The holy bible of SWEB - Institute of Applied Information Processing ...
The holy bible of SWEB - Institute of Applied Information Processing ...
The holy bible of SWEB - Institute of Applied Information Processing ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3.3. BASIC CONCEPTS CHAPTER 3. VM, PROTECTION AND PAGING<br />
Figure 3.1: Protected Mode Segment Descriptor ((c) Dr. Jim Plusquellic [2])<br />
3.3 Basic Concepts<br />
3.3.1 Protected Mode<br />
<strong>The</strong> IA32 Architecture <strong>of</strong>fers a feature-set called "Protected Mode", which makes task<br />
separation possible. Using the protected mode capabilities, we can place restrictions<br />
on what a piece <strong>of</strong> code is allowed to do and in which part <strong>of</strong> the physical memory<br />
it may work. <strong>The</strong> two mechanisms making this possible are protected-mode-<br />
Segmentation and Paging. <strong>The</strong>y will be explained in this chapter. Note that in order to<br />
switch to Protected Mode, at the very least the special registers GDTR and IDTR must<br />
have been loaded.<br />
3.3.2 Protected Mode Segmentation<br />
Protected Mode Segmentation works differently than Real Mode Segmentation. In this<br />
document we consider only Protected Mode Segmentation.<br />
Basically it works by defining memory segments using so-called Segment Descriptors.<br />
<strong>The</strong>y contain a Start Address in linear memory and a Limit to how much memory<br />
beyond the start address a program is allowed to access. <strong>The</strong> segment descriptor also<br />
defines restrictions on the kind <strong>of</strong> operations a program can execute. Otherwise a Segment<br />
Violation is triggered. Even before switching to Protected Mode, some Segment<br />
Descriptors need to be defined in the so-called Global Descriptor Table (short GDT).<br />
Like any descriptor table, the GDT is an array <strong>of</strong> Segment Descriptors <strong>of</strong> 8 byte length.<br />
Obviously, a restricted program can not be allowed to (re)write the GDT and the protection<br />
mechanisms available should be employed to prevent this. <strong>The</strong> GDT should<br />
contain at least one reasonable Segment Descriptor beyond the first entry. <strong>The</strong> first<br />
entry also called the Null Descriptor, has a special purpose and all its values set to<br />
zero. Once a GDT has been set up, we can point the CPU to its location in memory by<br />
loading its linear address into the Global Descriptor Table Register (short GDTR) using<br />
the LGDT instruction. Figure 3.1 shows the fields <strong>of</strong> a Segment Descriptor. Table 3.1<br />
explains their use.<br />
Obviously, defining just one set <strong>of</strong> Descriptors for all programs is not going to help<br />
much with Task Separation, so conveniently the Local Descriptor Table (short LDT)<br />
comes to the rescue. <strong>The</strong> LDT, just like the GDT, is an array <strong>of</strong> Segment Descriptors,<br />
26 <strong>of</strong> 151