Intel IA-32 User Manual
Page 169
Vol. 3A 4-39
PROTECTION
read/write accessible. User-mode pages which are read/write or read-only are readable; super-
visor-mode pages are neither readable nor writable from user mode. A page-fault exception is
generated on any attempt to violate the protection rules.
The P6 family, Pentium, and Intel486 processors allow user-mode pages to be write-protected
against supervisor-mode access. Setting the WP flag in register CR0 to 1 enables supervisor-
mode sensitivity to user-mode, write protected pages. Supervisor pages which are read-only are
not writable from any privilege level, regardless of WP setting. This supervisor write-protect
feature is useful for implementing a “copy-on-write” strategy used by some operating systems,
such as UNIX*, for task creation (also called forking or spawning). When a new task is created,
it is possible to copy the entire address space of the parent task. This gives the child task a
complete, duplicate set of the parent's segments and pages. An alternative copy-on-write
strategy saves memory space and time by mapping the child's segments and pages to the same
segments and pages used by the parent task. A private copy of a page gets created only when
one of the tasks writes to the page. By using the WP flag and marking the shared pages as read-
only, the supervisor can detect an attempt to write to a user-level page, and can copy the page at
that time.
4.11.4
Combining Protection of Both Levels of Page Tables
For any one page, the protection attributes of its page-directory entry (first-level page table) may
differ from those of its page-table entry (second-level page table). The processor checks the
protection for a page in both its page-directory and the page-table entries. Table 4-3 shows the
protection provided by the possible combinations of protection attributes when the WP flag is
clear.
4.11.5
Overrides to Page Protection
The following types of memory accesses are checked as if they are privilege-level 0 accesses,
regardless of the CPL at which the processor is currently operating:
•
Access to segment descriptors in the GDT, LDT, or IDT.
•
Access to an inner-privilege-level stack during an inter-privilege-level call or a call to in
exception or interrupt handler, when a change of privilege level occurs.
4.12
COMBINING PAGE AND SEGMENT PROTECTION
When paging is enabled, the processor evaluates segment protection first, then evaluates page
protection. If the processor detects a protection violation at either the segment level or the page
level, the memory access is not carried out and an exception is generated. If an exception is
generated by segmentation, no paging exception is generated.
Page-level protections cannot be used to override segment-level protection. For example, a code
segment is by definition not writable. If a code segment is paged, setting the R/W flag for the
pages to read-write does not make the pages writable. Attempts to write into the pages will be
blocked by segment-level protection checks.