Intel 253668-032US ユーザーズマニュアル
5-2 Vol. 3
PROTECTION
there is no control bit for turning the protection mechanism on or off. The part of the
segment-protection mechanism that is based on privilege levels can essentially be
disabled while still in protected mode by assigning a privilege level of 0 (most privi-
leged) to all segment selectors and segment descriptors. This action disables the
privilege level protection barriers between segments, but other protection checks
such as limit checking and type checking are still carried out.
Page-level protection is automatically enabled when paging is enabled (by setting the
PG flag in register CR0). Here again there is no mode bit for turning off page-level
protection once paging is enabled. However, page-level protection can be disabled by
performing the following operations:
segment-protection mechanism that is based on privilege levels can essentially be
disabled while still in protected mode by assigning a privilege level of 0 (most privi-
leged) to all segment selectors and segment descriptors. This action disables the
privilege level protection barriers between segments, but other protection checks
such as limit checking and type checking are still carried out.
Page-level protection is automatically enabled when paging is enabled (by setting the
PG flag in register CR0). Here again there is no mode bit for turning off page-level
protection once paging is enabled. However, page-level protection can be disabled by
performing the following operations:
•
Clear the WP flag in control register CR0.
•
Set the read/write (R/W) and user/supervisor (U/S) flags for each page-directory
and page-table entry.
and page-table entry.
This action makes each page a writable, user page, which in effect disables page-
level protection.
level protection.
5.2
FIELDS AND FLAGS USED FOR SEGMENT-LEVEL AND
PAGE-LEVEL PROTECTION
The processor’s protection mechanism uses the following fields and flags in the
system data structures to control access to segments and pages:
system data structures to control access to segments and pages:
•
Descriptor type (S) flag — (Bit 12 in the second doubleword of a segment
descriptor.) Determines if the segment descriptor is for a system segment or a
code or data segment.
descriptor.) Determines if the segment descriptor is for a system segment or a
code or data segment.
•
Type field — (Bits 8 through 11 in the second doubleword of a segment
descriptor.) Determines the type of code, data, or system segment.
descriptor.) Determines the type of code, data, or system segment.
•
Limit field — (Bits 0 through 15 of the first doubleword and bits 16 through 19
of the second doubleword of a segment descriptor.) Determines the size of the
segment, along with the G flag and E flag (for data segments).
of the second doubleword of a segment descriptor.) Determines the size of the
segment, along with the G flag and E flag (for data segments).
•
G flag — (Bit 23 in the second doubleword of a segment descriptor.) Determines
the size of the segment, along with the limit field and E flag (for data segments).
the size of the segment, along with the limit field and E flag (for data segments).
•
E flag — (Bit 10 in the second doubleword of a data-segment descriptor.)
Determines the size of the segment, along with the limit field and G flag.
Determines the size of the segment, along with the limit field and G flag.
•
Descriptor privilege level (DPL) field — (Bits 13 and 14 in the second
doubleword of a segment descriptor.) Determines the privilege level of the
segment.
doubleword of a segment descriptor.) Determines the privilege level of the
segment.
•
Requested privilege level (RPL) field — (Bits 0 and 1 of any segment
selector.) Specifies the requested privilege level of a segment selector.
selector.) Specifies the requested privilege level of a segment selector.
•
Current privilege level (CPL) field — (Bits 0 and 1 of the CS segment
register.) Indicates the privilege level of the currently executing program or
register.) Indicates the privilege level of the currently executing program or