beautypg.com

2 restricting addressable domain – Intel IA-32 User Manual

Page 168

background image

4-38 Vol. 3A

PROTECTION

4.11.1

Page-Protection Flags

Protection information for pages is contained in two flags in a page-directory or page-table entry
(see Figure 3-14): the read/write flag (bit 1) and the user/supervisor flag (bit 2). The protection
checks are applied to both first- and second-level page tables (that is, page directories and page
tables).

4.11.2

Restricting Addressable Domain

The page-level protection mechanism allows restricting access to pages based on two privilege
levels:

Supervisor mode (U/S flag is 0)—(Most privileged) For the operating system or executive,
other system software (such as device drivers), and protected system data (such as page
tables).

User mode (U/S flag is 1)—(Least privileged) For application code and data.

The segment privilege levels map to the page privilege levels as follows. If the processor is
currently operating at a CPL of 0, 1, or 2, it is in supervisor mode; if it is operating at a CPL of
3, it is in user mode. When the processor is in supervisor mode, it can access all pages; when in
user mode, it can access only user-level pages. (Note that the WP flag in control register CR0
modifies the supervisor permissions, as described in Section 4.11.3, “Page Type.”)

Note that to use the page-level protection mechanism, code and data segments must be set up for
at least two segment-based privilege levels: level 0 for supervisor code and data segments and
level 3 for user code and data segments. (In this model, the stacks are placed in the data
segments.) To minimize the use of segments, a flat memory model can be used (see Section 3.2.1,
“Basic Flat Model”).

Here, the user and supervisor code and data segments all begin at address zero in the linear
address space and overlay each other. With this arrangement, operating-system code (running at
the supervisor level) and application code (running at the user level) can execute as if there are
no segments. Protection between operating-system and application code and data is provided by
the processor’s page-level protection mechanism.

4.11.3

Page Type

The page-level protection mechanism recognizes two page types:

Read-only access (R/W flag is 0).

Read/write access (R/W flag is 1).

When the processor is in supervisor mode and the WP flag in register CR0 is clear (its state
following reset initialization), all pages are both readable and writable (write-protection is
ignored). When the processor is in user mode, it can write only to user-mode pages that are