GDT concept problem

GendoIkari · Post by **GendoIkari** » Thu Jan 04, 2007 6:57 am

I've read tons of tutorial and examples, i've try to learn all i need to begin to dev os.
I've write some nice and stupid bootloaders that put on screen some strings.
But i really have problem to understand perfectly the meaning of GDT. Can you help me?

Ok, its a table of descriptor. Ok, its a GLOBAL table, because there is also the LOCAL table.
Ok, i need it to use memory protection, rings, gate, etc... BUT...
But how can i use it?
When i start pmode i need to define a GDT, using LGDT, in my bootloader.
But do i need to write an entry for each task i want to execute?
Do I need only an entry for the Kernel? Do i use LDT for user apps and GDT for the kernel?

Sufing the web i see many examples that create e a simple GDT using assembly. They create two segments (the first empty i know), and they define a block of memory that start from offset 0 and end with offset FFFFh. Than they set pmode, and launch 32 bit code, compiled with gcc (with all the right parameters).
But when my happy c-kernel is executing, have i to add descriptors to the GDT for each task? Or else, have i to map all the memory in my bootloader creating the GDT one time?

Tnks for help.

AJ · Post by AJ » Thu Jan 04, 2007 7:14 am

Hi,

When I started out, I had this problem too, so let me try to clarify things a bit if possible:

There are 2 possible ways you can manage the memory available to each task you run: segmentation and paging. In the IA-32 processors, paging is optional for protected mode whereas segmentations is required before you can enter pmode (as you have discovered).

In theory, yes, you can control the memory available to each task by giving it a separate descriptor in the GDT. In reality, however, most people seem to initially set up 3 segments: the NULL segment, a basic 4GB CODE segment and a basic 4GB DATA segment. Each program can run in the same code and data segments. You can now, for the moment, forget about the GDT and control the memory available to each process via paging (which there are some pretty good articles about elsewhere, including on the wiki).

LDT's, on the other hand, contain entries that can only be used by the currently running process, in addition to the GDT. You do not need LDTs to run in protected mode.

I would suggest that you read through this kernel development tutorial, which helped me in a big way. It defines a function for easily adding descriptors to the GDT - I use a version of this function in my kernel.

Once you are happy with running in Pmode with the 3 segments outlined above, you can then worry about adding LDT's, ring 3 (user level) code and data segments, call gates and task state segments....

I hope this vaguely helps in some way!
Adam

GendoIkari · Post by **GendoIkari** » Thu Jan 04, 2007 7:21 am

In theory, yes, you can control the memory available to each task by giving it a separate descriptor in the GDT. In reality, however, most people seem to initially set up 3 segments: the NULL segment, a basic 4GB CODE segment and a basic 4GB DATA segment. Each program can run in the same code and data segments. You can now, for the moment, forget about the GDT and control the memory available to each process via paging (which there are some pretty good articles about elsewhere, including on the wiki).

This REALLY REALLY help me to understand. Thank you very much!

If i want to manage memory with GDT i should create a descriptor for each task. But i can manage memory with paging, making a 4GB segment with GDT. GREAT. I'll do like this

GendoIkari · Post by **GendoIkari** » Thu Jan 04, 2007 7:28 am

TNK YOU ALL

The second reply (that now is disappear

) really help me again!

INF1n1t · Post by **INF1n1t** » Thu Jan 04, 2007 3:23 pm

Oh, I wrote it and post it, then I saw someone else's post and I thought my
post is not neccessary here. However, I'm not sure if I was correct...

Also here I have a misunderstanding: I think we should set up flat mode with 4 descriptors (two for Ring0 and Ring3). You set up the flat mode with 2 descriptors (for Ring0). I'm thinking over that now and find out, it is not neccessary to have four descriptors, if you use paging. I will delete the descriptor entries for Ring3 code, because the Paging Protection Mechanisms will not allow someone to access (read or execute) something, if they are not allowed to....

Combuster · Post by **Combuster** » Thu Jan 04, 2007 3:47 pm

INF1n1t wrote:I will delete the descriptor entries for Ring3 code, because the Paging Protection Mechanisms will not allow someone to access (read or execute) something, if they are not allowed to....

In ring0, you're always able to disable paging, set a new page table, or anything of the sort, so paging alone isn't secure - you need lower privileged modes for that (i.e. ring 3)

INF1n1t · Post by **INF1n1t** » Thu Jan 04, 2007 3:49 pm

Ohhh, I forgot about that. Am I stupid sometimes?

AJ · Post by AJ » Fri Jan 05, 2007 2:40 am

I didn't mean that ring 3 descriptors wouldn't be needed at all. I meant more that the OP could at least enter pmode without the need for ring3 descriptors, and then start worrying about these additional entries once it is time to start implementing multitasking / call gates etc....

Sorry for any confusion

Adam