Many modern microprocessors are part of an evolving product line of microprocessors provided by their respective manufacturers. The 80386 microprocessor, sold by Intel Corporation of Cupertino, Calif., is an example of such a microprocessor. The 80386 microprocessor evolved from the 80286 microprocessor, which, in turn, evolved from the 8086 microprocessor. The later developed microprocessors of this microprocessor family have been designed to be compatible with their earlier developed counterparts. Hence, the 80386 microprocessor can run programs that are written for the 8086 microprocessor or the 80286 microprocessor (i.e., the family exhibits upward compatibility).
The 8086 microprocessor is designed to run in a single mode of operation, known as "real mode". FIG. 1 depicts the addressing scheme that is employed by the 8086 microprocessor in real mode. In this addressing scheme, a 16-bit real address 10 is used to specify an entry 20 in the physical memory 16. The real address 10 contains a 12-bit segment base address 12 and a 4-bit offset 14. The physical memory 16 is divided into segments containing contiguous blocks of memory. The segment base address 12 specifies the beginning of a segment 18. The offset 14 specifies an offset relative to the segment base address.
As is apparent from the above discussion, the 8086 microprocessor employs a addressing scheme wherein there is no virtualization of the address space. The 80286 microprocessor built upon the addressing scheme of the 8086 microprocessor by adding virtualization. The 80286 may run in either real mode or protected mode (referred to hereinafter as '286 protected mode). FIG. 2 provides a block diagram of the addressing scheme of '286 protected mode. A 32-bit virtual address 22 is used in '286 protected mode. Bits 16-31 of the virtual address 22 hold a segment selector 24. Bits 0-15 of the virtual address 22 hold a 16-bit offset 26.
The segment selector 24 is used as an index to retrieve an entry 30 in the segment descriptor table 28. The segment descriptor table 28 is an address translation mechanism for mapping a base address of a segment in the virtual address space into a base address of a segment in the physical address space. The entry 30 points to the base address of a segment 32. The offset 26 of the virtual address 22 points to a memory location 34 in the physical memory 16. The address of memory location 34 is calculated by using the offset 26 to locate the address relative to the base address held in entry 30 of the segment descriptor table 28.
The 80386 microprocessor has a real mode of operation analogous to that employed in the 8086 microprocessor. In this mode of operation, the 80386 microprocessor can run programs written for the 8086 microprocessor. The 80386 also has a '386 protected mode that is roughly analogous to the '286 protected mode of the 80286 microprocessor. The '386 protected mode, however, differs from the '286 protected mode in that it employs paging and employs a 48-bit virtual address rather than a 32-bit virtual address.
FIG. 3 provides a block diagram of the addressing scheme employed in '386 protected mode. In '386 protected mode, the 80386 microprocessor employs a 48-bit virtual address 36. Bits 0-31 of the virtual address 36 hold an offset value 40, and bits 32-47 hold a selector, that is used as an index for an entry 44 in a segment descriptor table 42. Entry 44 holds the base address for a segment. The base address held in entry 44 is added to the 32-bit offset 40 by a summer 46 to yield a linear address 50.
Linear address 50 is then passed to a paging mechanism 52. Paging mechanism 52 includes page directories and tables that are used to translate the linear address 50 into a 32-bit physical address 54. The physical address 54 then is used to specify a entry 56 within physical memory 16.
The 80386 and 80286 microprocessors differ from the 8086 microprocessor in that they employ a number of privilege levels. The privilege levels range from level 0 to level 3, as shown in FIG. 4a. The privilege levels are sometimes referred to as rings (e.g., ring 0, ring 1, ring 2 and ring 3). Ring 0 is the greatest privilege level, and ring 3 is the lowest privilege level. Each memory segment in the address space of the 80386 microprocessor has a ring associated with it. In order for a code segment that is executing to gain access to a memory segment, the ring of the code segment must be equal or greater than the ring of the memory segment being accessed. For example, a code segment having a ring of 0 has access to memory segments at rings 0, 1, 2 or 3. In contrast, a code segment at ring 3 may only access a memory segment at ring 3.
The privilege levels are provided to enhance security within the system. In particular, memory segments that require a high level of security are placed in ring 0, and memory segments requiring a lower level of security are placed in ring 3. Typically, the operating system kernel is placed in ring 0, and applications are run at ring 3 to prevent applications from altering the contents of the operating system kernel.
The 80386 microprocessor provides an additional mode of operation that is known as the virtual 8086 mode (V86). In V86 mode, a protected mode operating system may run real mode code in a virtualized manner. The operating system may provide a separate virtual machine for different real mode programs running on the microprocessor. Each virtual machine is an environment that is created through a combination of microprocessor capabilities and operating system software. Only one of the virtual machines is actively running on the microprocessor at any point in time. The operating system may context switch between the virtual machines to change the currently active virtual machine. FIG. 4b provides an example of the use of the privilege levels in V86 mode. The kernel of the operating system is run at privilege ring 0. Virtual machines VM1, VM2 and VM3, in contrast, are run at ring 3. In the example of FIG. 4b, the WINDOWS operating system and WINDOWS-based applications are being run on VM1. DOS is being run on VM2, and DOS applications are being run on VM3.
The WINDOWS, version 3.0, operating system, by Microsoft Corporation, is configured to run on either an 80286 microprocessor or an 80386 microprocessor. The WINDOWS, version 3.0, operating system runs in "standard mode" when implemented on a 80286 microprocessor or an 80386 microprocessor with less than two megabytes of memory (see FIG. 5). In standard mode, the microprocessor runs in real mode or '286 protected mode. WINDOWS, version 3.0, runs in "enhanced mode" when it is run on a 80386 microprocessor having at least two megabytes of memory. When the WINDOWS, version 3.0, operating system is run in enhanced mode, the 80386 microprocessor runs in protected '386 mode or V86 mode (see FIG. 5).
Handling of hardware interrupts while the microprocessor is running in '286 protected mode may be cumbersome because of the required switching between modes. The steps performed in handling an interrupt in such an instance are depicted in FIG. 6. Initially, a hardware interrupt is received in '286 protected mode (step 60). In order to handle the interrupt, the microprocessor switches to real mode (step 62). When the interrupt is generated, a pointer to the entry point of an interrupt handler routine is created. The pointer is a physical address like the address 10 shown in FIG. 1. The interrupt handler routine is then executed to handle the interrupt (step 64 in FIG. 6), and when the interrupt handler routine has completed, the microprocessor switches back to '286 protected mode (step 66). The switching from '286 protected mode to real mode and then from real mode to '286 protected mode incurs a large amount of overhead.
The handling of interrupts in enhanced mode may also be cumbersome. In enhanced mode, all hardware interrupts automatically switch the interrupted microprocessor into ring 0. The system then must switch back to ring 3, because hardware interrupts are handled by interrupt handler routines that execute at ring 3. The resulting switching back and forth between rings is time consuming and burdensome.
The handling of a hardware interrupt in enhanced mode of WINDOWS, version 3.0, will now be described in more detail with reference to FIGS. 7a and 7b. Initially, a hardware interrupt is received by a microprocessor (step 114 in FIG. 7b). The hardware interrupt has an interrupt vector number (see FIG. 7a) that is used as an index into an interrupt descriptor table (IDT) 91. The microprocessor uses the interrupt vector number as an index in retrieving an entry 93 in the IDT 91. The IDT entry 93 typically includes a selector 79 that points to a global descriptor table (GDT) entry 92. The IDT entry 98 also includes an offset 77. The GDT entry 92 has a pointer to kernel code 70, which resides in physical memory 95. To avoid confusion, the role of paging mechanism is omitted from this discussion. The microprocessor then executes the kernel code 70.
The kernel code 70 is stored in a memory segment at ring 0. Data 72 for the kernel is also stored at ring 0. (Note pointer 94 in GDT 97 that points to data 72.) The transfer to the kernel code 70 involves a switch to ring 0 (step 116 in FIG. 7b). The kernel code 70 (FIG. 7a) determines which virtual machine should process the interrupt (step 118 in FIG. 7b). If the virtual machine that is to handle the interrupt is not the currently active virtual machine, a context switch is performed (step 120). The kernel code 70 (FIG. 7a) then transfers control to the appropriate interrupt handler in virtual machine VM0, VM1 or VM2. If the interrupt is directed to VM0, the kernel code 70 transfers control to the interrupt handler 78. In particular, the kernel code 70 provides an address for an entry point in the interrupt handler 78. The entry point address includes a selector that points to entry 100 in LDT1. Entry 100 includes a pointer to the page frame holding the interrupt handler code 78 that is resident in physical memory 95. An offset is included in the entry point address, and the offset is used with the pointer to specify the entry point in the interrupt handler. LDT1 also includes an entry 96 that points to code for VM0 and an entry 98 that points to data 76 for VM0.
If, however, the interrupt should be handled by VM1, the kernel code 70 passes control to interrupt handler 84. The kernel code specifies a virtual address that includes a selector pointing to entry 104 in LDT2. Entry 104 at LDT2 holds a pointer to interrupt handler code 84. The offset of the virtual address is used with the pointer to specify the entry point. LDT2 also includes an entry 102 that points to code 80 for VM1 and an entry 107 that points to data 82 for VM1.
If the interrupt is to be handled by VM2, the kernel code 70 passes control to interrupt handler 90 at a linear address which is translated to a physical address using LDT3. Specifically, the kernel codes specifies a virtual address that includes a selector pointing to entry 112 in LDT3. Entry 112 in LDT3 includes a pointer to the page frame holding the interrupt handler code 90. The offset of the virtual address is used with the pointer to specify the entry point in the interrupt handler routine. LDT3 also includes an entry 108 that points to code 86 for VM2 and an entry 110 that points to data 88 for VM2.
All of the interrupt handlers 78, 84 and 90 are stored in memory segments at ring 3. Thus, when control is transferred to the interrupt handler, a switch must be made to ring 3 (step 122 in FIG. 7b). Once the interrupt has been handled, the system signals the end of the interrupt (step 126). Generally, the end of an interrupt is signalled by writing into a hardware register.
Another proposed solution has been to determine what mode the microprocessor is in when it receives an interrupt and then invoking a unique interrupt handler routine based upon the determination of the mode. Separate code is provided for interrupt handlers of each mode. Unfortunately, there is a great deal of overhead in providing the procedures to determine the current mode of the system and providing separate interrupt handlers for each mode.