180 likes | 323 Views
Lect 6: Protected-Mode SW Architecture II. Segmentation : 4GB physical memory -- organized into segments that can be any size from 1 byte to 4G byte Paging: 1,048,496 pages that are each 4K(4096) bytes long. Page 1,048,495. 4KB. Page 1,048,494. 4KB. . . Physical Address space. Page 1.
E N D
Segmentation : 4GB physical memory -- organized into segments that can be any size from 1 byte to 4G byte Paging: 1,048,496 pages that are each 4K(4096) bytes long Page 1,048,495 4KB Page 1,048,494 4KB . . Physical Address space . . Page 1 4KB Page 0 4KB Paging Memory Management SELECTOR OFFSET LOGICAL ADDRESS SEGMENT TRANSLATION PAGING DISABLED PG? PAGING ENABLED 0 31 LINEAR ADDRESS DIR PAGE OFFSET PAGE TRANSLATION PHYSICAL ADDRESS
TLB (Translation Lookaside Buffer) • maintaining 32 sets of table entries • 128 KB of paged memory are always directly accessible Linear Address Format DIRECTORY PAGE OFFSET 31 22 21 12 11 0 Page Frame Operand Translation lookaside buffer (TLB) Page table entry Page table Page directory entry Page directory table PDBR(CR3)
Descriptors and Page Table Entries 23 16 15 8 7 32 0 24 AVL LIMIT 19..16 4 BASE 31..24 G X 0 P DPL S TYPE A BASE 23..16 7 3 SEGMENT LIMIT 15 .. 0 SEGMENT BASE 15 .. 0 0 if data segment (S=1, E=0) Type Field Definition if code segment (S=1, E=1)
G : granularity bit G = 1 Page (the lowest 12 bits of segment base address should be zero) G = 0 Byte (1MB max) D: default length for operands and effective addresses D = 1 32-bit operation D = 0 16-bit operation AVL: programmer available Example: Access Rights byte FEH = 1111 1110 P = 1 Segment is mapped into physical memory DPL=11 Privilege level 3 E = 1 executable code segment C = 1 confirming code segment R = 1 readable code segment A = 0 segment has not been accessed Descriptor Format
Loading Descriptor from Descriptor Table 00A0FFFFH GDTR 00A00000H FFFFH 00A02007H GDT (64KB) LDTR descriptor 00A02000H 00A00000H SYSTEM MEMORY 0 82 00 0 90 0090FFFFH 0000 FFFF 00901007H LDT (64KB) CS descriptor 00901000H 2000H LDTR 0090000H FFFFH 00900000H 0 00 FE 60 F USER MEMORY 0000 FFFF 0060FFFFH CODE SEGMENT (1 MB) CS 1005H 0060000H FFFFH 00600000H
System descriptor Access Right byte: 82H 82H = 1000 0010: S=0 system segment, Type = 0010 = local descriptor table, DPL = 00 = privilege level 0, P = 1 present in physical memory 0 BASE 23..16 7 SEGMENT LIMIT 15 .. 0 A 8 TYPE 0 DPL 15 P 16 LIMIT 19..16 AVL 0 X 23 G SEGMENT BASE 15 .. 0 24 BASE 31..24 32 7 3 4 0
P : Present bit P = 1 the entry is valid and is available for use in address translation P = 0 the entry is undefined or not present in physical memory : page fault A : Accessed D : Dirty bit AVL U/S, R/W U/S R/W User Supervisor 0 0 None R/W 0 1 None R/W 1 0 Read-only R/W 1 1 R/W R/W Page Table Entries 31 12 11 0 U / S R / W BASE ADDRESS 31-12 AVL 00 D A 00 P
Examples LAR D, S : Load access right byte LAR r16, r/m16 ; LAR r32, r/m32 high order double word: 00FxFF00 <- mask ARPL r/m16, r16 : Adjust RPL field of the selector If RPL bits(0,1) of Dest < RPL bits(0,1) of SRC Then ZF <-1; RPL bits(0,1) of DEST <-RPL bits(0,1) of SRC; else ZF <-0; Examples
386 : multitasking software architecture on-chip hardware that both permits multiple tasks to exist and allows them to be scheduled for execution in a time-shared manner. Task switching mechanism 16 MHz 386 : task switch 19 ms Multitasking and Protection Task 1 Local Address Space Task 1 Virtual Address Space Global Address Space Task 3 Virtual Address Space Task 2 Virtual Address Space Task 2 Local Address Space Task 3 Local Address Space
Protection : unauthorized or incorrect accesses of a task’s memory resources Segmentation, paging, and descriptors Segment Level Protection In parallel with address translation Five Protection Checks Type Check: 16 types, Code and Data Limit Check Restriction of Addressable Domain : readable, writeable Restriction of Procedure Entry Point Restriction of Instruction Set Protection and the Protection Model
Selector Offset Protection Memory Limit Type and limit check Data Base Access rights Selector Base Limit LDT Limit Base
23 16 15 8 7 0 32 24 DPL S TYPE A AVL LIMIT 19..16 4 BASE 31..24 G X 0 P BASE 23..16 7 1 R C A 1 DPL W E 0 3 SEGMENT LIMIT 15 .. 0 SEGMENT BASE 15 .. 0 0 Protection A - Accessed C - Confirming R - Readable E - Expand-down W - Writable
Data Structures contains Privilege Levels CPL : Current Privilege Level DPL of the access rights byte in CS segment descriptor cache register privilege level of the code and data segment for the current task RPL : Requested Privilege Level the privilege level of the new selector loaded into a segment register DPL : Segment Descriptor Privilege Level Privilege Levels Task A local address space Applications Custom extensions System Services Kernel Level 3 Level 1 Level 0 Level 2 Task B local address space global address space Task C local address space
Checking: When the selector of a descriptor is loaded into a segment register Restricting Access Data Descriptors : DS, ES, FS, GS, or SS CPL : current privilege level DPL : seg descriptor of the segment containing the operand RPL : requestor's privilege of the selector ; DPL ³ MAX (CPL, RPL) Stack : RPL = CPL
Privilege - check 16-bit visible selector Invisible Descriptor CPL CS Target Segment Selector Privilege check by CPU RPL INDEX Data Segment Descriptor 23 16 15 8 7 0 32 24 DPL S TYPE A AVL LIMIT 19..16 4 BASE 31..24 G X 0 P BASE 23..16 7 1 R C A 1 DPL W E 0 3 SEGMENT LIMIT 15 .. 0 SEGMENT BASE 15 .. 0 0