Intel architecture ia-32 User Manual

4-40 Vol. 3A

Page-level protection can be used to enhance segment-level protection. For example, if a large
read-write data segment is paged, the page-protection mechanism can be used to write-protect
individual pages.

* If CR0.WP = 1, access type is determined by the R/W flags of the page-directory and page-table entries.

IF CR0.WP = 0, supervisor privilege permits read-write access.

In addition to page-level protection offered by the U/S and R/W flags, enhanced PAE-enabled
paging structures (see Section 3.10.3, “Enhanced Paging Data Structures”) provide the execute-
disable bit. This bit offers additional protection for data pages. 

An IA-32 processor with the execute disable bit capability can prevent data pages from being
used by malicious software to execute code. This capability is provided in:

•

32-bit protected mode with PAE enabled.

•

IA-32e mode.

User 

Read-Only User

Read-Only User 

Read-Only

User

Read-Only User 

Read-Write

User

Read-Only

User

Read-Write

User

Read-Only

User

Read-Only 

User

Read-Write

User

Read-Write

User

Read/Write

User

Read-Only

Supervisor

Read-Only

Supervisor

Read/Write*

User

Read-Only

Supervisor

Read-Write

Supervisor

Read/Write*

User

Read-Write

Supervisor

Read-Only Supervisor

Read/Write*

User Read-Write

Supervisor

Read-Write

Supervisor 

Read/Write

Supervisor

Read-Only

User

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Only

User

Read-Write

Supervisor

Read/Write*

Supervisor

Read-Write

User

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Write

User

Read-Write

Supervisor

Read/Write

Supervisor

Read-Only

Supervisor

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Only

Supervisor

Read-Write

Supervisor

Read/Write*

Supervisor

Read-Write

Supervisor

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Write

Supervisor

Read-Write

Supervisor

Read/Write