Chapter 26 Quiz: Interrupts, Exceptions, and Kernel Mode
1. What is the key difference between an interrupt gate and a trap gate?
A) Interrupt gates are for hardware interrupts; trap gates are for software interrupts B) Interrupt gates clear the IF flag on entry; trap gates do not C) Trap gates are faster because they don't save RFLAGS D) Interrupt gates are 32-bit; trap gates are 64-bit
Answer: B — An interrupt gate (type 0xE) clears the Interrupt Flag (IF) in RFLAGS on entry, preventing other hardware interrupts from preempting the handler. A trap gate (type 0xF) preserves IF, allowing nested interrupts. Both work for any vector type.
2. Which x86-64 exception vector is the Page Fault?
A) 6 B) 8 C) 13 D) 14
Answer: D — Vector 14 is #PF (Page Fault). The faulting virtual address is in CR2, and the error code is pushed on the stack.
3. What does the LIDT instruction do?
A) Loads the Local Interrupt Descriptor Table from memory B) Loads the IDTR register with a base address and limit from memory C) Lists all active interrupts in the IDT D) Locks the IDT against modification
Answer: B — LIDT [mem] loads the 10-byte IDTR (6-byte descriptor: 2-byte limit + 8-byte base address) from the specified memory location. This is how the CPU learns where the IDT is.
4. Why must the 8259A PIC be remapped to use vectors 32–47?
A) Vectors 0-31 are too slow for hardware interrupts B) The PIC's default vectors (8-15) overlap with CPU exception vectors (e.g., vector 8 = double fault) C) Linux requires all hardware interrupts above vector 31 D) The APIC requires this remapping for compatibility
Answer: B — Without remapping, IRQ0 (timer) would use vector 8, which is already the double fault (#DF) exception. The OS would call the wrong handler for every timer tick.
5. Which register holds the faulting virtual address when a page fault (#PF) occurs?
A) CR0 B) CR2 C) CR3 D) CR4
Answer: B — CR2 is automatically loaded with the faulting virtual address by the CPU when a page fault occurs. CR3 holds the page table base address, CR0 contains control flags, CR4 contains feature flags.
6. When the CPU handles an interrupt in user mode (ring 3) and the IDT entry has a ring-0 handler, which of the following does the CPU push on the stack?
A) Only RIP and CS B) RFLAGS, CS, and RIP C) SS, RSP (user), RFLAGS, CS, and RIP D) Nothing — registers are saved by software
Answer: C — When a privilege change occurs (ring 3 → ring 0), the CPU also pushes the user-mode SS and RSP so the kernel can see and restore the user stack. Without these, IRETQ could not return to user mode.
7. What does the IRETQ instruction do?
A) Returns from a function call with a 64-bit return value B) Immediately requests another interrupt C) Pops RIP, CS, RFLAGS (and optionally RSP, SS) from the stack and resumes execution D) Returns from the kernel's main interrupt loop
Answer: C — IRETQ (64-bit IRET) restores the execution context saved when the interrupt was taken: pops RIP, CS, and RFLAGS at minimum. If a privilege change occurred, also pops RSP and SS.
8. What is the purpose of the End-of-Interrupt (EOI) command sent to the PIC?
A) It tells the PIC to stop generating all future interrupts B) It tells the PIC that the current interrupt has been handled and it may send the next one on that line C) It resets the interrupt priority levels in the PIC D) It acknowledges receipt of the interrupt to the originating device
Answer: B — The PIC won't send another interrupt on an IRQ line until it receives EOI. If your handler returns without sending EOI, that IRQ will be masked for the rest of the program's execution.
9. An exception handler for #GP (vector 13) must pop the error code before executing IRETQ. Why?
A) The error code corrupts the return address if left on the stack B) IRETQ expects the stack to contain: RIP, CS, RFLAGS (and maybe RSP, SS) — the error code would be misinterpreted as RIP C) The error code must be stored in a global variable before returning D) IRETQ automatically pops and discards the top stack element
Answer: B — IRETQ pops a specific sequence: RIP, CS, RFLAGS (in that order from stack top). If the error code is still there, IRETQ would use it as RIP, causing a crash. The handler must pop the error code first.
10. What is the byte value of the INT3 breakpoint instruction?
A) 0x00 B) 0x90 (NOP) C) 0xCC D) 0xCD 0x03
Answer: C — INT3 is encoded as a single byte: 0xCC. This is different from INT 3 (two bytes: 0xCD 0x03). The single-byte encoding allows debuggers to overwrite any instruction's first byte with 0xCC to create a breakpoint, and the saved RIP (pointing to the next byte) correctly identifies the patched location.
11. How does the CPU determine which stack to use when transitioning from ring 3 to ring 0 on an interrupt?
A) It uses the stack pointer register RSP unchanged B) It loads RSP0 from the TSS (Task State Segment) C) It uses a hardcoded kernel stack address stored in a MSR D) The IDT entry contains the stack pointer to use
Answer: B — The TSS (Task State Segment) contains RSP0, RSP1, and RSP2 — the kernel stack pointers for rings 0, 1, and 2. When transitioning to ring 0, the CPU loads RSP from RSP0 in the current TSS. The TSS is referenced by the TR register.
12. What is IST (Interrupt Stack Table) used for?
A) Indexing into the IDT more efficiently B) Providing an alternate kernel stack for critical exceptions (like double fault) where the normal kernel stack may be corrupt C) Storing interrupt service timing data D) Translating interrupt vectors to handler addresses
Answer: B — IST provides up to 7 alternate stacks (IST1–IST7), referenced from the TSS. Critical exceptions like #DF (double fault) and #NMI use IST entries so they always have a known-good stack, even if the kernel stack that caused the exception was corrupted.
13. After handling IRQ8 (second PIC, timer at a higher IRQ level), how many PICs need to receive an EOI?
A) Zero — IRQs are acknowledged automatically B) One — only PIC2 C) Two — both PIC2 and PIC1 (cascade) D) One — only PIC1
Answer: C — IRQ8–15 go through PIC2, which is cascaded to IRQ2 of PIC1. To re-enable interrupt delivery, you must send EOI to PIC2 (0xA0) AND PIC1 (0x20) for the cascade. IRQ0–7 need only PIC1.
14. The #DB (Debug) exception fires:
A) Only when a debugger is attached
B) After every instruction when the TF (Trap Flag) is set, or on hardware breakpoint match
C) Only on INT 1 instructions
D) When the CPU detects a branch misprediction
Answer: B — #DB fires in two cases: (1) when the Trap Flag (TF, bit 8) in RFLAGS is set, causing single-step mode where every instruction fires #DB; and (2) when a hardware breakpoint condition is met (DR0–DR3 match). Debuggers use both.
15. Which of the following exceptions does NOT push an error code on the stack?
A) #GP (General Protection Fault, vector 13) B) #PF (Page Fault, vector 14) C) #UD (Invalid Opcode, vector 6) D) #DF (Double Fault, vector 8)
Answer: C — #UD (Invalid Opcode) does NOT push an error code. #GP, #PF, and #DF all push error codes. This is why you need separate handler stubs or the push-zero-dummy approach to maintain uniform stack layout.
16. The IDT has 256 entries. Where do hardware IRQs go after PIC remapping?
A) Vectors 0-15 (default) B) Vectors 16-31 (reserved for system use) C) Vectors 32-47 (after remapping PIC1 to 0x20, PIC2 to 0x28) D) Vectors 128-255 (high range for hardware)
Answer: C — After remapping PIC1 to base vector 0x20 (32) and PIC2 to 0x28 (40): IRQ0=32, IRQ1=33, ..., IRQ7=39, IRQ8=40, ..., IRQ15=47.
17. In 64-bit mode, what size is each IDT entry?
A) 4 bytes B) 8 bytes C) 16 bytes D) 32 bytes
Answer: C — In 64-bit long mode, IDT entries are 16 bytes (128 bits) because the handler address is 64 bits, requiring an extended gate descriptor format compared to the 8-byte entries used in 32-bit protected mode.
18. Which IDT field determines whether a software interrupt (INT n) from user space (ring 3) is allowed or causes a #GP?
A) The IST field B) The DPL (Descriptor Privilege Level) of the gate C) The selector field's RPL bits D) The Present (P) bit
Answer: B — For software interrupts (INT n from user space), the CPU checks that CPL ≤ DPL of the IDT gate. If the gate has DPL=0 and user code tries to execute INT n, a #GP fires. This is why INT 0x80 (old Linux syscall) required DPL=3 on that IDT entry. Hardware interrupts and exceptions bypass this check.