Misplaced Pages

#188811

64-567: The A20 , or address line 20 , is one of the electrical lines that make up the system bus of an x86 -based computer system. The A20 line in particular is used to transmit the 21st bit on the address bus . A microprocessor typically has a number of address lines equal to the base-two logarithm of the number of words in its physical address space . For example, a processor with 4 GB of byte-addressable physical space requires 32 lines (log 2 (4 GB) = log 2 (2 B) = 32), which are named A0 through A31. The lines are named after

128-401: A hard disk drive . This allows for more memory to be used than physically available in primary storage. The x86 architecture allows control of pages through two arrays : page directories and page tables . Originally, a page directory was the size of one page, four kilobytes, and contained 1,024 page directory entries (PDE), although subsequent enhancements to the x86 architecture have added

192-419: A trap with the use of instructions that involve input/output (I/O), which can negatively impact performance. Due to these limitations, some programs originally designed to run on the 8086 cannot be run in virtual 8086 mode. As a result, system software is forced to either compromise system security or backward compatibility when dealing with legacy software . An example of such a compromise can be seen with

256-414: A 20-bit address space, an external memory reference was made up of a 16-bit offset address added to a 16-bit segment number, shifted 4 bits to the left so as to produce a 20-bit physical address. The resulting address is equal to segment  × 16 + offset . There are many combinations of segment and offset that produce the same 20-bit physical address. Therefore, there were various ways to address

320-403: A computer. OS/2 1.x defines restrictive programming rules allowing a Family API or bound program to run in either real or protected mode. Some early Unix operating systems, OS/2  1.x, and Windows used this mode. Windows 3.0 was able to run real mode programs in 16-bit protected mode; when switching to protected mode, it decided to preserve the single privilege level model that

384-663: A far jump must be made to clear the prefetch input queue . With the release of the 386, protected mode could be exited by loading the segment registers with real mode values, disabling the A20 line and clearing the PE bit in the CR0 register, without the need to perform the initial setup steps required with the 286. Protected mode has a number of features designed to enhance an operating system's control over application software, in order to increase security and system stability. These additions allow

448-503: A granularity flag (G-bit, for short): The 386 processor also uses 32 bit values for the address offset. For maintaining compatibility with 286 protected mode a new default flag (D-bit, for short) was added. If the D-bit of a code segment is off (0) all commands inside this segment will be interpreted as 16-bit commands by default; if it is on (1), they will be interpreted as 32-bit commands. Where: In addition to adding virtual 8086 mode,

512-497: A processor that supports x86 protected mode is powered on, it begins executing instructions in real mode , in order to maintain backward compatibility with earlier x86 processors. Protected mode may only be entered after the system software sets up one descriptor table and enables the Protection Enable (PE) bit in the control register 0 (CR0). Protected mode was first added to the x86 architecture in 1982, with

576-535: A segment register in protected mode caused a 6-byte segment descriptor to be loaded into the CPU from memory, the segment register load instruction took many tens of processor cycles, making it much slower than on the 8086 and 8088; therefore, the strategy of computing segment addresses on-the-fly in order to access data structures larger than 128  kilobytes (the combined size of the two data segments) became impractical, even for those few programmers who had mastered it on

640-400: Is IBM PC memory manager software that controls access to the high memory area (HMA). Extended-memory managers usually provide this functionality. A20 handlers are named after the 21st address line of the microprocessor, the A20 line. In DOS , HMA managers such as HIMEM.SYS have the "extra task" of managing A20. HIMEM.SYS provided an API for opening/closing A20. DOS itself could use

704-645: Is dangerous; programs should only keep handles to memory blocks when not running. Starting an old program while Windows 3.0 is running in protected mode triggers a warning dialog, suggesting to either run Windows in real mode or to obtain an updated version of the application. Updating well-behaved programs using the MARK utility with the MEMORY parameter avoids this dialog. It is not possible to have some GUI programs running in 16-bit protected mode and other GUI programs running in real mode. In Windows 3.1 , real mode

SECTION 10

#1732791505189

768-405: Is the same as the 16-bit selector, provided the lower three bits are zeroed. The descriptor table entry defines the real linear address of the segment, a limit value for the segment size, and some attribute bits (flags). The segment address inside the descriptor table entry has a length of 24 bits so every byte of the physical memory can be defined as bound of the segment. The limit value inside

832-502: The A20 line (21st address line) also must be enabled to allow the use of all the address lines so that the CPU can access beyond 1 megabyte of memory (Only the first 20 are allowed to be used after power-up, to guarantee compatibility with older software written for the Intel 8088-based IBM PC and PC/XT models). After performing those two steps, the PE bit must be set in the CR0 register and

896-526: The BIOS (Basic Input/Output System) and memory for add-on devices . As the cost of memory decreased and memory use increased, the 1 MB limitation became a significant problem. Intel intended to solve this limitation along with others with the release of the 286. The initial protected mode, released with the 286, was not widely used; for example, it was used by Coherent (from 1982), Microsoft Xenix (around 1984) and Minix . Several shortcomings such as

960-547: The Intel 8086 , had a 20- bit address bus for its memory , as did its Intel 8088 variant. This allowed them to access 2 bytes of memory, equivalent to 1 megabyte . At the time, 1 megabyte was considered a relatively large amount of memory, so the designers of the IBM Personal Computer reserved the first 640 kilobytes for use by applications and the operating system and the remaining 384 kilobytes for

1024-541: The Program Segment Prefix (PSP) (which partially resembles CP/M-80's zero page ). This was, in particular, utilized by programs machine-translated from CP/M-80 through assembly language translators like Seattle Computer Products ' TRANS86 . The CALL 5 handler this entry point refers to resides at the machine's physical address 0x000000C0 (thereby overlapping the four bytes of the interrupt service routine entry point reserved for INT 30h and

1088-676: The Small-C compiler. Also, the SPELL utility in Microsoft's Word 3.0 (1987) is one of the programs depending on the CALL ;5 interface to be set up correspondingly. Sun Microsystems ' PC-NFS (1993) requires the CALL 5 fix-up as well. Also, to save program space, a trick was used by some BIOS and DOS programmers, for example, to have one segment that has access to program data (such as from F800:0000 to F800:7FFF , pointing to

1152-468: The Task State Segment (TSS), introduced with the 286, preemptive multitasking was made possible on the x86 architecture. The TSS allows general-purpose registers, segment selector fields, and stacks to all be modified without affecting those of another task. The TSS also allows a task's privilege level, and I/O port permissions to be independent of another task's. In many operating systems,

1216-447: The 386 also added paging to protected mode. Through paging, system software can restrict and control a task's access to pages, which are sections of memory. In many operating systems, paging is used to create an independent virtual address space for each task, preventing one task from manipulating the memory of another. Paging also allows for pages to be moved out of primary storage and onto a slower and larger secondary storage , such as

1280-543: The 386, protected mode did not offer a direct method to switch back into real mode once protected mode was entered. IBM devised a workaround (implemented in the IBM AT ) which involved resetting the CPU via the keyboard controller and saving the system registers, stack pointer and often the interrupt mask in the real-time clock chip's RAM. This allowed the BIOS to restore the CPU to a similar state and begin executing code before

1344-491: The 386. Despite such potential setbacks, Windows 3.0 and its successors can take advantage of the binary compatibility with real mode to run many Windows 2.x ( Windows 2.0 and Windows 2.1x ) applications in protected mode, which ran in real mode in Windows 2.x. With the release of the 386, protected mode offers what the Intel manuals call virtual 8086 mode . Virtual 8086 mode is designed to allow code previously written for

SECTION 20

#1732791505189

1408-442: The 8086 and 8088. The 286 maintained backward compatibility with the 8086 and 8088 by initially entering real mode on power up. Real mode functioned virtually identically to the 8086 and 8088, allowing the vast majority of existing software for those processors to run unmodified on the newer 286. Real mode also served as a more basic mode in which protected mode could be set up, solving a sort of chicken-and-egg problem. To access

1472-461: The 8086 to run unmodified and concurrently with other tasks, without compromising security or system stability. Virtual 8086 mode, however, is not completely backward compatible with all programs. Programs that require segment manipulation, privileged instructions, direct hardware access, or use self-modifying code will generate an exception that must be served by the operating system. In addition, applications running in virtual 8086 mode generate

1536-516: The A20 line. UEFI boot loaders use 32-bit protected mode or 64-bit long mode . Electrical Too Many Requests If you report this error to the Wikimedia System Administrators, please include the details below. Request from 172.68.168.150 via cp1114 cp1114, Varnish XID 975045737 Upstream caches: cp1114 int Error: 429, Too Many Requests at Thu, 28 Nov 2024 10:58:25 GMT Protected-mode When

1600-417: The CPU was supposed to emulate an 8086's behavior in real mode , its startup mode, so that it could run operating systems and programs that were not written for protected mode. The 80286 did not force the A20 line to zero in real mode, however. Therefore, the combination F800:8000 would no longer point to the physical address 0x00000000 , but to the address 0x00100000 . As a result, programs relying on

1664-584: The DOS kernel relocated into higher memory areas, low memory increasingly became available for programs, causing those depending on the wraparound to fail. The executable loaders in newer versions of DOS attempt to detect some common types of affected programs and either patch them on-the-fly to function also in low memory or load them above the first 64 KB before passing execution on to them. For programs, which are not detected automatically, LOADFIX or MEMMAX  -L can be used to force programs to be loaded above

1728-410: The ability to access up to 16 MB of physical memory, and 1 GB of virtual memory , were the most apparent changes to application programmers. This was not without its limitations. If an application utilized or relied on any of the techniques below, it would not run: In reality, almost all DOS application programs violated these rules. Due to these limitations, virtual 8086 mode was introduced with

1792-438: The ability to use larger page sizes. Each PDE contained a pointer to a page table. A page table was also originally four kilobytes in size and contained 1,024 page table entries (PTE). Each PTE contained a pointer to the actual page's physical address and are only used when the four-kilobyte pages are used. At any given time, only one page directory may be in active use. Through the use of the rings, privileged call gates , and

1856-424: The address wrap around would no longer work. To remain compatible with such programs, IBM decided to correct the problem on the motherboard . That was accomplished by inserting a logic gate on the A20 line between the processor and system bus, which got named Gate-A20 . Gate-A20 can be enabled or disabled by software to allow or prevent the address bus from receiving a signal from A20. It is set to non-passing for

1920-671: The area for some of its storage needs, thereby freeing up more conventional memory for programs. That functionality was enabled by the DOS =HIGH or HIDOS =ON directives in the CONFIG.SYS configuration file. Since 1980, the address wrap was internally used by 86-DOS and MS-DOS to implement the DOS CALL ;5 entry point at offset +5 to +9 (which emulates the CP/M-80 -style CALL 5 BDOS API entry point at offset +5 to +7) in

1984-403: The boot process to never close it again. Such operating systems had no compatibility reasons for keeping it closed, and they gained access to the full range of physical addresses available by opening it. The Intel 80486 and Pentium added a special pin named A20M# , which when asserted low forces bit 20 of the physical address to be zero for all on-chip cache - or external-memory accesses. It

A20 line - Misplaced Pages Continue

2048-440: The bootup process, often before control has been passed to the kernel from the bootstrap (in the case of Linux , for example). Virtual 8086 mode , introduced with the Intel 80386 , allows the A20 wrap-around to be simulated by using the virtual memory facilities of the processor; physical memory may be mapped to multiple virtual addresses. Thus, the memory mapped at the first megabyte of virtual memory may be mapped again in

2112-417: The descriptor table entry has a length of 16 bits so segment length can be between 1 byte and 2 byte. The calculated linear address equals the physical memory address. The segment address inside the descriptor table entry is expanded to 32 bits so every byte of the physical memory can be defined as bound of the segment. The limit value inside the descriptor table entry is expanded to 20 bits and completed with

2176-426: The equivalent /E[XEPACK] option in Microsoft's LINK 3.02 and higher. Programs processed with EXEPACK would display a "Packed file is corrupt" error message. Various third-party utilities exist to modify compressed executables either replacing the problematic uncompression routine(s) through restubbing, or attempting to expand and restore the original file. Modern Legacy BIOS boot loaders (such as GNU GRUB ) use

2240-521: The execution of older programs that rely on the wrap-around. At boot time, the BIOS first enables Gate-A20 when it counts and tests all of the system memory, and then disables it before transferring control to the operating system. Originally, the logic gate was a gate connected to the Intel 8042 keyboard controller. Controlling it was a relatively slow process. Other methods have since been added to allow more efficient multitasking of programs that require this wrap-around with programs that access all of

2304-409: The extended functionality of the 286, the operating system would set up some tables in memory that controlled memory access in protected mode, set the addresses of those tables into some special registers of the processor, and then set the processor into protected mode. This enabled 24-bit addressing, which allowed the processor to access 2  bytes of memory, equivalent to 16  megabytes . With

2368-452: The far call entry point's 16-bit offset had to match this segment size (i.e. 0xFEF0 ), which is stored at offset +6 to +7 in the PSP, overlapping parts of the CALL 5. The only way to reconcile these requirements was to choose a segment value that, when added to 0xFEF0 , results in an address of 0x001000C0 , which, on an 8086, wraps around to 0x000000C0 . A20 had to be disabled for

2432-502: The first 64 KB. The trick was utilized by IBM/Microsoft Pascal itself as well as by programs compiled with it, including Microsoft's MASM . Other commonly used development utilities using this were executable compressors like Realia's Spacemaker (written by Robert B. K. Dewar in 1982 and used to compress early versions of the Norton Utilities ) and Microsoft's EXEPACK (written by Reuben Borman in 1985) as well as

2496-469: The first byte of INT 31h in the x86 real mode interrupt vector table ). However, by the design of CP/M-80, which loaded the operating system immediately above the memory available for the application program to run in, the 8080 / Z80 16-bit target address stored at offset +6 to +7 in the zero page could deliberately also be interpreted as the size of the first memory segment. In order to emulate this in DOS with its 8086 segment:offset addressing scheme,

2560-483: The full features of the TSS are not used. This is commonly due to portability concerns or due to the performance issues created with hardware task switches. As a result, many operating systems use both hardware and software to create a multitasking system. Operating systems like OS/2 1.x try to switch the processor between protected and real modes. This is both slow and unsafe, because a real mode program can easily crash

2624-413: The inability to make BIOS and DOS calls due to inability to switch back to real mode without resetting the processor prevented widespread usage. Acceptance was additionally hampered by the fact that the 286 only allowed memory access in 64  kilobyte segments, addressed by its four segment registers, meaning that only 4 × 64 KB , equivalent to 256 KB, could be accessed at a time. Because changing

A20 line - Misplaced Pages Continue

2688-406: The increased size of the address bus and segment registers, many other new features were added with the intention of increasing operational security and stability. Protected mode is now used in virtually all modern operating systems which run on the x86 architecture, such as Microsoft Windows , Linux , and many others. Furthermore, learning from the failures of the 286 protected mode to satisfy

2752-505: The index of an entry inside a descriptor table . The next bit (bit 2) specifies whether the operation is used with the GDT or the LDT. The lowest two bits (bit 1 and bit 0) of the selector are combined to define the privilege of the request, where the values of 0 and 3 represent the highest and the lowest privilege, respectively. This means that the byte offset of descriptors in the descriptor table

2816-419: The logical address contains an offset inside the segment, i.e. the physical address can be calculated as physical_address = segment_part × 16 + offset, if the address line A20 is enabled, or (segment_part × 16 + offset) mod 2 , if A20 is off. Every segment has a size of 2  bytes. In protected mode, the segment_part is replaced by a 16-bit selector , in which the 13 upper bits (bit 3 to bit 15) contain

2880-664: The mechanism works exactly as before, and an operating system must still program external hardware (which in-turn sends the aforementioned bus cycles to the CPU) to disable the A20 masking. Intel no longer supports the A20 gate, starting with Haswell . Page 271 of the Intel System Programmers Manual Vol. 3A from June 2013 states: "The functionality of A20M# is used primarily by older operating systems and not used by modern operating systems. On newer Intel 64 processors, A20M# may be absent." The A20 handler

2944-399: The needs for multiuser DOS , Intel added a separate virtual 8086 mode , which allowed multiple virtualized 8086 processors to be emulated on the 386. Hardware x86 virtualization required for virtualizing the protected mode itself, however, had to wait for another 20 years. With the release of the 386, the following additional features were added to protected mode: Until the release of

3008-488: The operating system and some device drivers run in ring 0 and applications run in ring 3. According to the Intel 80286 Programmer's Reference Manual , the 80286 remains upwardly compatible with most 8086 and 80186 application programs. Most 8086 application programs can be re-compiled or re-assembled and executed on the 80286 in Protected Mode. For the most part, the binary compatibility with real-mode code,

3072-442: The operating system to function in a way that would be significantly more difficult or even impossible without proper hardware support. In protected mode, there are four privilege levels or rings , numbered from 0 to 3, with ring 0 being the most privileged and 3 being the least. The use of rings allows for system software to restrict tasks from accessing data, call gates or executing privileged instructions. In most environments,

3136-513: The physical addresses 0x000F8000–0x000FFFFF ), as well as the I/O data (such as the keyboard buffer) that was located in the first memory segment (with addresses F800:8000 to F800:FFFF pointing to the physical addresses 0x00000000 to 0x00007FFF ). This trick works for as long as the code isn't executed in low memory , the first 64 KB of RAM, a condition that was always true in older DOS versions without load-high capabilities. With

3200-568: The processor would need another address line for actual access to that byte. Since there is no such line on the 8086 line of processors, the 21st bit above, while set, gets dropped, causing the address F800:8000 to "wrap around" and to actually point to the physical address 0x00000000 . When IBM designed the IBM PC AT (1984) machine, it decided to use the new higher-performance Intel 80286 microprocessor. The 80286 could address up to 16 MB of system memory in protected mode . However,

3264-469: The processor." Support for the A20 gate was changed in the Nehalem microarchitecture (some sources incorrectly claim that A20 support was removed). Rather than the CPU having a dedicated A20M# pin that receives the signal whether or not to mask the A20 bit, it has been virtualized so that the information is sent from the peripheral hardware to the CPU using special bus cycles. From a software point of view,

SECTION 50

#1732791505189

3328-440: The release of Intel 's 80286 (286) processor, and later extended with the release of the 80386 (386) in 1985. Due to the enhancements added by protected mode, it has become widely adopted and has become the foundation for all subsequent enhancements to the x86 (IA-32) architecture, although many of those enhancements, such as added instructions and new registers, also brought benefits to the real mode. The first x86 processor,

3392-454: The release of Windows NT , which dropped backward compatibility for "ill-behaved" DOS applications. In real mode each logical address points directly into a physical memory location, every logical address consists of two 16-bit parts: The segment part of the logical address contains the base address of a segment with a granularity of 16 bytes, i.e. a segment may start at physical address 0, 16, 32, ..., 2  − 16. The offset part of

3456-454: The release of the 386 in 1985, many of the issues preventing widespread adoption of the previous protected mode were addressed. The 386 was released with an address bus size of 32 bits, which allows for 2 bytes of memory accessing, equivalent to 4 gigabytes . The segment sizes were also increased to 32 bits, meaning that the full address space of 4 gigabytes could be accessed without the need to switch between multiple segments. In addition to

3520-533: The reset. Later, a triple fault was used to reset the 286 CPU, which was a lot faster and cleaner than the keyboard controller method (and does not depend on IBM AT-compatible hardware, but will work on any 80286 CPU in any system). To enter protected mode, the Global Descriptor Table (GDT) must first be created with a minimum of three entries: a null descriptor, a code segment descriptor and data segment descriptor. In an IBM-compatible machine,

3584-433: The same byte in memory. For example, here are four of the 4096 different segment:offset combinations, all referencing the byte whose physical address is 0x000FFFFF (the last byte in 1 MB-memory space): Referenced the last way, an increase of one in the offset yields F800:8000 , which is a proper address for the processor, but since it translates to the physical address 0x00100000 (the first byte over 1 MB),

3648-543: The second megabyte of virtual memory. The operating system may intercept changes to Gate A20 and make corresponding changes to the virtual-memory address space, which also makes irrelevant the efficiency of Gate-A20 line toggling. Controlling the A20 line was an important feature at one stage in the growth of the IBM PC architecture, as it added access to an additional 65,520 bytes (64 KB − 16 bytes) of memory in real mode , without significant software changes. In what

3712-488: The system memory. There are multiple methods to control the A20 line. Disconnecting A20 would not wrap all memory accesses above 1 MB, just those in the 1–2 MB, 3–4 MB, 5–6 MB, etc. ranges. Real-mode software cared only about the area slightly above 1 MB, so the Gate-A20 line was enough. Enabling the Gate-A20 line is one of the first steps that a protected-mode x86 operating system does in

3776-454: The wraparound to occur and DOS programs using this interface to work. Newer DOS versions which can relocate parts of themselves into the HMA, typically craft a copy of the entry point at FFFF:00D0 in the HMA (which again resolves to physical 0x001000C0 ), so that the interface can work without regard to the state of A20. One program known to use the CALL 5 interface is the DOS version of

3840-502: The zero-based number of the bit in the address that they are transmitting. The least significant bit is first and is therefore numbered bit 0 and signaled on line A0. A20 transmits bit 20 (the 21st bit) and becomes active once addresses reach 1 MB, or 2. The Intel 8086 , Intel 8088 , and Intel 80186 processors had 20 address lines, numbered A0 to A19; with these, the processor can access 2 bytes, or 1 MB. Internal address registers of such processors only had 16 bits. To access

3904-477: Was arguably a "hack", the A20 gate was originally part of the keyboard controller on the motherboard, which could open or close it depending on what behavior was desired. In order to keep full compatibility with the Intel 8086 , the A20 gate was still present in Intel CPUs until 2008. As the gate was initially closed right after boot, protected-mode operating systems typically opened the A20 gate early during

SECTION 60

#1732791505189

3968-549: Was necessary, since the 80486 introduced an on-chip cache and so masking this bit in external logic was no longer possible. Software still needs to manipulate the gate and must still deal with external peripherals (the chipset ) for that. The PC System Design Guide PC 2001 removes compatibility for the A20 line: "If A20M# generation logic is still present in the system, this logic must be terminated such that software writes to I/O port 92, bit 1, do not result in A20M# being asserted to

4032-594: Was no longer supported and could not be accessed. In modern 32-bit operating systems, virtual 8086 mode is still used for running applications, e.g. DPMI compatible DOS extender programs (through virtual DOS machines ) or Windows 3.x applications (through the Windows on Windows subsystem) and certain classes of device drivers (e.g. for changing the screen-resolution using BIOS functionality) in OS/2 2.0 (and later OS/2) and 32-bit Windows NT , all under control of

4096-521: Was used in real mode, which is why Windows applications and DLLs can hook interrupts and do direct hardware access. That lasted through the Windows 9x series. If a Windows 1.x or 2.x program is written properly and avoids segment arithmetic, it will run the same way in both real and protected modes. Windows programs generally avoid segment arithmetic because Windows implements a software virtual memory scheme, moving program code and data in memory when programs are not running, so manipulating absolute addresses

#188811