【原创】保护模式JMP指令-远跳转相关翻译资料（1）-跳转说明

兰陵月

JMP—Jump

Description

Transfers program control to a different point in the instruction stream without recording return information. The destination (target) operand specifies the address of the instruction being jumped to. This operand can be an immediate value, a general-purpose register, or a memory location.

This instruction can be used to execute four different types of jumps:

• Near jump—A jump to an instruction within the current code segment (the segment currently pointed to by the CS register), sometimes referred to as an intrasegment jump.

• Short jump—A near jump where the jump range is limited to –128 to +127 from the current EIP value.

• Far jump—A jump to an instruction located in a different segment than the current code segment but at the same privilege level, sometimes referred to as an intersegment jump.  

• Task switch—A jump to an instruction located in a different task.

A task switch can only be executed in protected mode (see Chapter 7, in the Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A, for information on performing task switches with the JMP instruction).  

将程序控制转移到指令流中的不同位置，而不记录返回信息。目标操作数指定要跳转到的指令的地址。这个操作数可以是一个立即数、通用寄存器或内存地址。

    此指令可用于执行四种不同类型的跳转:
    • 近跳转-跳转到当前代码段内的指令(当前CS寄存器所指向的段)，有时被称为内部跳转。
    • 短跳转-EIP值跳转范围限制在- 128到+ 127内。
    • 远跳转-跳转到与当前代码段不同的段的跳转，但处于相同权限级别。有时称为跨段跳转。
    • 任务切换-跳转到另一个不同任务的指令位置。
    任务切换只能在保护模式下执行任务(见第七章,Intel® 64 和 IA-32架构的软件开发人员手册,第3卷,有关JMP指令执行任务切换的信息)。
  

Far Jumps in Protected Mode. When the processor is operating in protected mode, the JMP instruction can be used to perform the following three types of far jumps:

  • A far jump to a conforming or non-conforming code segment.

  • A far jump through a call gate.  

  • A task switch.

  (The JMP instruction cannot be used to perform inter-privilege-level far jumps.)

保护模式下的远跳转。当处理器运行在保护模式下时，JMP指令可用于执行以下三种类型的远跳:

• 远程跳转到一致或者非一致代码段。

• 通过调用门远程跳转。

• 进行任务切换。

(JMP指令不能用于执行跨特权级的远程跳转。)

In protected mode, the processor always uses the segment selector part of the far address to access the corresponding descriptor in the GDT or LDT. The descriptor type (code segment, call gate, task gate, or TSS) and access rights determine the type of jump to be performed.If the selected descriptor is for a code segment, a far jump to a code segment at the same privilege level is performed. (If the selected code segment is at a different privilege level and the code segment is non-conforming,a general-protection exception is generated.)A far jump to the same privilege level in protected mode is very similar to one carried out in real-address or virtual-8086 mode. The target operand specifies an absolute far address either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location (m16:16 or m16:32). The operand-size attribute determines the size of the offset (16 or 32 bits) in the far address.The newcode segment selector and its descriptor are loaded into CS register, and the offset from the instruction is loaded into the EIP register. Note that a call gate (described in the next paragraph) can also be used to perform far call to a code segment at the same privilege level. Using this mechanism provides an extra level of indirection and is the preferred method of making jumps between 16-bit and 32-bit code segments.

在保护模式下，处理器总是使用远地址的段选择子部分来访问GDT或LDT中相应的描述符。描述符类型(代码段、调用门、任务门或TSS)和访问权限决定了要执行的跳转类型。如果所选的描述符指向一个代码段，那么远程跳转到相同特权级的代码段是可以执行的(但如果所选的代码段处于不同的特权级别，且代码段是非一致的，则会产生一个通用保护异常)。保护模式下远程跳转到相同特权级别代码，跟实模式或虚拟8086模式下执行一样。目标操作数指向一个绝对远地址，可以是直接使用一个地址指针数值(ptr16:16或ptr16:32)，也可以是间接地使用一个内存地址(m16:16或m16:32)。默认操作尺寸（16位或者32位）决定在远地址中的偏移量是16位还是32位。新代码段选择子和它对应的描述符被加载到CS寄存器中（译者添加：描述符会被加载到CS寄存器的不可见部分-即CS描述符高速缓存器中），指令中的偏移量（偏移地址）被加载到EIP寄存器中。请注意，调用门（在下一章中讲述）也可以被用于在相同权限级别的代码段进行远调用。使用这种机制提供了一个额外的间接的，并且是在16位和32位代码段之间进行跳转的首选方法。

When executing a far jump through a call gate, the segment selector specified by the target operand identifies the call gate. (The offset part of the target operand is ignored.) The processor then jumps to the code segment specified in the call gate descriptor and begins executing the instruction at the offset specified in the call gate. No stack switch occurs. Here again, the target operand can specify the far address of the call gate either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a memory location(m16:16 or m16:32).

当通过调用门执行远程跳转时，目标操作数中的段选择子指向调用门(目标操作数中的偏移地址部分被忽略)描述符。处理器跳转到调用门描述符中指定的代码段，并开始执行调用门中提供的偏移地址处的指令。堆栈不发生切换。在这里，目标操作数指定调用门的远地址，可以是直接使用一个地址指针数值(ptr16:16或ptr16:32)来提供，也可以是间接地使用一个内存地址(m16:16或m16:32)来提供。

Executing a task switch with the JMP instruction is somewhat similar to executing a jump through a call gate. Here the target operand specifies the segment selector of the task gate for the task being switched to (and the offset part of the target operand is ignored). The task gate in turn points to the TSS for the task, which contains the segment selectors for the task’s code and stack segments. The TSS also contains the EIP value for the next instruction that was to be executed before the task was suspended. This instruction pointer value is loaded into the EIP register so that the task begins executing again at this next instruction.

使用JMP指令执行任务切换有点类似于通过调用门执行跳转。在这里，目标操作数是指向目标任务的任务门段选择子(目标操作数的偏移部分被忽略)。任务门再指向任务的任务状态段（TSS），任务状态段（TSS）里包含目标任务的代码和堆栈段的段选择器（段选择子）。TSS还包含了任务被挂起之前下一条准备执行的指令EIP值。当任务又开始再次执行时，这个指令指针EIP值将被加载到EIP寄存器，从这条指令处继续开始执行。

The JMP instruction can also specify the segment selector of the TSS directly, which eliminates the indirection of the task gate. See Chapter 7 in Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3A, for detailed information on the mechanics of a task switch.

JMP指令还可以直接指向TSS的段选择器，消除任务门的间接作用。请参阅第7章，在Intel 64和IA-32架构软件开发人员的手册卷3A中，了解任务切换的详细信息。

Note that when you execute at task switch with a JMP instruction, the nested task flag (NT) is not set in the EFLAGS register and the new TSS’s previous task link field is not loaded with the old task’s TSS selector. A return to the previous task can thus not be carried out by executing the IRET instruction. Switching tasks with the JMP instruction differs in this regard from the CALL instruction which does set the NT flag and save the previous task link information, allowing a return to the calling task with an IRET instruction.

注意，当使用JMP指令执行任务切换时，嵌套的任务标志(NT)不会被设置在EFLAGS寄存器中，而新的TSS的前一个任务链接字段也不会被加载到旧任务的TSS选择器中。因此，就不能通过执行IRET指令返回到前一个任务。使用CALL指令进行任务切换与使用JMP指令的不同之处在于，它设置了NT标志并保存了之前的任务链接信息，允许使用IRET指令返回调用任务。