3.5 Implementing Memory Protection
■ Privilege-level chccks.
■ Restricted instruction chccks.
All of these checks will occur before the memory access cycle begins. If a
violation occurs, a general-protection exception (often denoted by #GP) will
be generated by the processor. Furthermore, there is no performance penalty
associated with these checks, as they occur in tandem with the address resolu¬
tion process.
Limit Checks
Limit checks use the 20-bit limit field of the segment descriptor to ensure that
a program doesn't access memory that isn't there. The processor also uses
the GDTR's size limit field to make sure that segment selectors do not access
entries that lie outside of the GDT.
Type Checks
Type checks use the segment descriptor's S flag and type field to make sure
that a program isn't trying to access a memory segment in an inappropriate
manner. For example, the CS register can only be loaded with a selector for a
code segment. Here's another example: No instruction can write into a code
segment. A far call or far jump can only access the segment descriptor of
another code segment or call gate. Finally, if a program tries to load the CS or
SS segment registers with a selector that points to the first (i.e., empty) GDT
entry (the null descriptor), a general-protection excepdon is generated.
Privilege Checks
Privilege-level checks are based on the four privilege levels that the IA-32
processor acknowledges. These privilege levels range from 0 (denoting the
highest degree of privilege) to 3 (denoting the least degree of privilege).
These levels can be seen in terms of concentric rings of protecdon (see Figure
3.22), with the innermost ring. Ring 0, corresponding to the privilege level 0.
In so many words, what privilege checks do is to prevent a process running
in an outer ring from arbitrarily accessing segments that exist inside an inner
ring. As with handing a child a loaded gun, mechanisms must be put in place
by the operating system to make sure that this sort of operation only occurs
under carefully controlled circumstances.
Parti I 103