由硬件自动实现的中断响应和异常处理的步骤如下:
首先,判断中断向量号要索引的门描述符是否超出IDT的界限。若超出界限,就引起通用保护故障,出错码为中断向量号乘8再加2。 其次,从IDT中取得对应的门描述符,分解出选择子、偏移量和描述符属性类型,并进
行有关检查。描述符只能是任务门、286中断门、286陷阱门、386中断门或386陷阱门,否则就引起通用保护故障,出错码是中断向量号乘8再加2。如果是由INT
n指令或INTO指令引起转移,还要检查中断门、陷阱门或任务门描述符中的DPL是否满足CPL<=DPL(对于其它的异常或中断,门中的DPL被
忽略)。这种检查可以避免应用程序执行INT
n指令时,使用分配给各种设备用的中断向量号。如果检查不通过,就引起通用保护故障,出错码是中断向量号乘8再加2。门描述符中的P位必须是1,表示门描
述符是一个有效项,否则就引起段不存在故障,出错码是中断向量号乘8再加2。 最后,根据门描述符类型,分情况转入中断或异常处理程序。
[转] http://bbs.pediy.com/printthread.php?t=62336
---------------------------------
问:
ulk讲:linux用dpl=0的陷阱门实现了大多数的异常处理。并且说了dpl=0的意思是不能被用户态访问。那么不是矛盾了么?用户态还怎么访问异常处理呢?
ulk又讲到中断异常处理的硬件过程:
在验证中断是否授权时,如果是编程异常(比如int指令,但是一般的异常处理应该不是)则要拿idt的dpl和当前的cpl进行比较,如果cpl=3,而
dpl=0则产生一个generation protection异常。防止用户态通过int
0x1之类的指令访问非授权的中断描述符。这里对于普通的异常处理好像没有进行dpl的检测,刚好回答了上面的疑问。
总之,好像有点自相矛盾了。我的理解是下面一种才是正确的。上面说的dpl=0就是不能被用户态访问这句话是错误的。还请高手们指点。。。
答:
个人理解,ULK3里面说的previlidge check有两步:
1.
Makes sure the interrupt was issued by an authorized source. First,
it compares the Current Privilege Level (CPL), which is stored in the
two least significant bits of the cs register, with the Descriptor
Privilege Level (DPL ) of the Segment Descriptor included in the GDT.
Raises a "General protection " exception if the CPL is lower than the
DPL, because the interrupt handler cannot have a lower privilege than
the program that caused the interrupt.
保证中断处理程序的权限大于产生中断的程序的权限,禁止中断调用用户程序,防止恶意用户程序,而又不妨碍用户态和内核态产生中断;
2.
For programmed exceptions, makes a
further security check: compares the CPL with the DPL of the gate
descriptor included in the IDT and raises a "General protection"
exception if the DPL is lower than the CPL. This last check makes it
possible to prevent access by user applications to specific trap or
interrupt gates.
针对编程异常,执行进一步检查,防止用户态程序调用不该他产生的异常;
From Intel Manual volume 3a-3b: 6.12.1.1 Protection of Exception- and Interrupt-Handler Procedures
The processor checks the DPL of the interrupt or trap gate only if an exception or
interrupt is generated with an INT n, INT 3, or INTO instruction. Here, the CPL
must be less than or equal to the DPL of the gate. This restriction prevents
application programs or procedures running at privilege level 3 from using a
software interrupt to access critical exception handlers, such as the page-fault
handler, providing that those handlers are placed in more privileged code
segments (numerically lower privilege level). For hardware-generated interrupts
and processor-detected exceptions, the processor ignores the DPL of interrupt
and trap gates.
[转] http://bbs.chinaunix.net/thread-3616132-1-1.html