Intel 253668-032US Benutzerhandbuch
5-40 Vol. 3
PROTECTION
page-fault exception mechanism. This chapter describes the protection violations
which lead to page-fault exceptions.
which lead to page-fault exceptions.
5.11.1 Page-Protection
Flags
Protection information for pages is contained in two flags in a paging-structure entry
(see Chapter 4): the read/write flag (bit 1) and the user/supervisor flag (bit 2). The
protection checks use the flags in all paging structures.
(see Chapter 4): the read/write flag (bit 1) and the user/supervisor flag (bit 2). The
protection checks use the flags in all paging structures.
5.11.2
Restricting Addressable Domain
The page-level protection mechanism allows restricting access to pages based on
two privilege levels:
two privilege levels:
•
Supervisor mode (U/S flag is 0)—(Most privileged) For the operating system or
executive, other system software (such as device drivers), and protected system
data (such as page tables).
executive, other system software (such as device drivers), and protected system
data (such as page tables).
•
User mode (U/S flag is 1)—(Least privileged) For application code and data.
The segment privilege levels map to the page privilege levels as follows. If the
processor is currently operating at a CPL of 0, 1, or 2, it is in supervisor mode; if it is
operating at a CPL of 3, it is in user mode. When the processor is in supervisor mode,
it can access all pages; when in user mode, it can access only user-level pages. (Note
that the WP flag in control register CR0 modifies the supervisor permissions, as
described in Section 5.11.3, “Page Type.”)
Note that to use the page-level protection mechanism, code and data segments must
be set up for at least two segment-based privilege levels: level 0 for supervisor code
and data segments and level 3 for user code and data segments. (In this model, the
stacks are placed in the data segments.) To minimize the use of segments, a flat
memory model can be used (see Section 3.2.1, “Basic Flat Model”).
Here, the user and supervisor code and data segments all begin at address zero in
the linear address space and overlay each other. With this arrangement, operating-
system code (running at the supervisor level) and application code (running at the
user level) can execute as if there are no segments. Protection between operating-
system and application code and data is provided by the processor’s page-level
protection mechanism.
processor is currently operating at a CPL of 0, 1, or 2, it is in supervisor mode; if it is
operating at a CPL of 3, it is in user mode. When the processor is in supervisor mode,
it can access all pages; when in user mode, it can access only user-level pages. (Note
that the WP flag in control register CR0 modifies the supervisor permissions, as
described in Section 5.11.3, “Page Type.”)
Note that to use the page-level protection mechanism, code and data segments must
be set up for at least two segment-based privilege levels: level 0 for supervisor code
and data segments and level 3 for user code and data segments. (In this model, the
stacks are placed in the data segments.) To minimize the use of segments, a flat
memory model can be used (see Section 3.2.1, “Basic Flat Model”).
Here, the user and supervisor code and data segments all begin at address zero in
the linear address space and overlay each other. With this arrangement, operating-
system code (running at the supervisor level) and application code (running at the
user level) can execute as if there are no segments. Protection between operating-
system and application code and data is provided by the processor’s page-level
protection mechanism.
5.11.3 Page
Type
The page-level protection mechanism recognizes two page types:
•
Read-only access (R/W flag is 0).
•
Read/write access (R/W flag is 1).