Users can specify an entire program eflags settings when loaded by the operating system, the operating system how to set up your own IOPL it, even if the kernel is 0 IOPL have to write into eflags register to take effect. Unfortunately, there is no direct eflags register read and write commands, but may be achieved by modifying the data stack pop eflags register. Pushf can first use the entire instruction eflags pushed onto the stack, and modifying the position in the stack, and then ejected to eflags popf instruction register. Another available IRETD instruction is a stack, with the return from interrupt IRETD instruction, the data from the stack as the content in the corresponding position to the eject eflags eflags register. It is possible to change IOPL instruction only popf and iretd instruction, still can only be performed at 0 privileges. If you do this in other privileged instruction, the processor will not throw an exception, but without any response.
Then take a look IO bitmap is how it was.
If, on the value of CPL <= IOPL, IO program may execute a privileged instruction, and can operate all the IO port. If the value of the CPL> IOPL, the program is not completely unable to carry out any IO operation, it is not strange, it seems logical discrepancies and we, in fact, is justified.
Said before, IOPL switch is all the IO ports, but also leave room for this switch, if the switch is turned on, you can access all of the 65,536 ports, if the switch is turned on, that is, the value of CPL> IOPL, you can IO bitmap to set access permissions section of the port. That is, on the whole first closed and then opened from the local. This is a bit like setting firewall rules to prohibit all access by default, which ports want to re-open a separate release.
Why allow the processor to do it? The reason is to speed.
If you go through all the IO port access kernel, privilege level from low to high-level privilege is needed to save the task context, this process also consumes processor time, with the port access increased, the time cost is still very substantial . The typical application is the hardware drivers, which is located in privilege level 1.
What is a driver?
Driver is a program to directly access the hardware through the in, out, etc. IO command, which provides access to the hardware control program for the upper, equivalent hardware agents, it eliminates the need for programmers by knowledge of learning hardware control, simplifying programming.
So, the driver will definitely have to directly control the IO ports, although it can be located as 0 privilege level as linux, but it is located in a privileged, still can directly manipulate the hardware port.
Even in the privilege level 3, also consider some applications require fast response, such as an application requires fast hardware interaction, the processor allows the I / O bitmap is a program to open certain privilege level 3 control port. The same rules apply to the privilege level 2, i.e. at any privilege level, the processor can open a specific port through the I / O privilege level bitmap corresponding program.
For I / O bitmap is how it is, we put the concept of bitmap clear.
Bitmap is the bit map, map is the map, is the establishment of some sort of correspondence, like the map as an area representative of the actual geographical scope of the figure, bit is bit, bit map is to use a bit mapped to an actual object. Operation of such configuration units is the bitmap 'bit, the bit FIG 01 is actually a string of binary digits, the operation of the bitmap corresponding bit is read, the processor access to memory in bytes, not direct operating position, the operating position to the FIG., it simply is the first byte position where the memory read, if the position of a wanted, this may be a bit or 'operator, this position to cleared may be performed with the bit 0 'and' operation, since we ultimately manipulate the bitmap, then the time to practice.
intel 65536 processor maximum support port, which allows the task to open a specific port through the I / O bitmap, each bit in the bitmap represents the corresponding port, such as 0-th bit represents 0, port 65 535 bit It represents 65,535 ports, the port number 65536 occupancy bitmap size is 63356/8 = 8192 bytes, i.e. 8KB. I / O if the corresponding bit in the bitmap is set to 0, it indicates that the corresponding access port, otherwise it is 1, indicating the port disable access. Figure
Again, I / O bitmap only CPL> IOPL in value, i.e., when the current privilege level IOPL effective than low, if the current privilege level greater than or equal IOPL, any port can direct unrestricted access.