Hardware Reference
In-Depth Information
level of the
called
routine for the parameters that are passed to it. This potential loophole in
protection is prevented by not allowing the user process to ask the operating system to access
something indirectly that it would not have been able to access itself. (Such security loopholes
are called
Trojan horses
.)
The Intel designers were guided by the principle of trusting the operating system as litle as
possible, while supporting sharing and protection. As an example of the use of such protected
sharing, suppose a payroll program writes checks and also updates the year-to-date inform-
ation on total salary and benefits payments. Thus, we want to give the program the ability to
read the salary and year-to-date information and modify the year-to-date information but not
the salary. We will see the mechanism to support such features shortly. In the rest of this sub-
section, we will look at the big picture of the IA-32 protection and examine its motivation.
Adding Bounds Checking and Memory Mapping
The irst step in enhancing the Intel processor was geting the segmented addressing to check
bounds as well as supply a base. Rather than a base address, the segment registers in the IA-32
contain an index to a virtual memory data structure called a
descriptor table
. Descriptor tables
play the role of traditional page tables. On the IA-32 the equivalent of a page table entry is a
segment descriptor
. It contains fields found in PTEs:
■
Present bit
—Equivalent to the PTE valid bit, used to indicate this is a valid translation
■
Base ield
—Equivalent to a page frame address, containing the physical address of the irst
byte of the segment
■
Access bit
—Like the reference bit or use bit in some architectures that is helpful for replace-
ment algorithms
■
Atributes ield
—Speciies the valid operations and protection levels for operations that use
this segment
There is also a
limit field,
, not found in paged systems, which establishes the upper bound of
valid offsets for this segment.
Figure B.26
shows examples of IA-32 segment descriptors.
Search WWH ::
Custom Search