General protection fault

Last updated March 06, 2024

Generic error message for a general protection fault (Unrecoverable Application Error) in Windows 3.0

Example error message for a general protection fault in Windows 3.1x

A general protection fault (GPF) in the x86 instruction set architectures (ISAs) is a fault (a type of interrupt) initiated by ISA-defined protection mechanisms in response to an access violation caused by some running code, either in the kernel or a user program. The mechanism is first described in Intel manuals and datasheets for the Intel 80286 CPU, which was introduced in 1983; it is also described in section 9.8.13 in the Intel 80386 programmer's reference manual from 1986. A general protection fault is implemented as an interrupt (vector number 13 (0Dh)). Some operating systems may also classify some exceptions not related to access violations, such as illegal opcode exceptions, as general protection faults, even though they have nothing to do with memory protection. If a CPU detects a protection violation, it stops executing the code and sends a GPF interrupt. In most cases, the operating system removes the failing process from the execution queue, signals the user, and continues executing other processes. If, however, the operating system fails to catch the general protection fault, i.e. another protection violation occurs before the operating system returns from the previous GPF interrupt, the CPU signals a double fault, stopping the operating system. If yet another failure (triple fault) occurs, the CPU is unable to recover; since 80286, the CPU enters a special halt state called "Shutdown", which can only be exited through a hardware reset. The IBM PC AT, the first PC-compatible system to contain an 80286, has hardware that detects the Shutdown state and automatically resets the CPU when it occurs. All descendants of the PC AT do the same, so in a PC, a triple fault causes an immediate system reset.

Specific behavior

Microsoft Windows

In Microsoft Windows, the general protection fault presents with varied language, depending on product version:

Operating system	Error message	Notes
Windows 3.0	UNRECOVERABLE APPLICATION ERROR Terminating current application.	^[1]
Windows 3.1x	[Program Name] caused a General Protection Fault in module [module name] at [memory address].	This error message (with the same design format) can also appear in later versions (95, 98 and Me) in rare occasions. The text of this error also appears in 95, 98 and Me if the 'Details' button is clicked or if Alt+D is pressed, with the addition of Registers, Bytes at CS:EIP and Stack Dump.
Windows 95 Windows 98 Windows NT 4.0	This program has performed an illegal operation and will be shut down. If the problem persists, contact the program vendor.	Sometimes, the error also says, "Quit all programs, and then restart your computer", especially when the problem is more severe or when the system is unstable, and the return address points into a Windows DLL or other system processes. When a debugger is installed, there is also a Debug button between the Close and Details buttons.
Windows 2000	[Program Name] has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created.
Windows Me	[Program Name] has caused an error in [Module Name]. [Program Name] will now close. If you continue to experience problems, try restarting the computer.	When a debugger is installed, there is also a Debug button below the Close button. Details are still viewable by pressing Alt+D and via the faultlog.txt file.
Windows XP Windows Server 2003 Windows Server 2003 R2	[Program Name] has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. [...] For more information about this error, click here.	The error message also offers the option to send error details to Microsoft for analysis.
Windows Vista and later, excluding Windows 10 Windows Server 2008 and later	[Program Name] has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.	By default, Windows will send error details to Microsoft for analysis but the system can be configured to either not send, or ask the user what to do each time.
Windows 10 Windows 11		Windows will send error details to Microsoft for analysis. Users with a business license can configure how much information is sent.

Unix

In Linux and other Unices, the errors are reported separately (e.g. segmentation fault for memory errors).

Memory errors

In memory errors, the faulting program accesses memory that it should not access. Examples include:

Attempting to write to a read-only portion of memory
Attempting to execute bytes in memory which are not designated as instructions
Attempting to read as data bytes in memory which are designated as instructions
Other miscellaneous conflicts between the designation of a part of memory and its use

However, many modern operating systems implement their memory access-control schemes via paging instead of segmentation, so it is often the case that invalid memory references in operating systems such as Windows are reported via page faults instead of general protection faults. Operating systems typically provide an abstraction layer (such as exception handling or signals) that hides whatever internal processor mechanism was used to raise a memory access error from a program, for the purposes of providing a standard interface for handling many different types of processor-generated error conditions.

In terms of the x86 architecture, general protection faults are specific to segmentation-based protection when it comes to memory accesses. However, general protection faults are still used to report other protection violations (aside from memory access violations) when paging is used, such as the use of instructions not accessible from the current privilege level (CPL).

While it is theoretically possible for an operating system to utilize both paging and segmentation, for the most part, common operating systems typically rely on paging for the bulk of their memory access control needs.

Privilege errors

There are some things on a computer which are reserved for the exclusive use of the operating system. If a program which is not part of the operating system attempts to use one of these features, it may cause a general protection fault.

Additionally, there are storage locations which are reserved both for the operating system and the processor itself. As a consequence of their reservation, they are read-only and an attempt to write data to them by an unprivileged program produces an error.

Technical causes for faults

General protection faults are raised by the processor when a protected instruction is encountered which exceeds the permission level of the currently executing task, either because a user-mode program is attempting a protected instruction, or because the operating system has issued a request which would put the processor into an undefined state.

General protection faults are caught and handled by modern operating systems. Generally, if the fault originated in a user-mode program, the user-mode program is terminated. If, however, the fault originated in a core system driver or the operating system itself, the operating system usually saves diagnostic information either to a file or to the screen and stops operating. It either restarts the computer or displays an error screen, such as a Blue Screen of Death or kernel panic.

Segment limits exceeded

Segment limits can be exceeded:

with code segment (CS), data segment (DS), or ES, FS, or GS (extra segment) registers; or
accessing descriptor tables such as the Global Descriptor Table (GDT), the Interrupt descriptor table (IDT) and the Local Descriptor Table (LDT).

Segment permissions violated

Segment permissions can be violated by:

jumping to non-executable segments
writing to code segments, or read only segments
reading execute-only segments

Segments illegally loaded

This can occur when:

a stack segment (SS) is loaded with a segment selector for a read only, executable, null segment, or segment with descriptor privilege not matching the current privilege in CS
a code segment (CS) loaded with a segment selector for a data, system, or null segment
SS, DS, ES, FS, or GS are segments loaded with a segment selector for a system segment
SS, DS, ES, FS, or GS are segments loaded with a segment selector for an execute-only code segment
accessing memory using DS, ES, FS, or GS registers, when they contain a null selector

Switching

Faults can occur in the task state segment (TSS) structure when:

switching to a busy task during a call or jump instruction
switching to an available task during an interrupt return (IRET) instruction
using a segment selector on a switch pointing to a TSS descriptor in the LDT^{[ clarification needed ]}

Miscellaneous

Other causes of general protection faults are:

attempting to access an interrupt/exception handler from virtual 8086 mode when the handler's code segment descriptor privilege level (DPL) is greater than zero
attempting to write a one into the reserved bits of CR4
attempting to execute privileged instructions when the current privilege level (CPL) is not zero
attempting to execute a single instruction with a length greater than 15 bytes (possibly by prepending the instruction with superfluous prefixes)^[2]^[3]
writing to a reserved bit in an MSR instruction
accessing a gate containing a null segment selector
executing a software interrupt when the CPL is greater than the DPL set for the interrupt gate
the segment selector in a call, interrupt or trap gate does not point to a code segment
violating privilege rules
enabling paging whilst disabling protection
referencing the interrupt descriptor table following an interrupt or exception that is not an interrupt, trap, or a task gate
Legacy SSE: Memory operand is not 16-byte aligned.

Related Research Articles

The Intel 80286 is a 16-bit microprocessor that was introduced on February 1, 1982. It was the first 8086-based CPU with separate, non-multiplexed address and data buses and also the first with memory management and wide protection abilities. The 80286 used approximately 134,000 transistors in its original nMOS (HMOS) incarnation and, just like the contemporary 80186, it could correctly execute most software written for the earlier Intel 8086 and 8088 processors.

In computing, a segmentation fault or access violation is a fault, or failure condition, raised by hardware with memory protection, notifying an operating system (OS) the software has attempted to access a restricted area of memory. On standard x86 computers, this is a form of general protection fault. The operating system kernel will, in response, usually perform some corrective action, generally passing the fault on to the offending process by sending the process a signal. Processes can in some cases install a custom signal handler, allowing them to recover on their own, but otherwise the OS default signal handler is used, generally causing abnormal termination of the process, and sometimes a core dump.

x86 is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introduced in 1978 as a fully 16-bit extension of Intel's 8-bit 8080 microprocessor, with memory segmentation as a solution for addressing more memory than can be covered by a plain 16-bit address. The term "x86" came into being because the names of several successors to Intel's 8086 processor end in "86", including the 80186, 80286, 80386 and 80486 processors. Colloquially, their names were "186", "286", "386" and "486".

x86 memory segmentation refers to the implementation of memory segmentation in the Intel x86 computer instruction set architecture. Segmentation was introduced on the Intel 8086 in 1978 as a way to allow programs to address more than 64 KB (65,536 bytes) of memory. The Intel 80286 introduced a second version of segmentation in 1982 that added support for virtual memory and memory protection. At this point the original mode was renamed to real mode, and the new version was named protected mode. The x86-64 architecture, introduced in 2003, has largely dropped support for segmentation in 64-bit mode.

In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as segmentation, virtual memory, paging and safe multi-tasking designed to increase an operating system's control over application software.

A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware unit that examines all memory references on the memory bus, translating these requests, known as virtual memory addresses, into physical addresses in main memory.

x86 assembly language is the name for the family of assembly languages which provide some level of backward compatibility with CPUs back to the Intel 8008 microprocessor, which was launched in April 1972. It is used to produce object code for the x86 class of processors.

In computing, a crash, or system crash, occurs when a computer program such as a software application or an operating system stops functioning properly and exits. On some operating systems or individual applications, a crash reporting service will report the crash and any details relating to it, usually to the developer(s) of the application. If the program is a critical part of the operating system, the entire system may crash or hang, often resulting in a kernel panic or fatal system error.

In computing, a bus error is a fault raised by hardware, notifying an operating system (OS) that a process is trying to access memory that the CPU cannot physically address: an invalid address for the address bus, hence the name. In modern use on most architectures these are much rarer than segmentation faults, which occur primarily due to memory access violations: problems in the logical address or permissions.

In DOS memory management, extended memory refers to memory above the first megabyte (2²⁰ bytes) of address space in an IBM PC or compatible with an 80286 or later processor. The term is mainly used under the DOS and Windows operating systems. DOS programs, running in real mode or virtual x86 mode, cannot directly access this memory, but are able to do so through an application programming interface called the Extended Memory Specification (XMS). This API is implemented by a driver (such as HIMEM.SYS) or the operating system, which takes care of memory management and copying memory between conventional and extended memory, by temporarily switching the processor into protected mode. In this context, the term "extended memory" may refer to either the whole of the extended memory or only the portion available through this API.

The iAPX 432 is a discontinued computer architecture introduced in 1981. It was Intel's first 32-bit processor design. The main processor of the architecture, the general data processor, is implemented as a set of two separate integrated circuits, due to technical limitations at the time. Although some early 8086, 80186 and 80286-based systems and manuals also used the iAPX prefix for marketing reasons, the iAPX 432 and the 8086 processor lines are completely separate designs with completely different instruction sets.

Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes, or the operating system itself. Protection may encompass all accesses to a specified area of memory, write accesses, or attempts to execute the contents of the area. An attempt to access unauthorized memory results in a hardware fault, e.g., a segmentation fault, storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable space protection.

In x86 computing, unreal mode, also big real mode, flat real mode, or voodoo mode is a variant of real mode, in which one or more segment descriptors has been loaded with non-standard values, like 32-bit limits allowing access to the entire memory. Contrary to its name, it is not a separate addressing mode that the x86 processors can operate in. It is used in the 80286 and later x86 processors.

Memory segmentation is an operating system memory management technique of dividing a computer's primary memory into segments or sections. In a computer system using segmentation, a reference to a memory location includes a value that identifies a segment and an offset within that segment. Segments or sections are also used in object files of compiled programs when they are linked together into a program image and when the image is loaded into memory.

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior.

The Global Descriptor Table (GDT) is a data structure used by Intel x86-family processors starting with the 80286 in order to define the characteristics of the various memory areas used during program execution, including the base address, the size, and access privileges like executability and writability. These memory areas are called segments in Intel terminology.

A call gate is a mechanism in Intel's x86 architecture for changing the privilege level of a process when it executes a predefined function call using a CALL FAR instruction.

The task state segment (TSS) is a structure on x86-based computers which holds information about a task. It is used by the operating system kernel for task management. Specifically, the following information is stored in the TSS:

In memory addressing for Intel x86 computer architectures, segment descriptors are a part of the segmentation unit, used for translating a logical address to a linear address. Segment descriptors describe the memory segment referred to in the logical address. The segment descriptor contains the following fields:

A segment base address
The segment limit which specifies the segment size
Access rights byte containing the protection mechanism information
Control bits

The IBM System/360 architecture is the model independent architecture for the entire S/360 line of mainframe computers, including but not limited to the instruction set architecture. The elements of the architecture are documented in the IBM System/360 Principles of Operation and the IBM System/360 I/O Interface Channel to Control Unit Original Equipment Manufacturers' Information manuals.

References

↑ "Troubleshooting "Unrecoverable Application Error" in DrWatson". Support. Microsoft. 27 February 2014.
↑ "Page 223" . Retrieved 2023-09-24.
↑ Tornote - Privnote