Author Topic: What exactly is the structure of an LDT entry?  (Read 13077 times)

Offline ben321

  • Full Member
  • **
  • Posts: 185
What exactly is the structure of an LDT entry?
« on: February 15, 2023, 11:00:19 AM »
I know what GDT entries look like as they can be seen here https://upload.wikimedia.org/wikipedia/commons/thumb/0/0a/SegmentDescriptor.svg/1024px-SegmentDescriptor.svg.png (though the byte order needs to be swapped for actual usage, going from bottom right on that diagram to upper left, as x86 is a little-endian CPU). What I don't know though is what is the structure of an LDT entry. I know that I need to allocate memory for the LDT in the GDT, and then use the LLDT instruction to tell the CPU which GDT entry points to the memory used by the LDT. But I don't know the actual structure of the LDT entries. If anybody has a good diagram for that, please post it here. Thanks in advance.

Offline fredericopissarra

  • Full Member
  • **
  • Posts: 373
  • Country: br
Re: What exactly is the structure of an LDT entry?
« Reply #1 on: February 15, 2023, 02:54:31 PM »

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #2 on: February 17, 2023, 09:45:37 AM »
Intel Software Developement Manuals, volume 3.

I'm trying to write down the most useful info from that manual regarding segments and the GDT and LDT, into a nice HTML file that summarizes this info in a way I can understand it and use it for actually programming something. Below are 3 statements I've written about conforming and non-conforming code sections, based on my understanding of what I read in the manual. Can you tell me if I got any of this incorrect? I don't want to write down bad info.
Quote
If a code segment is conforming, it means that code from a lower privilege segment (higher DPL number) can far-jump into that higher privilege segment (lower DPL number).
If a code segment is not conforming, it means that only code from a segment that has the same privilege level (same DPL number) can far-jump into it.
In no case can code in a segment with higher privilege (such as kernel code) far-jump into a segment with lower privilege (such as an application).

I'm questioning if this is accurate because something seems off about it. I mean the operating system (kernel level) is in fact responsible for starting applications (user-mode level). That's what happens when you double-click on an EXE file. The OS runs your application. So I think I need some clarification about what conforming code means, because I think I may have misinterpreted what the Intel manual says.

Offline fredericopissarra

  • Full Member
  • **
  • Posts: 373
  • Country: br
Re: What exactly is the structure of an LDT entry?
« Reply #3 on: February 17, 2023, 11:45:56 AM »
Quote
If a code segment is conforming, it means that code from a lower privilege segment (higher DPL number) can far-jump into that higher privilege segment (lower DPL number).
If a code segment is not conforming, it means that only code from a segment that has the same privilege level (same DPL number) can far-jump into it.
In no case can code in a segment with higher privilege (such as kernel code) far-jump into a segment with lower privilege (such as an application).
Which page is this? In 3.4.5.1 it is clear that:
Code: [Select]
Execution cannot be transferred by a call or a jump to a less-privileged (numerically higher
privilege level) code segment, regardless of whether the target segment is a conforming or
nonconforming code segment. Attempting such an execution transfer will result in a general-
protection exception.[/quote]

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #4 on: February 17, 2023, 09:00:37 PM »
Which page is this?
It's not from any page. If you read my post, you would see I was basically taking notes from what I was reading in the manual. I was (for my own use) writing a summary of what I was reading in the manual, in order to provide myself a much smaller reference than the manual, while still providing usable info for my programming. My summary obviously doesn't contain exact quotes from the manual.

I was just writing about it here to make sure my understanding of what the manual was saying was in fact correct. I didn't want to write down summary info for myself, if my summary was based on any misunderstanding of what the manual was saying. I didn't want to write down or commit to memory, any misunderstandings of what was in the manual, because that would result in me writing buggy software.

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #5 on: February 17, 2023, 09:53:08 PM »
In 3.4.5.1 it is clear that:
Code: [Select]
Execution cannot be transferred by a call or a jump to a less-privileged (numerically higher
privilege level) code segment, regardless of whether the target segment is a conforming or
nonconforming code segment. Attempting such an execution transfer will result in a general-
protection exception.[/quote]

That's strange. Ring0 code can't far-jump or far-call to a Ring3 code segment. So how does an OS run an application then? An OS is running at Ring0, and is responsible for starting applications. Yet applications run in Ring3.

Offline debs3759

  • Global Moderator
  • Full Member
  • *****
  • Posts: 224
  • Country: gb
    • GPUZoo
Re: What exactly is the structure of an LDT entry?
« Reply #6 on: February 17, 2023, 10:32:34 PM »
In 3.4.5.1 it is clear that:
Code: [Select]
Execution cannot be transferred by a call or a jump to a less-privileged (numerically higher
privilege level) code segment, regardless of whether the target segment is a conforming or
nonconforming code segment. Attempting such an execution transfer will result in a general-
protection exception.[/quote]

That's strange. Ring0 code can't far-jump or far-call to a Ring3 code segment. So how does an OS run an application then? An OS is running at Ring0, and is responsible for starting applications. Yet applications run in Ring3.

That was my understanding as well
My graphics card database: www.gpuzoo.com

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #7 on: February 18, 2023, 07:20:40 AM »
In 3.4.5.1 it is clear that:
Code: [Select]
Execution cannot be transferred by a call or a jump to a less-privileged (numerically higher
privilege level) code segment, regardless of whether the target segment is a conforming or
nonconforming code segment. Attempting such an execution transfer will result in a general-
protection exception.[/quote]

That's strange. Ring0 code can't far-jump or far-call to a Ring3 code segment. So how does an OS run an application then? An OS is running at Ring0, and is responsible for starting applications. Yet applications run in Ring3.

That was my understanding as well

So what is the trick to get ring-0 to far-jump or far-call to ring-3 code? Does it require a call-gate? Or is that only for going the other direction?
« Last Edit: February 18, 2023, 07:27:38 AM by ben321 »

Offline fredericopissarra

  • Full Member
  • **
  • Posts: 373
  • Country: br
Re: What exactly is the structure of an LDT entry?
« Reply #8 on: February 18, 2023, 02:30:28 PM »
Yep... call gates and some other indirect ways.
And, sorry... I've got a little confused here...
You cannot directly jump/call but, of course, ring0 can access data from less privileged "segments".
« Last Edit: February 18, 2023, 02:38:38 PM by fredericopissarra »

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #9 on: February 18, 2023, 10:37:44 PM »
Yep... call gates and some other indirect ways.
And, sorry... I've got a little confused here...
You cannot directly jump/call but, of course, ring0 can access data from less privileged "segments".

Since obviously Intel intended it to be possible to enter ring3 mode (or any mode higher than ring0 for that matter), they must have put in a mechanism designed for that purpose. I'm just trying to figure out what Intel's intended way to get to ring3 is. Do you need to go up a series of steps from ring0 through rings 1 and 2, to get to ring3? Do you need to be in a ring0 privilege mode segment first to enter ring3? Or can you just go straight from real mode to protected mode ring3?


I'm considering trying to use a call-gate to far call from a ring0 segment into a ring3 segment. I just need to know a few things. There are several places that privilege level comes in.
First is the fact that the initial code is in ring0 (CPL 0, actually 16bit-real mode, not even protected mode at this point).
Second is the requested privilege level used by the segment selector in the far call to the call-gate (what should this RPL be?).
Third is the DPL of the call-gate descriptor itself (what should this DPL be?).
Fourth is the requested privilege level used by the segment selector field in call-gate descriptor itself (what should this RPL be?).
Fifth is the DPL of the destination code segment (DPL 3).

So as you can see, I have 3 unknown settings here (the second, third, and fourth places that privilege levels are used).  And if ANY of them are not setup correctly, it's going to generate an error. And to add even more complexity to this, there's also the issue of setting the code conforming bit properly in the destination ring3 code segment. Does this conforming bit in the destination code segment need to be 1 or 0 when using a call-gate in this manner?
And yet one other thing. Do I need to first get into protected mode before doing this call-gate thing? If so, what should the DPL of that initial protected mode segment be? And what RPL should I use for the fall call or jump into this initial protected mode segment?

I've been consistently getting privilege level errors when trying to do this. I've already tried several combinations, with no luck. So I need some bigtime help with this.
« Last Edit: February 18, 2023, 11:09:52 PM by ben321 »

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #10 on: February 19, 2023, 05:36:45 AM »
Is coding for how to go to ring3 from ring0 such an obscure topic that nobody here knows how to do it?

Offline debs3759

  • Global Moderator
  • Full Member
  • *****
  • Posts: 224
  • Country: gb
    • GPUZoo
Re: What exactly is the structure of an LDT entry?
« Reply #11 on: February 19, 2023, 06:57:58 AM »
Does https://wiki.osdev.org/Brendan%27s_Multi-tasking_Tutorial tell you what you need to know? osdev should have something. It's where I plan to find info when I get back to coding an OS.
My graphics card database: www.gpuzoo.com

Offline fredericopissarra

  • Full Member
  • **
  • Posts: 373
  • Country: br
Re: What exactly is the structure of an LDT entry?
« Reply #12 on: February 19, 2023, 11:14:01 AM »
Is coding for how to go to ring3 from ring0 such an obscure topic that nobody here knows how to do it?
Is reading to tiresome that you can't do it? Intel SDM volume 3, chapter 5.

Offline ben321

  • Full Member
  • **
  • Posts: 185
Re: What exactly is the structure of an LDT entry?
« Reply #13 on: February 19, 2023, 09:05:36 PM »
Does https://wiki.osdev.org/Brendan%27s_Multi-tasking_Tutorial tell you what you need to know? osdev should have something. It's where I plan to find info when I get back to coding an OS.

That shows me more than I need for my test here. I want to have a single task, not multiple tasks, running in user mode ring3. What you linked to overcomplicates it by showing more than I will need for this simple experiment.