Hello all!

Now I'm reading about V86-mode and I didn't understand following paragraph from manuals:

15.2.4 Protection within a Virtual-8086 Task
...
Use the U/S flag of page-table entries to protect the virtual-8086 monitor and other system software in the vitrual-8086 mode task space.
...

As I understand virtual-8086 monitor is 32bit software, placed in another task. So, 8086-programm is executing alone it its 'real' address space or with 8086 OS, placed there. About which system software it is sad? May be, about protection of 8086-OS?

TIA, and sorry for my English :).
Posted on 2006-08-08 08:33:36 by Mika0x65

15.2.4 Protection within a Virtual-8086 Task
...
Use the U/S flag of page-table entries to protect the virtual-8086 monitor and other system software in the vitrual-8086 mode task space.
...


That paragraph is talking about the security capabilities of the paging mechanism. Basically, you use page-based security to protect that VM86 task, as you would for any other 32-bit task.

When you "drop down" into VM86 mode from Protected Mode, you are taking the best of both worlds. Paging/security still works, but it is invisible to the VM86 task. Segmentation concepts work as they normally would in 8086/16-bit Real Mode. Mix these two together, and you have the simplicity of a DOS... but with a layer of protection it could never offer.



Specifically, for protection of a "virtual-8086 monitor and other system software", you would set the U/S flag (bit) to S (Supervisor), to ensure that Ring-3 code cannot affect that particular memory space. This would be protection for the task.

To protect against the task (i.e. protect the system from malicious user code), that would simply involve making sure that the CPL is Ring-3 for user-mode tasks (done automatically by switching into VM86 mode), along with the inclusion/exclusion of any page directory/table entries at the time the task is executing (you cannot affect what you cannot touch) :)

In order to understand further, I would recommend studying VM86, Paging and Context Switching (w/TSS)... and how they all work together.
Posted on 2006-08-08 18:19:12 by SpooK
Yes, I understand that paging is used for protection against a 86-task. I was wondering, why I need to protect the task against itself -- in R-mode any code can touch and get anywhere in memory. So, 8086 OS must be ready for this.

My assumption was, that this protection is needed in the case when V86-monitor places part of its code to 86-task address space and doesn't want this code be changed by 86-program. But I wasn't sure about it :).
Posted on 2006-08-08 19:34:19 by Mika0x65

My assumption was, that this protection is needed in the case when V86-monitor places part of its code to 86-task address space and doesn't want this code be changed by 86-program.


Good assumption :)
Posted on 2006-08-08 20:48:42 by SpooK
Well, I continue reading about VM86 and I have one more question.

As I understood, IOPL field of EFLAGS in VM86 influences on CPU behavior in the same way as in PM. Only differences are that IN(S), OUT(S) are not IOPL-sensitive and POPF, PUSHF, INT n, IRET, CLI, STI are. I checked value of IOPL in debug.exe under W2K and found, that it is 3. It means, that commands like CLI/STI and others will not arise exceptions when they will be executed and system even will not know about execution of this commands... Therefore it is possible to turn off hardware interrupts in V86 programm. So, interrupts of system timer, for example, will be not delivered to handlers while V86 programm is executing.

If V86 programm will hang, whole system should hang. I checked it with the smallest .com programm 'cli jmp $-2' and system survived :). And I don't understand why... :)
Posted on 2006-08-12 05:32:58 by Mika0x65
Virtual Interrupt Flag :)
Posted on 2006-08-12 05:54:09 by f0dder
Oopps... I forgot about it. My primary book, which I read, is about i486, which hasn't this extension.

Thank you, I have to read about it.
Posted on 2006-08-12 06:00:18 by Mika0x65
I read about VIP & VIF flags. As I understood, they also depend on the state of the IOPL in EFLAGS:

When the VME flag in control register CR4 is set and the IOPL field in the EFLAGS is less than 3 two additional flags are activated in the EFLAGS register: ...


Value of the IOPL in EFLAGS is 3. Therefore advantages of VIF & VIP flags are not used in W2K...
Posted on 2006-08-12 11:10:49 by Mika0x65