Misplaced Pages

#223776

58-515: VM86 mode uses a segmentation scheme identical to that of real mode (for compatibility reasons), which creates 20-bit linear addresses in the same manner as 20-bit physical addresses are created in real mode, but are subject to protected mode's memory paging mechanism. The virtual 8086 mode is a mode for a protected-mode task . Consequently, the processor can switch between VM86 and non-VM86 tasks, enabling multitasking legacy ( DOS ) applications. To use virtual 8086 mode, an operating system sets up

116-407: A general protection (GP) fault . Otherwise, address translation continues. The processor then takes the 32-bit or 16-bit offset and compares it against the segment limit specified in the segment descriptor. If it is larger, a GP fault is generated. Otherwise, the processor adds the 24-bit segment base, specified in descriptor, to the offset, creating a linear physical address. The privilege check

174-536: A flat memory space, although as the OS itself was still 16-bit, API calls could not be made with 32-bit instructions. Thus, it was still necessary to place all code that performs API calls in 64k segments. Once 286 protected mode is invoked, it could not be exited except by performing a hardware reset. Machines following the rising IBM PC/AT standard could feign a reset to the CPU via the standardised keyboard controller, but this

232-517: A linear address at C0h (192) in the linear address space. The address offset can then be added to this number. 0Ch:0Fh (12:15) would be C0h+0Fh=CFh (192+15=207), CFh (207) being the linear address. Such address translations are carried out by the segmentation unit of the CPU. The last segment, FFFFh (65535), begins at linear address FFFF0h (1048560), 16 bytes before the end of the 20 bit address space, and thus, can access, with an offset of up to 65,536 bytes, up to 65,520 (65536−16) bytes past

290-428: A variable length for each segment, in the range 1 to 65,536 bytes, that is just not enforced by the CPU. (The leading zeros of the linear address, segmented addresses, and the segment and offset fields are shown here for clarity. They are usually omitted.) The effective 20-bit address space of real mode limits the addressable memory to 2  bytes, or 1,048,576 bytes (1  MB ). This derived directly from

348-409: A video display into a mode that is not supported by the hardware and is not emulated, or write over operating system code). The V86 monitor can also deny permission gently by emulating the failure of a requested operation—for example, it can make a disk drive always appear not ready when in fact it has not even checked the drive but simply will not permit the real-mode program to access it. Also,

406-540: A virtual 8086 mode monitor, which is a program that manages the real-mode program and emulates or filters access to system hardware and software resources. The monitor must run at privilege level 0 and in protected mode. Only the 8086 program runs in VM86 mode and at privilege level 3. When the real-mode program attempts to do things like access certain I/O ports to use hardware devices or access certain regions in its memory space,

464-995: A way for real-mode programs designed for a single-tasking environment (like DOS) to run concurrently in a multitasking environment. It is used to execute certain DOS programs in FlexOS 386 (since 1987), Concurrent DOS 386 (since 1987), Windows/386 2.10 (since 1987), DESQview 386 (since 1988), Windows 3.x (since 1990), Multiuser DOS (since 1991), Windows for Workgroups 3.1x (since 1992), OS/2 2.x (since 1992), 4690 OS (since 1993), REAL/32 (since 1995) running in 386 Enhanced Mode as well as in Windows 95 , 98 , 98 SE and ME through virtual DOS machines , in SCO UNIX through Merge , and in Linux through DOSEMU . (Other DOS programs which use protected mode execute using user mode under

522-417: Is always added to a 16-bit offset in the instruction to yield a linear address, which is the same as physical address in this mode. For instance, the segmented address 06EFh:1234h (here the suffix "h" means hexadecimal ) has a segment selector of 06EFh, representing a segment address of 06EF0h, to which the offset is added, yielding the linear address 06EF0h + 1234h = 08124h. Because of

580-502: Is because the current privilege level (CPL) of the processor is stored in the lower 2 bits of the CS ;register. The only ways to raise the processor privilege level (and reload CS) are through the lcall (far call) and int (interrupt) instructions. Similarly, the only ways to lower the privilege level (and reload CS) are through lret (far return) and iret (interrupt return) instructions. In real mode, code may also modify

638-533: Is done by setting bit number 0 (0x1 in value) of CR4 . Because the VME interrupt speed-up enhancements were found useful for non-VM86 protected tasks, they can also be enabled separately by setting only bit number 1 (0x2 in value), which is called PVI (Protected Mode Virtual Interrupts). Detecting whether a processor supports VME (including PVI) is done using the CPUID instruction, with an initial EAX value of 0x1, by testing

SECTION 10

#1732790751224

696-494: Is done only when the segment register is loaded, because segment descriptors are cached in hidden parts of the segment registers. In the Intel 80386 and later, protected mode retains the segmentation mechanism of 80286 protected mode, but a paging unit has been added as a second layer of address translation between the segmentation unit and the physical bus. Also, importantly, address offsets are 32-bit (instead of 16-bit), and

754-432: Is not available in x86-64 long mode , although it is still present on x86-64 capable processors running in legacy mode . Intel VT-x brings back the ability to run virtual 8086 mode from x86-64 long mode, but it has to be done by transitioning the (physical) processor to VMX root mode and launching a logical (virtual) processor itself running in virtual 8086 mode. Westmere and later Intel processors usually can start

812-470: Is ordinarily impossible, but is allowed for SVM guests if the host intercepts page faults. X86 memory segmentation The Intel x86 computer instruction set architecture has supported memory segmentation since the original Intel 8086 in 1978. It allows programs to address more than 64 KB (65,536  bytes ) of memory, the limit in earlier 80xx processors. In 1982, the Intel 80286 added support for virtual memory and memory protection ;

870-416: Is quite complex, but was viewed as a necessary evil for all but the smallest tools (which could do with less memory). The root of the problem is that no appropriate address-arithmetic instructions suitable for flat addressing of the entire memory range are available. Flat addressing is possible by applying multiple instructions, which however leads to slower programs. The memory model concept derives from

928-616: Is required in their kernels. Windows 8 and later also refuses to boot on these processors for the same reason, as they specifically require PAE support to run properly. The Yonah CPU was launched in January 2006 under the Core brand. Single and dual-core mobile version were sold under the Core Solo, Core Duo, and Pentium Dual-Core brands, and a server version was released as Xeon LV . These processors provided partial solutions to some of

986-563: Is the Core microarchitecture which in turn is also derived from P6. P6 was used within Intel's mainstream offerings from the Pentium Pro to Pentium III, and was widely known for low power consumption, excellent integer performance, and relatively high instructions per cycle (IPC). The P6 core was the sixth generation Intel microprocessor in the x86 line. The first implementation of the P6 core

1044-448: Is the current privilege level (found in the lower 2 bits of the CS register), RPL is the requested privilege level from the segment selector, and DPL is the descriptor privilege level of the segment (found in the descriptor). All privilege levels are integers in the range 0–3, where the lowest number corresponds to the highest privilege. If the inequality is false, the processor generates

1102-692: Is the sixth-generation Intel x86 microarchitecture , implemented by the Pentium Pro microprocessor that was introduced in November 1995. It is frequently referred to as i686 . It was planned to be succeeded by the NetBurst microarchitecture used by the Pentium 4 in 2000, but was revived for the Pentium M line of microprocessors. The successor to the Pentium M variant of the P6 microarchitecture

1160-510: The Pentium M 's shortcomings by adding: This resulted in the interim microarchitecture for low-voltage only CPUs, part way between P6 and the following Core microarchitecture. On July 27, 2006, the Core microarchitecture , a derivative of P6, was launched in form of the Core 2 processor. Subsequently, more processors were released with the Core microarchitecture under Core 2, Xeon , Pentium and Celeron brand names. The Core microarchitecture

1218-478: The paging unit. (This, of course, refers to 80386 and later processors, as the earlier x86 processors do not have a paging unit.) Current Linux also uses GS to point to thread-local storage . Segments can be defined to be either code, data, or system segments. Additional permission bits are present to make segments read only, read/write, execute, etc. In protected mode, code may always modify all segment registers except CS (the code segment selector). This

SECTION 20

#1732790751224

1276-421: The segmentation mechanism is reconfigured to work just like under real mode, but the paging mechanism is still active, and it is transparent to the real mode code; thus, memory protection is still applicable, and so is the isolation of the address space. When interrupts (hardware, software and int instruction) occur, the processor switches off the VM86 mode and returns to work in full protected mode to handle

1334-482: The 21st address line, the A20 line . The IBM PC AT provided the hardware to do this (for full backward compatibility with software for the original IBM PC and PC/XT models), and so all subsequent " AT -class" PC clones did as well. 286 protected mode was seldom used as it would have excluded the large body of users with 8086/88 machines. Moreover, it still necessitated dividing memory into 64k segments like

1392-452: The CPU traps these events and calls the V86 monitor, which examines what the real mode program is trying to do and either acts as a proxy to interface with the hardware, emulates the intended function the real-mode program was trying to access, or terminates the real-mode program if it is trying to do something that cannot either be allowed or be adequately supported (such as reboot the machine, set

1450-537: The CS register by making a far jump (or using an undocumented POP CS instruction on the 8086 or 8088). Of course, in real mode, there are no privilege levels; all programs have absolute unchecked access to all of memory and all CPU instructions. For more information about segmentation, see the IA-32 manuals freely available on the AMD or Intel websites. P6 (microarchitecture) The P6 microarchitecture

1508-478: The GS ;segment to store per-CPU data. GS/FS are also used in gcc 's thread-local storage and canary-based stack protector. Logical addresses can be explicitly specified in x86 assembly language , e.g. (AT&T syntax): or in Intel syntax : However, segment registers are usually used implicitly. Segmentation cannot be turned off on x86-32 processors (this is true for 64-bit mode as well, but beyond

1566-561: The Mobile Pentium 4 clocked over 1 GHz higher (the fastest-clocked Mobile Pentium 4 compared to the fastest-clocked Pentium M) and equipped with much more memory and bus bandwidth. The first Pentium M family processors ("Banias") internally support PAE but do not show the PAE support flag in their CPUID information; this causes some operating systems (primarily Linux distributions) to refuse to boot on such processors since PAE support

1624-614: The NexGen Nx586 , introduced in 1994, did so earlier. Other features first implemented in the x86 space in the P6 core include: Upon release of the Pentium 4-M and Mobile Pentium 4, it was quickly realized that the new mobile NetBurst processors were not ideal for mobile computing. NetBurst-based processors were simply not as efficient per clock or per watt compared to their P6 predecessors. Mobile Pentium 4 processors ran much hotter than Pentium III-M processors without significant performance advantages. Its inefficiency affected not only

1682-437: The V86 monitor can do things like map memory pages, intercept calls and interrupts, and preempt the real-mode program, allowing real-mode programs to be multitasked like protected-mode programs. By intercepting the hardware and software I/O of the real-mode program and tracking the state that the V86 program expects, it can allow multiple programs to share the same hardware without interfering with each other. So V86 mode provides

1740-438: The VME acronym expansion). Some later Intel 486 chips also support it. The enhancements address mainly the 8086 virtualization overhead, with a particular focus on (virtual) interrupts. Before the extensions were publicly documented in the P6 documentation, the official documentation referred to the famed Appendix H , which was omitted from the public documentation and shared only with selected partners under NDA . Activating VME

1798-434: The beginning of the linear (flat) address space. That is, at 16 byte intervals. Since all segments are 64 KB long, this explains how overlap can occur between segments and why any location in the linear memory address space can be accessed with many segment:offset pairs. The actual location of the beginning of a segment in the linear address space can be calculated with segment×16. A segment value of 0Ch (12) would give

Virtual 8086 mode - Misplaced Pages Continue

1856-513: The cooling system complexity, but also the all-important battery life. Intel went back to the drawing board for a design that would be optimally suited for this market segment. The result was a modernized P6 design called the Pentium M . Design Overview The Pentium M was the most power efficient x86 processor for notebooks for several years, consuming a maximum of 27 watts at maximum load and 4-5 watts while idle. The processing efficiency gains brought about by its modernization allowed it to rival

1914-418: The current data segment (DS), the current stack segment (SS), and one extra segment determined by the programmer (ES). The Intel 80386 , introduced in 1985, adds two additional segment registers, FS and GS, with no specific uses defined by the hardware. The way in which the segment registers are used differs between the two modes. The choice of segment is normally defaulted by the processor according to

1972-425: The default segment for selected instructions if desired. In real mode or V86 mode , the size of a segment can range from 1 byte up to 65,536 bytes (using 16-bit offsets). The 16-bit segment selector in the segment register is interpreted as the most significant 16 bits of a linear 20-bit address, called a segment address, of which the remaining four least significant bits are all zeros. The segment address

2030-556: The emulator.) NTVDM in x86 Windows NT-based operating systems also use VM86 mode, but with very limited direct hardware access. Some boot loaders (e.g. GRUB ) use the protected mode , and execute the BIOS interrupt calls in Virtual 8086 mode. The most common problem by running 8086 code from protected mode is memory addressing which is totally different between protected mode and real mode . As mentioned, by working under VM86 mode

2088-639: The end of the 20 bit 8088 address space. On the 8088, these address accesses were wrapped around to the beginning of the address space such that 65535:16 would access address 0 and 65533:1000 would access address 952 of the linear address space. The use of this feature by programmers led to the Gate A20 compatibility issues in later CPU generations, where the linear address space was expanded past 20 bits. In 16-bit real mode, enabling applications to make use of multiple memory segments (in order to access more memory than available in any one 64K-segment)

2146-461: The function being executed. Instructions are always fetched from the code segment. Any stack push or pop or any data reference referring to the stack uses the stack segment. All other references to data use the data segment. The extra segment is the default destination for string operations (for example MOVS or CMPS). FS and GS have no hardware-assigned uses. The instruction format allows an optional segment prefix byte which can be used to override

2204-507: The hardware design of the Intel ;8086 (and, subsequently, the closely related 8088), which had exactly 20 address pins . (Both were packaged in 40-pin DIP packages; even with only 20 address lines, the address and data buses were multiplexed to fit all the address and data lines within the limited pin count.) Each segment begins at a multiple of 16 bytes, called a paragraph , from

2262-500: The interrupt. Also, before servicing the interrupt, the DS, ES, FS, and GS registers are pushed on the new stack and zeroed. The Pentium architecture added a number of enhancements to the virtual 8086 mode. These were however documented by Intel only starting with the subsequent P6 (microarchitecture) ; their more recent formal name is Virtual-8086 Mode Extensions, abbreviated VME (older documentation may use "Virtual 8086 mode enhancements" as

2320-557: The offset, and the final 32-bit address the segmentation unit derived by adding the two are all virtual (or logical) addresses when the paging unit is enabled. When the segmentation unit generates and validates these 32-bit virtual addresses, the enabled paging unit finally translates these virtual addresses into physical addresses. The physical addresses are 32-bit on the 386 , but can be larger on newer processors which support Physical Address Extension . The 80386 also introduced two new general-purpose data segment registers, FS and GS, to

2378-424: The original mode was renamed real mode , and the new version was named protected mode . The x86-64 architecture, introduced in 2003, has largely dropped support for segmentation in 64-bit mode. In both real and protected modes, the system uses 16-bit segment registers to derive the actual memory address. In real mode, the registers CS, DS, SS, and ES point to the currently used program code segment (CS),

Virtual 8086 mode - Misplaced Pages Continue

2436-524: The original set of four segment registers (CS, DS, ES, and SS). A 386 CPU can be put back into real mode by clearing a bit in the CR0 control register, however this is a privileged operation in order to enforce security and robustness. By way of comparison, a 286 could only be returned to real mode by forcing a processor reset, e.g. by a triple fault or using external hardware. The x86-64 architecture does not use segmentation in long mode (64-bit mode). Four of

2494-589: The practical effect is only that no segment can be longer than 64 KB, rather than that every segment must be 64 KB long. Because there is no protection or privilege limitation in real mode, even if a segment could be defined to be smaller than 64 KB, it would still be entirely up to the programs to coordinate and keep within the bounds of their segments, as any program can always access any memory (since it can arbitrarily set segment selectors to change segment addresses with absolutely no supervision). Therefore, real mode can just as well be imagined as having

2552-412: The scope of discussion), so many 32-bit operating systems simulate a flat memory model by setting all segments' bases to 0 in order to make segmentation neutral to programs. For instance, the Linux kernel sets up only 4 general purpose segments: Since the base is set to 0 in all cases and the limit 4 GiB, the segmentation unit does not affect the addresses the program issues before they arrive at

2610-428: The segment base in each segment descriptor is also 32-bit (instead of 24-bit). The general operation of the segmentation unit is otherwise unchanged. The paging unit may be enabled or disabled; if disabled, operation is the same as on the 80286. If the paging unit is enabled, addresses in a segment are now virtual addresses, rather than physical addresses as they were on the 80286. That is, the segment starting address,

2668-425: The segment registers, CS, SS, DS, and ES, are forced to base address 0, and the limit to 2 . The segment registers FS and GS can still have a nonzero base address. This allows operating systems to use these segments for special purposes. Unlike the global descriptor table mechanism used by legacy modes, the base address of these segments is stored in a model-specific register . The x86-64 architecture further provides

2726-563: The segment registers. That selector consists of a 2-bit Requested Privilege Level (RPL), a 1-bit Table Indicator (TI), and a 13-bit index. When attempting address translation of a given logical address, the processor reads the 64-bit segment descriptor structure from either the Global Descriptor Table when TI=0 or the Local Descriptor Table when TI=1. It then performs the privilege check: where CPL

2784-442: The setup of the segment registers. For example, in the tiny model CS=DS=SS, that is the program's code, data, and stack are all contained within a single 64 KB segment. In the small memory model DS=SS, so both data and stack reside in the same segment; CS points to a different code segment of up to 64 KB. The 80286 's protected mode extends the processor's address space to 2 bytes (16 megabytes), but not by adjusting

2842-575: The shift value. Instead, the 16-bit segment registers now contain an index into a table of segment descriptors containing 24-bit base addresses to which the offset is added. To support old software, the processor starts up in "real mode", a mode in which it uses the segmented addressing model of the 8086. There is a small difference though: the resulting physical address is no longer truncated to 20 bits, so real mode pointers (but not 8086 pointers) can now refer to addresses between 100000 16 and 10FFEF 16 . This roughly 64-kilobyte region of memory

2900-478: The special SWAPGS instruction, which allows swapping the kernel mode and user mode base addresses. For instance, Microsoft Windows on x86-64 uses the GS segment to point to the Thread Environment Block , a small data structure for each thread , which contains information about exception handling, thread-local variables, and other per-thread state. Similarly, the Linux kernel uses

2958-445: The value of IF in the simulated 16-bit FLAGS register (32-bit PUSHFD/POPFD continues to GP fault). VIP will cause a GP fault on the setting of simulated IF, directing the OS to process any pending interrupts. PVI is the same idea but only affects CLI/STI instructions. First generation AMD Ryzen CPUs have been found to feature a broken VME implementation. The second generation Ryzen (2000 series) has fixed this issue. Virtual 8086 mode

SECTION 50

#1732790751224

3016-468: The value of second bit (bit number 1, 0x2 in value) in EDX register, which is set if VME is supported by the processor. In Linux, this latter bit is reported as the vme flag in the /proc/ cpuinfo file, under the "flags" section. In virtual 8086 mode, the basic idea is that when IOPL is less than 3, PUSHF/POPF/STI/CLI/INT/IRET instructions will treat the value of VIF in the real 32-bit EFLAGS register as

3074-525: The virtual processor directly in real mode using the "unrestricted guest" feature (which itself requires Extended Page Tables ); this method removes the need to resort to the nested virtual 8086 mode simply to run the legacy BIOS for booting. AMD-V can do virtual 8086 mode in guests, too, but it can also just run the guest in "paged real mode" using the following steps: you create a SVM (Secure Virtual Machine) mode guest with CR0.PE=0, but CR0.PG=1 (that is, with protected mode disabled but paging enabled), which

3132-490: The way the segment address and offset are added, a single linear address can be mapped to up to 2 = 4096 distinct segment:offset pairs. For example, the linear address 08124h can have the segmented addresses 06EFh:1234h, 0812h:0004h, 0000h:8124h, etc. This could be confusing to programmers accustomed to unique addressing schemes, but it can also be used to advantage, for example when addressing multiple nested data structures. While real mode segments are always 64  KB long,

3190-475: Was done in real mode. This limitation can be worked around on 32-bit CPUs which permit the use of memory pointers greater than 64k in size, however as the Segment Limit field is only 24-bit long, the maximum segment size that can be created is 16MB (although paging can be used to allocate more memory, no individual segment may exceed 16MB). This method was commonly used on Windows 3.x applications to produce

3248-529: Was known as the High Memory Area (HMA), and later versions of DOS could use it to increase the available "conventional" memory (i.e. within the first MB ). With the addition of the HMA, the total address space is approximately 1.06 MB. Though the 80286 does not truncate real-mode addresses to 20 bits, a system containing an 80286 can do so with hardware external to the processor, by gating off

3306-400: Was significantly sluggish. Windows 3.x worked around both of these problems by intentionally triggering a triple fault in the interrupt-handling mechanisms of the CPU, which would cause the CPU to drop back into real mode, nearly instantly. A logical address consists of a 16-bit segment selector (supplying 13+1 address bits) and a 16-bit offset. The segment selector must be located in one of

3364-518: Was the Pentium Pro CPU in 1995, the immediate successor to the original Pentium design (P5). P6 processors dynamically translate IA-32 instructions into sequences of buffered RISC-like micro-operations , then analyze and reorder the micro-operations to detect parallelizable operations that may be issued to more than one execution unit at once. The Pentium Pro was the first x86 microprocessor designed by Intel to use this technique, though

#223776