Intel 253668-032US User Manual
Vol. 3 5-41
PROTECTION
When the processor is in supervisor mode and the WP flag in register CR0 is clear (its
state following reset initialization), all pages are both readable and writable (write-
protection is ignored). When the processor is in user mode, it can write only to user-
mode pages that are read/write accessible. User-mode pages which are read/write or
read-only are readable; supervisor-mode pages are neither readable nor writable
from user mode. A page-fault exception is generated on any attempt to violate the
protection rules.
Starting with the P6 family, Intel processors allow user-mode pages to be write-
protected against supervisor-mode access. Setting CR0.WP = 1 enables supervisor-
mode sensitivity to write protected pages. If CR0.WP = 1, read-only pages are not
writable from any privilege level. This supervisor write-protect feature is useful for
implementing a “copy-on-write” strategy used by some operating systems, such as
UNIX*, for task creation (also called forking or spawning). When a new task is
created, it is possible to copy the entire address space of the parent task. This gives
the child task a complete, duplicate set of the parent's segments and pages. An alter-
native copy-on-write strategy saves memory space and time by mapping the child's
segments and pages to the same segments and pages used by the parent task. A
private copy of a page gets created only when one of the tasks writes to the page. By
using the WP flag and marking the shared pages as read-only, the supervisor can
detect an attempt to write to a page, and can copy the page at that time.
state following reset initialization), all pages are both readable and writable (write-
protection is ignored). When the processor is in user mode, it can write only to user-
mode pages that are read/write accessible. User-mode pages which are read/write or
read-only are readable; supervisor-mode pages are neither readable nor writable
from user mode. A page-fault exception is generated on any attempt to violate the
protection rules.
Starting with the P6 family, Intel processors allow user-mode pages to be write-
protected against supervisor-mode access. Setting CR0.WP = 1 enables supervisor-
mode sensitivity to write protected pages. If CR0.WP = 1, read-only pages are not
writable from any privilege level. This supervisor write-protect feature is useful for
implementing a “copy-on-write” strategy used by some operating systems, such as
UNIX*, for task creation (also called forking or spawning). When a new task is
created, it is possible to copy the entire address space of the parent task. This gives
the child task a complete, duplicate set of the parent's segments and pages. An alter-
native copy-on-write strategy saves memory space and time by mapping the child's
segments and pages to the same segments and pages used by the parent task. A
private copy of a page gets created only when one of the tasks writes to the page. By
using the WP flag and marking the shared pages as read-only, the supervisor can
detect an attempt to write to a page, and can copy the page at that time.
5.11.4
Combining Protection of Both Levels of Page Tables
For any one page, the protection attributes of its page-directory entry (first-level
page table) may differ from those of its page-table entry (second-level page table).
The processor checks the protection for a page in both its page-directory and the
page-table entries. Table 5-3 shows the protection provided by the possible combina-
tions of protection attributes when the WP flag is clear.
page table) may differ from those of its page-table entry (second-level page table).
The processor checks the protection for a page in both its page-directory and the
page-table entries. Table 5-3 shows the protection provided by the possible combina-
tions of protection attributes when the WP flag is clear.
5.11.5
Overrides to Page Protection
The following types of memory accesses are checked as if they are privilege-level 0
accesses, regardless of the CPL at which the processor is currently operating:
accesses, regardless of the CPL at which the processor is currently operating:
•
Access to segment descriptors in the GDT, LDT, or IDT.
•
Access to an inner-privilege-level stack during an inter-privilege-level call or a
call to in exception or interrupt handler, when a change of privilege level occurs.
call to in exception or interrupt handler, when a change of privilege level occurs.
5.12
COMBINING PAGE AND SEGMENT PROTECTION
When paging is enabled, the processor evaluates segment protection first, then
evaluates page protection. If the processor detects a protection violation at either
the segment level or the page level, the memory access is not carried out and an
evaluates page protection. If the processor detects a protection violation at either
the segment level or the page level, the memory access is not carried out and an