into two categories: system segment descriptors and gate descriptors. A detailed introduction will be given in the following chapters. Here is the decoding of the type field of the system descriptor in the Intel white paper:
1.6 DPL
Descriptor Privilege Level (Descriptor Privilege Level) domain, indicating the privilege level of the segment. The privilege level ranges from 0 to 3, with 0 being the highest privilege level. The DPL is used to control the required privilege level to access the segment.
1.7 P
The segment exists flag, indicating whether the segment is currently in memory (1 means it is in memory, 0 means it is not). When the P bit is set to 1, it means that the segment is available; when the P bit is set to 0, it means that the segment is not available. If a program tries to access a segment that is not available, an exception is raised, usually a "segment does not exist" exception. Therefore, the operating system or application program can control which segments can be accessed and used by the program by setting and clearing the P bit.
The P bit exists mainly to support the virtual memory mechanism. Under the virtual memory mechanism, the operating system can map the virtual address space of a process to any location in the physical address space. When the CPU accesses a virtual address, the operating system converts it into a physical address according to the mapping relationship of the address, and checks whether the accessed page exists in the memory. If the page does not exist in memory, the operating system loads the page from disk, brings it into memory, and then remaps the virtual address to the physical address of the page. During this process, the P bit is dynamically set and cleared to reflect whether the segment exists in memory.
1.8 D/B
Default operand size/default stack pointer size/upper limit flag, for the cs segment, ss segment, and downwardly extended data segment, this flag performs different functions (for 32-bit code and data segments, this flag is always set to 1, while 16 is the code and data segment, this flag is always set to 0)
cs segment: This flag is called the D flag and is used to indicate the default operand size in the code segment. If the D flag is set to 1, the default operand size is 32 bits; if the D flag is set to 0, the default operand size is 16 bits.
ss segment: This flag is called the B flag. When B = 1, the implicit stack access instruction (such as: PUSH POP CALL) uses the 32-bit stack pointer register ESP, and when B = 0, the 16-bit register SP is used. If the ss segment is a downwardly extended data segment, the B flag bit also determines the address upper bound of the ss segment.
Down-extended data segment: This flag is called the B flag, which determines the upper limit of the address of the segment. If the flag is 1, the upper limit of the segment address is 4GB; if the flag is 0, the upper limit of the segment address is 64KB.
1.9 AVL、L
AVL (bit 20 in the second double byte) can be used by system software, bit L (bit 21 in the second double byte) is reserved and should be set to 0.