A protection violation will cause an excep-tion, i.e., a non-maskable interrupt. Such a fault can be handled by the task that caused it if an interrupt or trap gate is used, or by a different task if a task gate is used (in the IDT).
Protection exceptions can be classified into program errors or implicit requests for service.
The latter include stack overflow and not-present faults. Examples of program errors include attempting to write into a read-only segment, or violating segment limits.
Requests for service may use different inter-rupt vectors, but many diverse types of protection violation use the same general protection fault vector. Table 9-3 shows the reserved exceptions and interrupts.
When simultaneous external interrupt requests occur, they are processed in the fixed order shown in table 9-4. For each interrupt serviced, the machine state is saved. The new CS:IP is loaded from the gate or TSS. If other interrupts remain enabled, they are processed
before the first instruction of the current interrupt handler, i.e., the last interrupt processed is serviced first.
All but three exceptions are restartable after the exceptional condition is removed. The three non-restartable exceptions are the processor extension segment overrun, a segment limit exception that arises during a string operation, and writing into read only segments with ADC, SBB, RCL, and RCR instructions. The return address normally points to the failing instruction, including all leading prefixes.
The instruction and data addresses for the processor extension segment overrun are contained in the processor extension status registers.
Interrupt handlers for most exceptions receive an error code that identifies the selector involved, or a 0 in bits 15-3 of the error code field if there is no selector involved. The error code is pushed last, after the return address, on the stack that will be active when the trap handler begins execution. This ensures that the handler will not have to access another stack segment to find the error code.
Table 9-3. Reserved Exceptions and Interrupts Vector
Description Restartable Error Code
Number
0 Divide Error Exception Yes No
1 Single Step Interrupt Yes No
2 NMI Interrupt Yes No
3 Breakpoint Interrupt Yes No
4 INTO Detected Overflow Exception Yes No
5 BOUND Range Exceeded Exception Yes No
6 Invalid Opcode Exception Yes No
7 Processor Extension Not Available Exception Yes No
8 Double Exception Detected No Yes (Always O)
9 Processor Extension Segment Overrun Interrupt No No
10 Invalid Task State Segment Yes Yes
11 Segment Not Present Yes Yes
12 Stack Segment Overrun or Not Present Yes Yes
13 General Protection No Yes
INTERRUPTS AND EXCEPTIONS
Table 9-4. Interrupt Processing Order
Order Interrupt
1 Instruction exception 2 Single step
3 NMI
4 Processor extension segment overrun 5 INTR
6 INT instruction
The following sections describe the excep-tions in greater detail.
9.6.1 Invalid OP-Code (Interrupt 6)
When an invalid opcode is detected by the invalid operand. Examples include an inter-segment jump referencing a register operand, or an LES instruction with a register source operand. This exception can also occur because redundant prefixes have been placed before an instruction so that the total length of the instruction exceeds 10 bytes.
9.6.2 Double Fault (Interrupt 8)
If two separate protection violations occur during a single instruction, exception 8 (Double Fault) occurs (e.g., a general protec-tion fault in level 3 is followed by a not-present fault due to a segment not-not-present).
If another protection violation occurs during the processing of exception 8, the iAPX 286 enters shutdown, during which time no further instructions or exceptions are processed.
Either NMI or RESET can force the CPU out of shutdown. An NMI input can bring the CPU out of shutdown if no errors occur while processing the NMI interrupt; otherwise, shutdown can only be exited via the RESET input. NMI causes the CPU to remain in protected mode, and RESET causes it to exit protected mode. Shutdown is signaled exter-nally via a HALT bus operation with Al address will point at the instruction that was being executed (or was ready to execute) when the error was detected. The error code will be null.
9.6.3 Processor Extension Segment Overrun (Interrupt 9)
Interrupt 9 signals that the processor exten-sion (such· as the 80287 numerics processor) has overrun the limit of a segment while attempting to read/write the second or subse-quent words of an operand. The interrupt is generated by the processor extension data channel within the 80286 during the limit test performed on each transfer of data between memory and the processor extension. This interrupt can be handled in the same task but is not restartable.
As with all external interrupts, Interrupt 9 is an asynchronous demand caused by the processor extension referencing something outside a segment boundary. Since Interrupt 9 can occur any time after the processor extension is started, the 80286 does not save any information that identifies what particu-lar operation had been initiated in the proces-sor extension. The procesproces-sor extension
INTERRUPTS AND EXCEPTIONS
maintains special registers that identify the last instruction it executed and the address of the desired operand.
After this interrupt occurs, no WAIT or escape instruction, except FNINIT, can be executed until the interrupt condition is cleared or the processor extension is reset. The interrupt signals that the processor extension is requesting an invalid data transfer. The processor extension will always be busy when waiting on data. Deadlock results if the CPU executes an instruction that causes it to wait for the processor extension before resetting the processor extension. Deadlock means the CPU is waiting for the processor extension to become idle while the processor extension waits for the CPU to service its data request.
The FNINIT instruction is guaranteed to reset the processor extension without causing deadlock. After the interrupt is cleared, this restriction is lifted. It is then possible to read the instruction and operand address via FSTENV or FSA VE, causing the segment overrun in the processor extension's special registers.
9.6.4 Invalid Task State Segment (Interrupt 10)
Interrupt lOis invoked if during a task switch the new TSS pointed to by the task gate is invalid. The EXT bit indicates whether the exception was caused by an event outside the control of the program.
A TSS is considered invalid in the cases shown in table 9-5.
Once the existence of the new TSS is verified, the task switch is considered complete, with the backlink set to the old task if necessary.
All errors are handled in the context of the new task.
Exception 10 must use a task gate to insure a proper TSS to process it.
9.6.5 Not Present (Interrupt 11)
Exception 11 occurs when an attempt is made to load a not-present segment or to use a control descriptor that is marked not-present.
(If, however, the missing segment is an LDT
Table 9-5. Conditions that Invalidate the TSS
Reason Error Code
The limit in the TSS descriptor is less than 43 TSS id + EXT
Invalid LOT selector or LOT not present LOT id + EXT
Stack segment selector is outside table limit SS id + EXT
Stack segment is not a writable segment SS id + EXT
Stack segment OPL does not match new CPL SS id + EXT
Stack segment selector RPL =1= CPL SS id + EXT
Code segment selector is outside table limit CS id + EXT Code segment selector does not refer to code segment CS id + EXT Non-conforming code segment OPL =1= CPL CS id
+
EXTConforming code segment OPL>CPL CS id
+
EXTOS or ES segment selector is outside table limits ES/OS id
+
EXTOS or ES are not readable segments ES/OS id
+
EXTINTERRUPTS AND EXCEPTIONS
that is needed in a task switch, exception 10 occurs.) This exception is fully restartable.
Any segment load instruction can cause this exception. Interrupt 11 is always processed in the context of the task in which it occurs.
The error code has the form shown in figure 9-5. The EXT bit will be set if an event exter-nal to the program caused an interrupt that subsequently referenced a not-present segment. Bit 1 will be set if the error code refers to an IDT entry, e.g., an INT instruc-tion referencing a not-present gate. The upper 14 bits are the upper 14 bits of the segment selector involved.
When a not-present exception occurs, the ES and DS segment registers may not be usable for referencing memory. During a task switch, the selector values are loaded before the descriptors are checked. The not-present handler should not rely on being able to use the values found in CS, ES, SS, and DS without causing another exception.
9.6.6 Stack Fault (Interrupt 12)
Stack underflow or overflow causes exception 12, as does a not-present stack segment refer-enced during an inter-task or inter-level transition. This exception is fully restart able.
A limit violation of the current stack results in an error code of O. The EXT bit of the error code tells whether an interrupt external to the program caused the exception.
Any instruction that loads a selector to SS (e.g., POP SS, task switch) can cause this exception. This exception must use a task gate if there is a possibility that any level 0 stack may not be present.
When a stack fault occurs, the ES and DS segment registers may not be usable for referencing memory. During a task switch, the
selector values are loaded before the descrip-tors are checked. The stack fault handler should check the saved values of SS, CS, DS, and ES to be sure that they refer to present segments before restoring them.
9.6.7 General Protection Fault (Interrupt 13)
If a protection violation occurs which is not covered in the preceding paragraphs, it is classed as Interrupt 13, a general protection fault. The error code is zero for limit viola-tions, write to read-only segment violaviola-tions, and accesses relative to DS or ES when they are zero or refer to a segment at a greater privilege level than CPL. Other access viola-tions (e.g., a wrong descriptor type) push a non-zero error code that identifies the selec-tor used on the stack. Error codes with bit 0
Bit 0 (EXT) indicates whether the exception was caused by the program or an event exter-nal to it (i.e., single stepping, an exterexter-nal interrupt, a processor extension not-present or a segment overrun). If bit 0 is set, the selec-tor typically has nothing to do with the instruction that was interrupted. The selector refers instead to some step of servicing an interrupt that failed.
When bit 0 of the error code is set, the program can be restarted, except for proces-sor extension segment overrun exceptions. The exception with the bit 0 of the error code = 1 indicates some interrupt has been lost due to a fault in the descriptor pointed to by the error code.
A non-zero error code with bit 0 cleared may be an operand of the interrupted instruction,