中斷——中斷描述符表的定義和初始化(一) (基于3.16-rc4)1.中斷描述符表的定義(arch/x86/kernel/traps.c)
1 gate_desc debug_idt_table[NR_VECTORS] __page_aligned_bss;
定義的描述符表為一個結構體數組,數組元素類型為gate_desc�,大小為8B。NR_VECTORS宏為256,即描述符表大小為256*8B�。
2.idt_descr變量的定義(arch/x86/kernel/head_32.S)
1 idt_descr:2 .Word IDT_ENTRIES*8-1 # idt contains 256 entries3 .long idt_table4 5 # boot GDT descriptor (later on used by CPU#0):6 .word 0 # 32 bit align gdt_desc.address
這是內核定義的一個全局變量,存放有中斷描述符表的大小和首地址�。該變量將存放在idtr寄存器中�。
3.中斷描述符初步的初始化(arch/x86/kernel/head_32.S)
1 __INIT 2 setup_once: 3 /* 4 * Set up a idt with 256 entries pointing to ignore_int, 5 * interrupt gates. It doesn't actually load idt - that needs 6 * to be done on each CPU. Interrupts are enabled elsewhere, 7 * when we can be relatively sure everything is ok. 8 */ 9 10 movl $idt_table,%edi11 movl $early_idt_handlers,%eax12 movl $NUM_EXCEPTION_VECTORS,%ecx13 1:14 movl %eax,(%edi)15 movl %eax,4(%edi)16 /* interrupt gate, dpl=0, PResent */17 movl $(0x8E000000 + __KERNEL_CS),2(%edi)18 addl $9,%eax19 addl $8,%edi20 loop 1b21 22 movl $256 - NUM_EXCEPTION_VECTORS,%ecx23 movl $ignore_int,%edx24 movl $(__KERNEL_CS << 16),%eax25 movw %dx,%ax /* selector = 0x0010 = cs */26 movw $0x8E00,%dx /* interrupt gate - dpl=0, present */27 2:28 movl %eax,(%edi)29 movl %edx,4(%edi)30 addl $8,%edi31 loop 2b32 ...33 ...
這段代碼是對中斷描述符表的初步初始化,14-20行是對前32個中斷描述符進行初始化�,讓所有描述符指向early_idt_handlers處理函數。22-31行是對后256-32=224個中斷描述符進行初始化�,使之指向ignore_int處理函數。省略號以后是對GDT描述符表的初始化�,這里不予討論。
4.中斷描述符表最終的初始化(arch/x86/kernel/traps.c)
1 void __init trap_init(void) 2 { 3 int i; 4 5 #ifdef CONFIG_EISA 6 void __iomem *p = early_ioremap(0x0FFFD9, 4); 7 8 if (readl(p) == 'E' + ('I'<<8) + ('S'<<16) + ('A'<<24)) 9 EISA_bus = 1;10 early_iounmap(p, 4);11 #endif12 13 set_intr_gate(X86_TRAP_DE, divide_error);14 set_intr_gate_ist(X86_TRAP_NMI, &nmi, NMI_STACK);15 /* int4 can be called from all */16 set_system_intr_gate(X86_TRAP_OF, &overflow);17 set_intr_gate(X86_TRAP_BR, bounds);18 set_intr_gate(X86_TRAP_UD, invalid_op);19 set_intr_gate(X86_TRAP_NM, device_not_available);20 #ifdef CONFIG_X86_3221 set_task_gate(X86_TRAP_DF, GDT_ENTRY_DOUBLEFAULT_TSS);22 #else23 set_intr_gate_ist(X86_TRAP_DF, &double_fault, DOUBLEFAULT_STACK);24 #endif25 set_intr_gate(X86_TRAP_OLD_MF, coprocessor_segment_overrun);26 set_intr_gate(X86_TRAP_TS, invalid_TSS);27 set_intr_gate(X86_TRAP_NP, segment_not_present);28 set_intr_gate_ist(X86_TRAP_SS, &stack_segment, STACKFAULT_STACK);29 set_intr_gate(X86_TRAP_GP, general_protection);30 set_intr_gate(X86_TRAP_SPURIOUS, spurious_interrupt_bug);31 set_intr_gate(X86_TRAP_MF, coprocessor_error);32 set_intr_gate(X86_TRAP_AC, alignment_check);33 #ifdef CONFIG_X86_MCE34 set_intr_gate_ist(X86_TRAP_MC, &machine_check, MCE_STACK);35 #endif36 set_intr_gate(X86_TRAP_XF, simd_coprocessor_error);37 38 /* Reserve all the builtin and the syscall vector: */39 for (i = 0; i < FIRST_EXTERNAL_VECTOR; i++)40 set_bit(i, used_vectors);41 42 #ifdef CONFIG_IA32_EMULATION43 set_system_intr_gate(IA32_SYSCALL_VECTOR, ia32_syscall);44 set_bit(IA32_SYSCALL_VECTOR, used_vectors);45 #endif46 47 #ifdef CONFIG_X86_3248 set_system_trap_gate(SYSCALL_VECTOR, &system_call);FIRST_EXTERNAL_VECTOR49 set_bit(SYSCALL_VECTOR, used_vectors);50 #endif51 52 /*53 * Set the IDT descriptor to a fixed read-only location, so that the54 * "sidt" instruction will not leak the location of the kernel, and55 * to defend the IDT against arbitrary memory write vulnerabilities.56 * It will be reloaded in cpu_init() */57 __set_fixmap(FIX_RO_IDT, __pa_symbol(idt_table), PAGE_KERNEL_RO);58 idt_descr.address = fix_to_virt(FIX_RO_IDT);59 60 /*61 * Should be a barrier for any external CPU state:62 */63 cpu_init();64 65 x86_init.irqs.trap_init();66 67 #ifdef CONFIG_X86_6468 memcpy(&debug_idt_table, &idt_table, IDT_ENTRIES * 16);69 set_nmi_gate(X86_TRAP_DB, &debug);70 set_nmi_gate(X86_TRAP_BP, &int3);71 #endif72 }該函數對中斷描述表的進行了部分初始化�,13-36行對系統已分配的異常和非屏蔽中斷進行初始化,中斷向量號為0-19�。接著,39-40行在中斷位圖表中對已初始化的中斷所對應的位進行標記�。接著,43和48行又出始化了兩個中斷�,一個是系統中斷門,中斷向量號為0x80�,一個是系統陷阱門,中斷向量號為2�。
在該函數中,大家可以看出�,對中斷進行初始化的函數有如下幾個:
1 set_intr_gate()2 set_system_intr_gate()3 set_system_trap_gate()4 set_task_gate()
這幾個函數也在arch/x86/kernel/traps.c中定義�。分別是對中斷門�,系統中斷門,系統陷阱門�,任務門描述符的初始化。進一步深入可發現�,這幾個函數都調用了如下的函數:
1 static inline void _set_gate(int gate, unsigned type, void *addr, 2 unsigned dpl, unsigned ist, unsigned seg) 3 { 4 gate_desc s; 5 6 pack_gate(&s, type, (unsigned long)addr, dpl, ist, seg); 7 /* 8 * does not need to be atomic because it is only done once at 9 * setup time10 */11 write_idt_entry(idt_table, gate, &s);12 write_trace_idt_entry(gate, &s);13 }該函數定義在arch/x86/include/asm/desc.h文件中。在該函數中定義了一個gate_desc類型變量s�,并將s的指針傳遞給pack_gate函數,把要初始化的描述符各個字段的值臨時存放在s中�。下邊分析下pack_gate函數�,在分析該函數之前,我們先看下gate_desc結構體�。
1 struct desc_struct { 2 union { 3 struct { 4 unsigned int a; 5 unsigned int b; 6 }; 7 struct { 8 u16 limit0; 9 u16 base0;10 unsigned base1: 8, type: 4, s: 1, dpl: 2, p: 1;11 unsigned limit: 4, avl: 1, l: 1, d: 1, g: 1, base2: 8;12 };13 };14 } __attribute__((packed));typedef struct desc_struct gate_desc該結構體定義位于arch/x86/include/asm/desc_defs.h中。該結構體中包含了一個共用體�,共用體中又包含了兩個結構體。我們知道�,共用體在分配內存單元時,并不為每個成員都分配�,而是為最大的成員來分配??梢钥闯鲈摴灿皿w的兩個結構體成員大小相等,都是8B�,因此整個gate_desc結構體大小就為8B。我們可以使用共用體中的任意一個結構體成員來為這個gate_desc賦值�,也就是說我們既可以將gate_desc看成是struct { unsigned int a; unsigned int b; };也可以看成是struct {u16 limit0;u16 base0; .... };下面在分析pack_gate函數過程中將看到賦值過程�,我們將gate_desc看作是struct { unsigned int a; unsigned int b; };�。
1 static inline void pack_gate(gate_desc *gate, unsigned char type,2 unsigned long base, unsigned dpl, unsigned flags,3 unsigned short seg)4 {5 gate->a = (seg << 16) | (base & 0xffff);6 gate->b = (base & 0xffff0000) | (((0x80 | type | (dpl << 5)) & 0xff) << 8);7 }該函數也定義在arch/x86/include/asm/desc.h文件中。在該函數中為gate所指向的gate_desc描述符進行初始化�。gate->a是描述符的0-31位,gate->b是描述符的32-63位�。描述符的如下所示:
接著,我們分析_set_gate()中的11行�,write_idt_entry()調用。
1 static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate)2 {3 memcpy(&idt[entry], gate, sizeof(*gate));4 }#define write_idt_entry() native_write_idt_entry() //粗略的寫了下�,大家能明白就行 該函數定義在arch/x86/include/asm/desc.h中。在該函數中�,使用memcpy()函數將gate中的字段復制到&idt[entry]所指向的各個字段中。很顯然�,idt[]數組就是內核中定義的中斷描述符表,我們在文章開頭給大家看過該定義�。gate就是我們在_set_gate()中定義的臨時變量s,在這里我們將s中的字段值賦給idt[]數組的對應元素�,至此一個描述符的初始化工作就全部完成了,s變量的用途也就結束了�,另外,entry變量中存放的是要初始化的中斷向量號�,用該號來定位idt數組的元素。
最后�,再補充說明一點東西,回頭看下第4點中的trap_init()函數�,在該函數中對中斷描述符表進行初始化�,使用了很多初始化函數比如set_intr_gate()或set_system_intr_gate()等等�,我們拿第一個初始化函數set_intr_gate(X86_TRAP_DE, divide_error)來做說明。X86_TRAP_DE是枚舉類型參數�,代表的是中斷向量號,定義在arch/x86/include/asm/traps.h文件中�。這種枚舉類型其實有很多。
1 /* Interrupts/Exceptions */ 2 enum { 3 X86_TRAP_DE = 0, /* 0, Divide-by-zero */ 4 X86_TRAP_DB, /* 1, Debug */ 5 X86_TRAP_NMI, /* 2, Non-maskable Interrupt */ 6 X86_TRAP_BP, /* 3, Breakpoint */ 7 X86_TRAP_OF, /* 4, Overflow */ 8 X86_TRAP_BR, /* 5, Bound Range Exceeded */ 9 X86_TRAP_UD, /* 6, Invalid Opcode */10 X86_TRAP_NM, /* 7, Device Not Available */11 X86_TRAP_DF, /* 8, Double Fault */12 X86_TRAP_OLD_MF, /* 9, Coprocessor Segment Overrun */13 X86_TRAP_TS, /* 10, Invalid TSS */14 X86_TRAP_NP, /* 11, Segment Not Present */15 X86_TRAP_SS, /* 12, Stack Segment Fault */16 X86_TRAP_GP, /* 13, General Protection Fault */17 X86_TRAP_PF, /* 14, Page Fault */18 X86_TRAP_SPURIOUS, /* 15, Spurious Interrupt */19 X86_TRAP_MF, /* 16, x87 Floating-Point Exception */20 X86_TRAP_AC, /* 17, Alignment Check */21 X86_TRAP_MC, /* 18, Machine Check */22 X86_TRAP_XF, /* 19, SIMD Floating-Point Exception */23 X86_TRAP_IRET = 32, /* 32, IRET Exception */24 };第二個參數�,是匯編函數的函數名(在這里作為函數指針來使用),該函數為內核原先就定義好的中斷或異常處理程序�。這種類型的函數有很多,都定義在arch/x86/kernel/entry_32.S文件中�,下邊我們列舉幾個給大家看看,有興趣自己去查�。
1 ENTRY(segment_not_present) 2 RING0_EC_FRAME 3 ASM_CLAC 4 pushl_cfi $do_segment_not_present 5 jmp error_code 6 CFI_ENDPROC 7 END(segment_not_present) 8 9 ENTRY(stack_segment)10 RING0_EC_FRAME11 ASM_CLAC12 pushl_cfi $do_stack_segment13 jmp error_code14 CFI_ENDPROC15 END(stack_segment)16 17 ENTRY(alignment_check)18 RING0_EC_FRAME19 ASM_CLAC20 pushl_cfi $do_alignment_check21 jmp error_code22 CFI_ENDPROC23 END(alignment_check)24 25 ENTRY(divide_error)26 RING0_INT_FRAME27 ASM_CLAC28 pushl_cfi $0 # no error code29 pushl_cfi $do_divide_error30 jmp error_code31 CFI_ENDPROC32 END(divide_error)
這些匯編代碼只是異常處理程序的開頭一部分,可以看到每一個匯編段中�,都有一條pushl_cfi $do_***的指令�,該$do_***才是真正的異常處理程序(函數名,也是函數指針)�,現將該函數名壓入棧中,然后通過jmp error_code指令跳轉到$do_***函數中�。error_code其實也是一段匯編代碼,如下所示:
1 error_code: 2 /* the function address is in %gs's slot on the stack */ 3 pushl_cfi %fs 4 /*CFI_REL_OFFSET fs, 0*/ 5 pushl_cfi %es 6 /*CFI_REL_OFFSET es, 0*/ 7 pushl_cfi %ds 8 /*CFI_REL_OFFSET ds, 0*/ 9 pushl_cfi %eax10 CFI_REL_OFFSET eax, 011 pushl_cfi %ebp12 CFI_REL_OFFSET ebp, 013 pushl_cfi %edi14 CFI_REL_OFFSET edi, 015 pushl_cfi %esi16 CFI_REL_OFFSET esi, 017 pushl_cfi %edx18 CFI_REL_OFFSET edx, 019 pushl_cfi %ecx20 CFI_REL_OFFSET ecx, 021 pushl_cfi %ebx22 CFI_REL_OFFSET ebx, 023 cld24 movl $(__KERNEL_PERCPU), %ecx25 movl %ecx, %fs26 UNWIND_ESPFIX_STACK27 GS_TO_REG %ecx28 movl PT_GS(%esp), %edi # get the function address29 movl PT_ORIG_EAX(%esp), %edx # get the error code30 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart31 REG_TO_PTGS %ecx32 SET_KERNEL_GS %ecx33 movl $(__USER_DS), %ecx34 movl %ecx, %ds35 movl %ecx, %es36 TRACE_IRQS_OFF37 movl %esp,%eax # pt_regs pointer38 call *%edi39 jmp ret_from_exception40 CFI_ENDPROC41 END(page_fault)
該片段來自arch/x86/kernel/entry_32.S文件中�。代碼的開始部分3-22行,對寄存器進行壓棧操作�,因為這些寄存器將要在隨后的異常處理程序中用到�,所以事先要保存�。最后可以看到在38行,執行了call %edi命令�,調用了最終的異常處理程序,在28行可以看到將異常處理程序地址存入了edi寄存器中�。第39行通過跳入ret_from_exception中,返回被中斷的進程�。
至此,中斷描述符的初始化工作就告一段落�。文中有問題的地方希望大家指正。QQ:1193533825
