Page 2 of 2
Re: Windows kernel stacks
Posted: Wed Jun 11, 2014 8:31 am
by icealys
Typically you have some sort of structure ("thread data block") to keep track of the thread's ESP0, plus things like what state the thread is in, how much CPU time it has used, which process it belongs to and various other things. I tend to use the same "thread data block" to store the thread's FPU/MMX/SSE/AVX state and kernel stack too. I'd expect all the different versions of Windows would do something vaguely similar.
If ESP0 and SS0 are already stored in the thread data block then why is using the TSS necessary in software context switches?
Re: Windows kernel stacks
Posted: Wed Jun 11, 2014 2:33 pm
by JAAman
icealys wrote:Typically you have some sort of structure ("thread data block") to keep track of the thread's ESP0, plus things like what state the thread is in, how much CPU time it has used, which process it belongs to and various other things. I tend to use the same "thread data block" to store the thread's FPU/MMX/SSE/AVX state and kernel stack too. I'd expect all the different versions of Windows would do something vaguely similar.
If ESP0 and SS0 are already stored in the thread data block then why is using the TSS necessary in software context switches?
because the CPU refers to the thread data block by the name "TSS"
its not that the TSS is necessary in software context switches, its that the TSS is always necessary when switching from ring3->ring0, and that is because the CPU needs to know where to find the target SS:ESP (and there are also some other useful things in the TSS as well) -- the CPU doesn't know where you put your "thread data block", nor does it know where in that block the target SS:ESP are located, so instead it uses a well defined structure that contains the necessary information
Re: Windows kernel stacks
Posted: Thu Jun 12, 2014 2:40 pm
by icealys
so when they say software context switch, they mean that most of the context switch is done in software but at the beginning when it switches to the kernel stack and looks up the info in the TSS, that part is implemented by the cpu before it calls the Interrupt service routine?
Re: Windows kernel stacks
Posted: Fri Jun 13, 2014 2:25 am
by Gigasoft
What? No. You're getting things mixed up. Switching between threads has nothing to do with entering kernel mode.
The only reason that you have an ESP0 field in your thread structure is so that you can keep using the same TSS and just update the ESP0 field when switching threads. However, if you use the I/O Permission Bitmap or the Interrupt Redirection Bitmap, you might just as well keep a complete TSS for each thread and just update the GDT entry and reload TR. Or, keep one per process (that uses them), in which case you still need an ESP0 field for each thread.
As for the TEB in Windows, that's something else entirely. It's an user mode accessible page containing per-thread variables, used for SEH, TLS, last error, etc.