"mybwpp@googlemail.com" <spamtrap@crayne.org> wrote in message
news:025b75eb-fca7-493b-8423-f47bc36da6ef@v29g2000hsf.googlegroups.com...
To c.l.a.x86:
> Can a kernel mode process read/write to physical disk sectors without
> going through operating system (without using ints).
You need a few things to "read/write to physical disk sectors without going
through operating system":
1) you need permission to access I/O ports.
2) you need privilege to execute the IN and OUT instructions.
3) you may need to set the IOPL
IN instruction
http://www.rz.uni-karlsruhe.de/rz/docs/VTune/reference/vc137.htm
OUT instruction
http://www.rz.uni-karlsruhe.de/rz/docs/VTune/reference/vc219.htm
The IN and OUT documentation says that you can execute IN and OUT under the
following conditions:
Protected Mode:
1) CPL <= IOPL
2) CPL > IOPL and TSS I/O port permission bit=0
V86 Mode:
TSS I/O port permission bit=0
Real Mode:
always
POPF instruction
http://www.ews.uiuc.edu/~cjiang/reference/vc247.htm
The POPF documentation says that you can execute POPF under the following
conditions:
Protected Mode:
CPL = 0 can use POPF - can change IOPL
CPL > 0 can use POPF - can't change IOPL
V86 Mode:
IOPL must be 3 to use POPF - can't change IOPL
Real Mode:
always
Assuming by "kernel mode process" you mean protected mode Ring 0 (CPL=0),
then since CPL>IOPL can never be true for CPL=0, you must satisfy
CPL<=IOPL. For CPL=0, IOPL can be any legitimate value (0,1,2,3) to access
ports via IN and OUT. So, your answer is: "Yes, you can always access the
ports for direct disk access in a kernel mode process."
> Is it possible to
> do the same in less privilege levels (ring 1-3)?
You need to satisfy one of these for protected mode:
1) CPL <= IOPL
2) CPL > IOPL and TSS I/O port permission bit=0
We know that CPL is 1, 2, or 3, but we don't know what IOPL is since you
didn't say...
For CPL<=IOPL, we have (including CPL=0):
CPL=0, IOPL can be 0,1,2,3
CPL=1, IOPL can be 1,2,3
CPL=2, IOPL can be 2,3
CPL=3, IOPL can be 3
For CPL>IOPL, we have:
CPL can't be 0
CPL=1, IOPL can be 0
CPL=2, IOPL can be 0,1
CPL=3, IOPL can be 0,1,2
IOPL is in EFLAGS. You can only change IOPL in CPL=0 (Ring 0). Since you
aren't in CPL=0, but CPL=1, 2, or 3, you're "stuck" with the IOPL from CPL=0
or you can set from CPL=0 before changing CPL's. If IOPL is 0, then you can
satisfy CPL>IOPL, and would need the privilege(s) to set the TSS I/O port
permission bit for each port you want to access set to zero (10 ports with
upto 4 channels for IDE, i.e., 40). The TSS I/O port permission bits are
what blocks direct disk access "for user mode processes" under most OSes.
If IOPL is 3, then you can satisfy CPL<=IOPL, then you should be able to
access the ports without TSS bits for all CPL's. If IOPL is 2, then CPL=1
or 2 has port access and CPL=3 has port access via TSS bits. If IOPL is 1,
then CPL=1 has port access and CPL=2 or 3 has port access via TSS bits.
Basically, the IOPL tells you which rings can access ports without using TSS
I/O port permission bits. I.e., IOPL=3, CPL=0-3 can access without TSS
bits. IOPL=2, CPL=0-2. IOPL=1, CPL=0-1. IOPL=0, CPL=0.
I'm not sure what privilege(s) are needed to set the TSS I/O port permission
bits for a specific process.
FYI, the physical disks are accessed through ports:
0x1f0-7, 0x3f6-7
0x170-7,0x376-7
0x1e8-f,0x3ee-f
0x168-f,0x36e-f
The remainder of information on how to access them is in the ATA and/or
ATA/ATAPI specifications. Search for the phrase "Information
technology - AT Attachment". The final "working drafts" should be
available. There are at least seven versions.
This is C source which reads the serial number.
http://groups.google.com/group/comp.sys.ibm.pc.hardware.storage/msg/54c62d09239b7805
The "ideinfo" structure is very old and has changed much across the
ATA/ATAPI specifications.
HTH,
Rod Pemberton
PS added alt.os.development, alt.lang.asm... (please leave clax on if you
respond).
|
Search |
Post Question |
Groups |
Stream |
About |
Register
mybwpp
Juergen
4730 articles. 
10 followers. 
2 Replies
275 Views
