Intel IA-32 Manuale Utente
Vol. 3A 4-1
CHAPTER 4
PROTECTION
In protected mode, the IA-32 architecture provides a protection mechanism that operates at both
the segment level and the page level. This protection mechanism provides the ability to limit
access to certain segments or pages based on privilege levels (four privilege levels for segments
and two privilege levels for pages). For example, critical operating-system code and data can be
protected by placing them in more privileged segments than those that contain applications
code. The processor’s protection mechanism will then prevent application code from accessing
the operating-system code and data in any but a controlled, defined manner.
the segment level and the page level. This protection mechanism provides the ability to limit
access to certain segments or pages based on privilege levels (four privilege levels for segments
and two privilege levels for pages). For example, critical operating-system code and data can be
protected by placing them in more privileged segments than those that contain applications
code. The processor’s protection mechanism will then prevent application code from accessing
the operating-system code and data in any but a controlled, defined manner.
Segment and page protection can be used at all stages of software development to assist in local-
izing and detecting design problems and bugs. It can also be incorporated into end-products to
offer added robustness to operating systems, utilities software, and applications software.
izing and detecting design problems and bugs. It can also be incorporated into end-products to
offer added robustness to operating systems, utilities software, and applications software.
When the protection mechanism is used, each memory reference is checked to verify that it
satisfies various protection checks. All checks are made before the memory cycle is started; any
violation results in an exception. Because checks are performed in parallel with address transla-
tion, there is no performance penalty. The protection checks that are performed fall into the
following categories:
satisfies various protection checks. All checks are made before the memory cycle is started; any
violation results in an exception. Because checks are performed in parallel with address transla-
tion, there is no performance penalty. The protection checks that are performed fall into the
following categories:
•
Limit checks.
•
Type checks.
•
Privilege level checks.
•
Restriction of addressable domain.
•
Restriction of procedure entry-points.
•
Restriction of instruction set.
All protection violation results in an exception being generated. See Chapter 5, “Interrupt and
Exception Handling,” for an explanation of the exception mechanism. This chapter describes the
protection mechanism and the violations which lead to exceptions.
Exception Handling,” for an explanation of the exception mechanism. This chapter describes the
protection mechanism and the violations which lead to exceptions.
The following sections describe the protection mechanism available in protected mode. See
Chapter 15, “8086 Emulation,” for information on protection in real-address and virtual-8086
mode.
Chapter 15, “8086 Emulation,” for information on protection in real-address and virtual-8086
mode.
4.1
ENABLING AND DISABLING SEGMENT AND PAGE
PROTECTION
PROTECTION
Setting the PE flag in register CR0 causes the processor to switch to protected mode, which in
turn enables the segment-protection mechanism. Once in protected mode, there is no control bit
for turning the protection mechanism on or off. The part of the segment-protection mechanism
turn enables the segment-protection mechanism. Once in protected mode, there is no control bit
for turning the protection mechanism on or off. The part of the segment-protection mechanism