General protection fault
|
- This article is about the error. For the web comic, see General Protection Fault (comic).
A general protection fault in the Intel x86 architecture is a fault indicating that a currently executing program has in some way violated the rules of the hardware on which it is running. These rules are meant both to protect programs from extremely obvious and potentially disastrous runtime errors. The errors that cause a general protection fault are in general unrecoverable and it is determined that the safest response is usually to terminate the program.
Contents |
Causes for faults
In general, there are four types of errors that will cause this type of fault to be reported.
In Microsoft Windows each of these errors is reported as a "general protection fault". In systems such as Unix and Linux, the errors are reported separately (e.g. segmentation fault for memory errors).
Memory errors
In this case, the program attempted to perform an action which would result in accessing a portion of memory which should not be accessed. This can include:
- Writing to a read-only portion of memory
- Attempting to execute bytes in memory which are not designated as instructions
- Attempting to read as data bytes in memory which are designated as instructions
- Other miscellaneous conflicts between the designation of a part of memory and its use
Privilege errors
There are some things on a computer which are reserved for the exclusive use of the operating system. If a program which is not part of the operating system attempts to use one of these features, it may cause a general protection fault.
Additionally, there are storage locations which are reserved both for the operating system and the processor itself. As a consequence of their reservation, they are read-only and an attempt to write data to them by an unprivileged program is an error.
Behavior errors
The Intel architecture specification defines some behaviors or conventions which programs are expected to adhere to, largely for the protection of the consistency of data within and between programs. If a program does not observe one of these conventions, it may cause a general protection fault.
This type of error will also occur if a situation arises in which two indicators are in conflict, a program performs an action which does not make sense or is not meaningful in the current context, or an invariant condition has been violated.
Malformatting errors
A general protection fault can be caused if an instruction loaded by the processor is not in the expected instruction format or is too long.
Technical causes for faults
General protection faults can occur for several reasons, including:
- segment limits exceeded
- with CS, DS, ES, FS, or GS,
- accessing descriptor tables (such as the GDT/IDT/LDT),
- segment permissions violated
- jumping to nonexecutable segments
- writing to code or read only segments
- reading execute-only segments
- segments illegally loaded
- stack segment (SS) loaded with a segment selector for a read only, executable, or null segment
- code segment (CS) loaded with a segment selector for a data or null segment.
- SS, DS, ES, FS, GS, loaded with a segment selector for a system segment
- DS, ES, ES, FS, GS, loaded with a segment selector for an execute-only code segment
- accessing memory using DS, ES, FS, or GS, when they contain a null selector
- switching (TSS)
- switching to a busy task during a call or jump
- switching to an available task during IRET
- using a segment selector on switch pointing to a TSS descriptor in the LDT
- miscellaneous
- attempting to access an interrupt/exception handler from v86 mode when the handler's code segment DPL is greater than 0.
- attempting to write a 1 into the reserved bits of CR4
- attempting to execute privileged instructions when the current privilege level (CPL) is not zero
- writing to a reserved bit in a MSR
- accessing a gate containing a null segment selector
- executing a software interrupt when the CPL is greater than the DPL set for the interrupt gate
- the segment selector in a call, interrupt or trap gate does not point to a code segment
- exceeding the instruction length of 15 bytes
- violating privilege rules
- enabling paging whilst disabling protection
- referencing IDT following an interrupt or exception that is not an interrupt, trap, or task gate
Reference: Intel Architecture Software Developer's Manual Volume 3: System Programming