Chapter 3/ Hardware Briefing

device drivers. Code executing in user-level code is limited to reading other

user-level pages where the RAV flag is clear. User-level code can read and

write to other user-level pages where the RAV flag has been set. User-level

programs cannot read or write to supervisor-level pages. User-mode pages are

typically used to house user application code and data.

Though segmentation is mandatory, it is possible to minimize the impact

of segment-level protection and rely primarily on page-related facilities.

Specifically, you could implement a flat segmentation model where the

GDT consists of five entries: a null descriptor and two sets of code and data

descriptors. One set of code and data descriptors will have a DPL of 0, and

the other pair will have a DPL of 3 (see Figure 3.26). As with the bare-bones

flat memory model discussed in the section on segment-based protection,

all descriptors begin at address 0x00000000 and span the entire linear address

space such that everyone shares the same space and there is effectively no

segmentation.

For both segment descriptors

Segment Base Address 0x00000000

Segment Size Limit OxFFFFFFFF

Data Segment Descriptor

(offset 0x20)

DPL =

3

Code Segment Descriptor

(offset 0x18)

DPL =

3

Data Segment Descriptor

(offset 0x10)

DPL =

0

Code Segment Descriptor

(offset 0x08)

DPL =

0

NuJl Descriptor

(offset 0x00)

V GDT

Figure 3,26

Summary

So there you have it Memory protection for the IA-32 processor is imple¬

mented through segmentation and paging. Using segmentation, you can

define memory segments that have precisely defined size limits, restrict the

sort of information that they can store, and assign each segment a privilege

level that governs what it can, and cannot, do (see Table 3.12).