TSS - Task State Segment
A TSS is a data structure that holds the state of a task's virtual
processor. The TSS is divided into two parts.
──────────────────────────────────────────────────────────────────
The first class of information is the dynamic set that the
processor updates with each switch from the task. This set
includes the following:
■ The selector of the TSS of the previously executing task (this
is updated only when a return is expected)
■ Instruction pointer EIP
■ Flags register EFLAGS
■ General registers EAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI
■ Segment registers ES,CS,SS,DS,FS,GS
──────────────────────────────────────────────────────────────────
The second class of information in the TSS is a static set that
the processor reads but does not change. This set includes fields
that store the following:
■ The stack definitions for level 0, 1, or 2 interrupt handlers
that are to execute in the task's environment.
■ The selector of the task's LDT
■ The debug trap bit, T-bit, which causes the 80386 to raise a
debug exception when a task switch occurs
■ The I/O map base
──────────────────────────────────────────────────────────────────
A TSS may reside anywhere in the linear address space. The single
caution is when the TSS spans a page boundary and the higher-
addressed page is not present (exception generated).
When creating a new task, the operating system creates the TSS and
initializes it to the values that the task should have when it
begins execution. The information is updated when any of the
values change.
Task State Segment
Offset [ bits 0..15 ][ bits 16..31 ]
00h -> Prev. TSS rr
04h ESP0
SS0 rr
0Ch ESP1
SS1 rr
14h ESP2
SS2 rr
1Ch rr rr
20h EIP
24h EFLAGS
28h EAX,ECX,EDX,EBX
38h ESP,EBP,ESI,EDI
48h ES rr
4Ch CS rr
50h SS rr
54h DS rr
58h FS rr
5Ch GS rr
60h LDT rr
64h T-bit, rr I/O Bitmap Base
Note: rr = Reserved, must be zero
──────────────────────────────────────────────────────────────────
TSS descriptor
Like all segments, the TSS is defined by a descriptor. This
descriptor resides only in the Global Descriptor Table (GDT). An
attempt to identify a TSS with a selector that has TI=1 (Table
Indicator flag to indicate the current LDT) generates an exception.
Also, even if it has access to a TSS descriptor, a procedure does
not have the right to read or modify the TSS. Reading and changing
can be done only with another descriptor that redefines the TSS as
a data segment. An attempt to load a TSS descriptor into any of
the segment registers causes an exception.
TSS descriptor (80386+)
6 5 5 4 4 4 3 3
3 5 1 7 3 0 9 2
┌───────────────┬─┬─┬─┬─┬───────┬─┬───┬─────────┬───────────────┐
│ Base 31..24 │G│0│0│A│Seg lim│P│DPL│ Type │ Base 23..16 │
│ │ │ │ │V│ 19..16│ │ │0 1 0 B 1│ │
├───────────────┴─┴─┴─┴─┴───────┼─┴───┴─┴─┴─┴─┴─┴───────────────┤
│ Base Address 15..0 │ Segment Limit 15..0 │
└───────────────────────────────┴───────────────────────────────┛
3 2 1
1 3 5 7 0
Tasks are not re-entrant because both the LDT selector and CR3 for
the task are stored in the TSS. The B-bit (busy) of the TYPE field
allows the processor to detect an attempt to switch to a task that
is already busy. A TYPE code of 09h shows the task is not-busy. A
TYPE code of 0Bh indicates it is busy.
The BASE, LIMIT, and DPL fields and the G-bit (granularity) and
P-bit (present) have functions similar to their counterparts in
data-segment descriptors. The BASE defines the location of the
segment within the linear address space. The LIMIT defines the
size of the segment. With the TSS descriptor, the LIMIT must
contain a value of 103 or higher because the TSS itself requires
104 bytes. An attempt to switch to a task whose LIMIT has less
than 103 causes an exception.