3 multi-segment model – Intel IA-32 User Manual
Page 85
Vol. 3A 3-5
PROTECTED-MODE MEMORY MANAGEMENT
3.2.3
Multi-Segment Model
A multi-segment model (such as the one shown in Figure 3-4) uses the full capabilities of the
segmentation mechanism to provided hardware enforced protection of code, data structures, and
programs and tasks. Here, each program (or task) is given its own table of segment descriptors
and its own segments. The segments can be completely private to their assigned programs or
shared among programs. Access to all segments and to the execution environments of individual
programs running on the system is controlled by hardware.
Access checks can be used to protect not only against referencing an address outside the limit
of a segment, but also against performing disallowed operations in certain segments. For
example, since code segments are designated as read-only segments, hardware can be used to
prevent writes into code segments. The access rights information created for segments can also
be used to set up protection rings or levels. Protection levels can be used to protect operating-
system procedures from unauthorized access by application programs.
Figure 3-4. Multi-Segment Model
Linear Address Space
(or Physical Memory)
Segment
Registers
CS
Segment
Descriptors
Limit
Access
Base Address
SS
Limit
Access
Base Address
DS
Limit
Access
Base Address
ES
Limit
Access
Base Address
FS
Limit
Access
Base Address
GS
Limit
Access
Base Address
Limit
Access
Base Address
Limit
Access
Base Address
Limit
Access
Base Address
Limit
Access
Base Address
Stack
Code
Data
Data
Data
Data