23 0
-'"'
9.1 INTERRUPT DESCRIPTOR TABLE Many different events may cause an inter-rupt. To allow the reason for an interrupt to be easily identified, each interrupt source is given a number called the interrupt vector. Up to 256 different interrupt vectors (numbers) are possible. See figure 9-1.
A table is used to define the handler for each interrupt vector. The Interrupt Descriptor Table (IDT) defines the interrupt handlers for up to 256 different interrupts. The IDT is in physical memory, pointed to by the contents of the on-chip IDT register that contains a 24-bit base and a 16-bit limit. The IDTR is normally loaded with the LIDT instruction by code that executes at privilege level 0 during system initialization. The IDT may be located anywhere in the physical address space of the iAPX 286.
Each IDT entry is a 4-word gate descriptor that contains a pointer to the handler. The
MEMORY
GATE FOR INTERRUPT #n
GATE FOR INTERRUPT #n-1
· · ·
GATE FOR INTERRUPT # 1
GATE FOR INTERRUPT #0
-r
h
INTERRUPT DESCRIPTOR TABLE (lOT)
THE lOT MAY CONTAIN INTERRUPT GATES, TRAPS OR TASK GATES ONLY.
Figure 9-1. Interrupt Descriptor Table Definition
INTERRUPTS AND EXCEPTIONS
three types of gates permitted in the IDT are interrupt gates, trap gates (discussed in section 9.3), and task gates (discussed in section 9.5). Interrupt and task gates process interrupts in the same task, while task gates cause a task switch. Any other descriptor type in the IDT will cause an exception if it is referenced by an interrupt.
The IDT need not contain all 256 entries. A 16-bit limit register allows less than the full number of entries. Unused entries may be signaled by placing a zero in the access rights byte. If an attempt is made to access an entry outside the table limit, or if the wrong descriptor type is found, a general protection fault occurs with an error code pushed on the stack identifying the invalid interrupt vector (see figure 9-2).
Exception error codes that refer to an IDT entry can be identified by bit 1 of the error code that will be set. Bit 0 of the error code is 1 if the interrupt was caused by an event external to the program (i.e., an external interrupt, a single step, a processor extension error, or a processor extension not present).
Interrupts 0-31 are reserved for use by Intel.
Some of the interrupts are used for
instruc-tion excepinstruc-tions. The IDT limit must be at least 255 (32X8-l) to accommodate the minimum number of interrupts. The remain-ing 224 interrupts are available to the user.
9.2 HARDWARE INITIATED INTERRUPTS Hardware-initiated interrupts are caused by some external event that activates either the INTR or NMI input pins of the processor.
Events that use the INTR input are classified as maskable interrupts. Events that use the NMI input are classified as non-maskable interrupts.
All 224 user-defined interrupt sources share the INTR input, but each has the ability to use a separate interrupt handler. An 8-bit vector supplied by the interrupt controller identifies which interrupt is being signaled. To read the interrupt id, the processor performs the interrupt acknowledge bus sequence.
Maskable interrupts (from the INTR input) can be inhibited by software by setting the interrupt flag bit (IF) to 0 in the flag word.
The IF bit does not inhibit exceptions or interrupts caused by the INT instruction. The IF bit also does not inhibit processor exten-sion interrupts.
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
0 0 0 0 0 lOT VECTOR 0 1
E X T
1 An event external to the program caused the exception (i.e., external interrupt, single step, processor extension error)
o An exception occurred while processing an instruction at CS:IP saved on stack
Figure 9-2. lOT Selector Error Code
9-2
INTERRUPTS AND EXCEPTIONS
The type of gate placed into the IDT for the interrupt vector will control whether other maskable interrupts remain enabled or not during the servicing of that interrupt. The flag word that was saved on the stack reflects the maskable interrupt enable status of the processor prior to the interrupt. The proce-dure servicing a maskable interrupt can also prevent further maskable interrupts during its work by resetting the IF flag.
Non-maskable interrupts are caused by the NMI input. They have a higher priority than the maskable interrupts (meaning that in case of simultaneous requests, the non-maskable interrupt will be serviced first). A non-maskable interrupt has a fixed vector (#2) and therefore does not require an interrupt further interrupted by other non-maskable interrupt requests until an IRET instruction is executed. A further NMI request is remembered by the hardware and will be serviced after the first IRET instruction. Only one NMI request can be remembered. To prevent a maskable interrupt from interrupt-ing the NMI interrupt handler, the IF flag should be cleared either by using an interrupt gate in the IDT or by setting IF = 0 in the flag word of the task involved.
9.3 SOFTWARE INITIATED INTERRUPTS Software initiated interrupts occur explicitly as interrupt instructions or may arise as the result of an exceptional condition that prevents the continuation of program execu-tion. Software interrupts are not maskable.
Two interrupt instructions exist which explic-itly cause an interrupt: INT nand INT 3. The first allows specification of any interrupt
vector; the second implies interrupt vector 3 (Breakpoint ).
Other instructions like INTO, BOUND, DIY, and IDlY may cause an interrupt, depending on the overflow flag or values of the operands.
These instructions have predefined vectors associated with them in the first 32 interrupts reserved by Intel.
A whole class of interrupts called exceptions are intended to detect faults or programming errors (in the use of operands or privilege codes as well as the priority among interrupts that can occur simultaneously.
9.4 INTERRUPT GATES AND TRAP GATES Interrupt gates and trap gates are special types of descriptors that may only appear in the interrupt descriptor table. The difference between a trap and an interrupt gate is whether the interrupt enable flag is to be cleared or not. An interrupt gate specifies a procedure that enters with interrupts disabled (i.e., with the interrupt enable flag cleared);
entry via a trap gate leaves the interrupt enable status unchanged. The NT flag is always cleared (after the old NT state is saved on the stack) when an interrupt uses these gates. Interrupts that have either gate in the associated IDT entry will be processed in the current task.
Interrupts and trap gates have the same structure as the call gates discussed in section 7.5.1. The selector and entry point for a code segment to handle the interrupt or exception is contained in the gate. See figure 9-3.
INTERRUPTS AND EXCEPTIONS
The access byte contains the Present bit, the descriptor privilege level, and the type identi-fier. Bits 0-4 of the access byte have a value of 00110 for interrupt gates, 00111 for trap gates. Byte 5 of the descriptor is not used by either of these gates; it is used only by the call gate, which uses it as the parameter word-count.
Trap and interrupt gates allow a privilege level transition to occur when passing control to a non-conforming code segment. Like a call gate, the DPL of the target code segment selected determines the new CPL. The DPL of the new non-conforming code segment must be numerically less than or equal to CPL.
No privilege transition occurs if the new code segment is conforming. If the DPL of the conforming code segment is greater than the CPL, a general protection exception will occur.
As with all descriptors, these gates in the IDT carry a privilege level. The DPL controls access to interrupts with the INT nand INT 3 instructions. For access, the CPL of the program must be less than or equal to the gate DPL. If the CPL is not, a general protection exception will result with an error code
identifying the selected IDT gate. For excep-tions and external interrupts, the CPL of the program is ignored while accessing the IDT.
Interrupts using a trap or an interrupt gate are handled in the same manner as an iAPX 86 interrupt. The flags and return address of the interrupted program are saved on the stack of the interrupt handler. To return to the interrupted program, the interrupt handler executes an IRET instruction.
If an increase in privilege is required for handling the interrupt, a new stack will be loaded from the TSS. The stack pointer of the old privilege level will also be saved on the new stack in the same manner as a call gate.
Figure 9-4 shows the stack contents after an exception with an error code (with and without a privilege level change).
If an interrupt or trap gate is used to handle an exception that passes an error code, the error code will be pushed onto the new stack after the return address (as shown in figure 9-4). If a task gate is used, the error code is pushed onto the stack of the new task. The return address is saved in the old TSS.
+7 INTEL RESERVED' +6
+5 P\DP21010 1 1
T
I
UNUSED+3 INTERRUPT CODE SEGMENT SELECTOR
+1 INTERRUPT CODE OFFSET
T ~ 1 FOR TRAP GATE
• MUST BE SET TO 0 FOR
COMPATIBILITY WITH iAPX 386 T ~ 0 FOR INTERRUPT GATE
Figure 9-3. Trap/Interrupt Gate Descriptors
9-4
+4 +2 +0
INTERRUPTS AND EXCEPTIONS
OLD SP
--
NO PRIVILEGE TRANSITIONOLD FLAGS OLDCS
OLD IP ERROR CODE SP
h ,
SS _ _
r ... ----~r
SP FROM TSS - - WITH PRIVILEGE TRANSITION
OLD SS OLD SP OLD FLAGS
OLDCS OLD IP ERROR CODE SP
"' 'h
SS FROM TSS _ _ ....
1---... 1
STACK SEGMENT
Figure 9-4. Stack Layout After an Exception with an Error Code If an interrupt gate is used to handle an
inter-rupt, it is assumed that the selected code segment has sufficient privilege to re-enable interrupts. The IRET instruction will not re-enable interrupts if CPL is numerically greater than IOPL.
Table 9-1 shows the checks performed during an interrupt operation that uses an interrupt or trap gate. EXT equals I when an event external to the program is involved, 0 other-wise. External events are maskable or non-maskable interrupts, single step interrupt,
processor extension segment overrun inter-rupt, numeric processor not-present excep-tion or numeric processor error. The EXT bit signals that the interrupt or exception is not related to the instruction at CS:IP. Each error code has bit 1 set to indicate an IDT entry is involved.
When the interrupt has been serviced, the service routine returns control via an IRET instruction to the routine that was inter-nlpted. If an error code was passed, the exception handler must remove the error code from the stack before executing IRET.
INTERRUPTS AND EXCEPTIONS
Table 9-1. Trap and Interrupt Gate Checks Check
Interrupt vector is in lOT limit
Trap, Interrupt, or Task Gate in lOT Entry If INT instruction, gate OPL ;::: CPL P bit of gate is set
Code segment selector is in descriptor table limit CS selector refers to a code segment
If code segment is non-conforming, Code Segment DPL::5 CPL
If code segment is non-conforming, and OPL < CPL and if SS selector in TSS is in descriptor table limit
If code segment is non-conforming, and OPL < CPL and if SS is a writable data segment
If code segment is non-conforming, and OPL < CPL and code segment OPL = stack segment OPL
If code segment is non-conforming, and OPL < CPL and if SS is present
If code segment is non-conforming, and OPL < CPL and if there is enough space for 5 words on the stack (or 6 if error code is required)
If code segment is conforming, then OPL ;:::CPL If code segment is not present
If IP is not within the limit of code segment
• GP = General Protection Exception N P = Not Present Exception SF = Stack Fault
Exception· Error Code GP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT NP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT GP lOT entry X 8 + 2 + EXT GP Stack segment selector + EXT SF Stack segment selector + EXT
SF 0+ EXT
GP Code segment selector + EXT NP Code segment selector + EXT
GP 0+ EXT
The NT flag is cleared when an interrupt occurs which uses an interrupt or trap gate.
Executing IRET with NT=O causes the normal interrupt return function. Executing IRET with NT= 1 causes a task switch (see section 8.4 for more details).
performed since no parameters are on the stack. See section 7.5.2 for information on inter-level returns.
Like the RET instruction, IRET is restricted to return to a level of equal or lesser privilege unless a task switch occurs. The IRET instruction works like the inter-segment RET instruction except that the flag word is popped and no stack pointer update for parameters is
9-6
To distinguish an inter-level IRET, the new CPL (which is the RPL of the return address CS selector) is compared with the current CPL. If they are the same, the IP and flags are popped and execution continues.
An inter-level return via IRET has all the same checks as shown in table 7-4. The only difference is the extra word on the stack for the old flag word.
INTERRUPTS AND EXCEPTIONS
Interrupt gates are typically associated with high-priority hardware interrupts for automatically disabling interrupts upon their invocation. Trap gates are typically software-invoked since they do not disable the maska-ble hardware interrupts. However, low-prior-ity interrupts (e.g., a timer) are often invoked via a trap gate to allow other devices of higher priority to interrupt the handler of that lower priority interrupt.
Table 9-2 illustrates how the interrupt enable flag and interrupt type interact with the type of gate used.
9.5 TASK GATES AND INTERRUPT TASKS The iAPX 286 allows interrupts to directly cause a task switch. When an interrupt vector selects an entry in the IDT which is a task gate, a task switch occurs. The format of a task gate is described in section 8.5. If a task gate is used to handle an exception that passes an error code, the error code will be pushed onto the new task's stack.
A task gate offers two advantages over interrupt gates:
1. It automatically saves all of the processor registers as part of the task-switch opera-tion whereas an interrupt gate saves only the flag register and CS:IP.
2. The new task is completely isolated from the task that was interrupted. Address spaces are isolated and the interrupt-handling task is unaffected by the privilege level of the interrupted task.
An interrupt task switch works like any other task switch once the TSS selector is fetched from the task gate. Like a trap or an inter-rupt gate, privilege and presence rules are applied to accessing a task gate during an interrupt.
Interrupts that cause a task switch set the NT bit in the flags of the new task. The TSS selector of the interrupted task is saved in the back link field of the new TSS. The inter-rupting task executes IRET to perform a task switch to return to the interrupted task because NT was previously set. The interrupt task state is saved in its TSS before returning control to the task that was interrupted; NT is restored to its original value in the inter-rupted task.
Since the interrupt handler state after executing IRET is saved, a re-entry of the interrupt service task will result in the execu-tion of the instrucexecu-tion that follows IRET.
Therefore, when the next interrupt occurs, the machine state will be the same as that when the IRET instruction was executed.
Table 9-2. Interrupt and Gate Interactions
Type of Type of Further Further Further Further software
Interrupt Gate NMls? INTRs? Exceptions? Interrupts?
NMI Trap No Yes Yes Yes
NMI Interrupt No No Yes Yes
INTR Trap Yes Yes Yes Yes
INTR Interrupt Yes No Yes Yes
Software Trap Yes Yes Yes Yes
Software Interrupt Yes No Yes Yes
Exception Trap Yes Yes Yes Yes
Exception Interrupt Yes No Yes Yes
INTERRUPTS AND EXCEPTIONS
Note that an interrupt task resumes execu-tion each time it is re-invoked, whereas an interrupt procedure starts executing at the beginning of the procedure each time. The interrupted task restarts execution at the point of interruption because interrupts occur before the execution of an instruction.
When an interrupt task is used, the task must be concerned with avoiding further interrupts while it is operating. A general protection exception will occur if a task gate referring to a busy TSS is used while processing an inter-rupt. If subsequent interrupts can occur while the task is executing, the IF bit in the flag word (saved in the TSS) must be zero.
9.5.1 Scheduling Considerations
A software-scheduled operating system must be designed to handle the fact that interrupts can come along in the middle of scheduled tasks and cause a task switch to other tasks.
The interrupt-scheduled tasks may call the operating system and eventually the schedu-ler, which needs to recognize that the task that just called it is not the one the operating interrupt-scheduled since the scheduler last ran. The scheduler must find via the backlink fields in each TSS all tasks that have been interrupted. The scheduler can clear those links and reset the busy bit in the TSS descriptors, putting them back in the sched-uling queue for a new analysis of execution priorities. Unless the interrupted tasks are placed back in the scheduling queue, they would have to await a later restart via the task that interrupted them.
To locate tasks that have been interrupt-scheduled, the scheduler looks into the current task's TSS backlink (word one of the TSS),
The backlink field of each interrupt-scheduled task should be set by the scheduler to point to a scheduling task that will reschedule the highest priority task when the interrupt-scheduled task executes IRET.
9.5.2 Deciding Between Task, Trap, and Interrupt Gates
Interrupts and exceptions can be handled with either a trap/interrupt gate or a task gate.
The advantages of a task gate are all the registers are saved and a .new set is loaded with full isolation between the interrupted task and the interrupt handler. The advan-tages of a trap/interrupt gate are faster response to an interrupt for simple operations and easy access to pointers in the context of the interrupted task. All interrupt handlers use IRET to resume the interrupted program.
Trap/interrupt gates require that the inter-rupt handler be able to execute at the same or greater privilege level than the interrupted program. If any program executing at level 0 can be interrupted through a trap/task gate, the interrupt handler must also execute at level 0 to avoid general protection exception.
All code, data, and stack segment descriptors must be in the GDT to allow access from any task. But, placing all system interrupt handlers at privilege level 0 may be in
All code, data, and stack segment descriptors must be in the GDT to allow access from any task. But, placing all system interrupt handlers at privilege level 0 may be in