Presentation is loading. Please wait.

Presentation is loading. Please wait.

80386DX.

Published byJonathan Sparks Modified over 8 years ago

Similar presentations

Presentation on theme: "80386DX."— Presentation transcript:

1 80386DX

2 Protection UQ: Explain the protection mechanism of X86 Intel family microprocessor(10 Marks)

3 Protection 80386 DX has four levels of protection which isolate and protect user programs from each other and the operating system. It offers an additional type of protection on a page basis, when paging is enabled(using U/S and R/W fields) The four-level hierarchical privilege system is illustrated as follows:

4 Protection

5 Protection The privilege levels (PL) are numbered 0 through 3.
Level 0 is the most privileged or trusted level.

6 Rules for Privileges Intel 386Dx controls access to both data and procedures according to the following rules: (1) Data segment with privilege level p can be accessed only by the code executing at a privilege level atleast as privileged as p (E.g. Application programs are prevented from reading or changing OS Tables)

7 Rules for Privileges (2) A code segment with a privilege level p can only be called by a task executing at the same or lesser privilege level than p (E.g. An Application Program may call an OS routine)

8 Privilege Level There are 3 different types of privilege level entering into the privilege level checks: Current Privilege Level (CPL) Descriptor Privilege Level (DPL) Requestor Privilege Level (RPL)

9 Current Privilege Level (CPL)
CPL is stored in the selector of currently executing CS register It represents the privilege level(PL) of the currently executing task. It is also PL in the descriptor of the code segment. It is also designated as Task Privilege Level(TPL)

10 Descriptor Privilege Level (DPL)
It is the PL of the object which is being attempted to be accessed by the current task It is PL of target segment and is contained in the descriptor of the segment

11 Requestor Privilege Level (RPL)
It is the lowest two bits of any selector. It can be used to weaken the CPL if desired. The Effective Privilege Level(EPL) is EPL = max (CPL,RPL) (here numbers) Thus the task becomes less privileged.

12 Restricting Access to Data
Assume that a task needs data from data segment. The privilege levels are checked at the time a selector for the target segment is loaded into the data segment register. Three privilege levels enter into privilege checking mechanism CPL RPL of the selector of target segment DPL of the descriptor of the target segment

13 Restricting Access to Data
Access is allowed only if DPL ≥ max (CPL,RPL)

14 Restricting Access to Data
A procedure can only access the data that is at the same or less privilege level (not numerically)

15 Restricting Control Transfer
Control transfer (except interrupts) are accomplished by JMP, CALL and RET instructions. The near forms of JMP and CALL transfer within current code segment and requires only limit checking The far forms of JMP and CALL refer to other segments and require privilege checking.

16 Restricting Control Transfer
The far JMP and CALL can be done in 2 ways: Without Call Gate Descriptor With Call Gate Descriptor

17 Without Call Gate The processor permits a JMP or CALL directly to another segment only if DPL of the target segment = CPL of the calling segment Confirming bit of the target code is set and DPL of the target segment ≤ CPL Confirming Segment: These segments may be called from various privilege levels but execute at the privilege level of the calling procedure. (e.g. math library)

18 Privilege Check for Control Transfer without gate

19 With Call Gate The far pointer of the control transfer instruction uses the selector part of the pointer and selects a gate. The selector and offset fields of a gate form a pointer to the entry of a procedure.

20 With Call Gate

21 With Call Gate Four privilege levels are used to check the validity of the control transfer via a call gate: CPL RPL of the selector used to specify call gate DPL of the gate descriptor DPL of the descriptor of target segment. Only CALL instruction can use gates to transfer to smaller privilege levels.

22 With Call Gate For a JMP instruction, the privilege rules are
MAX(CPL,RPL) ≤ gate DPL target segment DPL = CPL(numerically) For a CALL instruction, the rules are target segment DPL ≤ CPL(numerically)

23 Privilege Check via Call Gate

Download ppt "80386DX."

Similar presentations

Memory Management Unit

Memory Management Unit
Processor Privilege-Levels

Processor Privilege-Levels
Types of Code Segments Conforming Code Segment

Types of Code Segments Conforming Code Segment
1/1/ / faculty of Electrical Engineering eindhoven university of technology Memory Management and Protection Part 3:Virtual memory, mode switching, 80286.

1/1/ / faculty of Electrical Engineering eindhoven university of technology Memory Management and Protection Part 3:Virtual memory, mode switching,
Memory Management Paging &Segmentation CS311, CS350 & CS550.

Memory Management Paging &Segmentation CS311, CS350 & CS550.
Unit 4 Chapter-1 Multitasking. The Task State Segment.

Unit 4 Chapter-1 Multitasking. The Task State Segment.
Intel 80386 MP.

Intel MP.
Configuring the Operating System Configure Performance Options Processor scheduling and memory usage Virtual memory Memory for network performance Configure.

Configuring the Operating System Configure Performance Options Processor scheduling and memory usage Virtual memory Memory for network performance Configure.
Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.

Operating Systems: Segments 1 Segmentation Hardware Support single user program system: – wish somehow to relocate address 0 to after operating system.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.

Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
CE6105 Linux 作業系統 Linux Operating System 許 富 皓. Chapter 2 Memory Addressing.

CE6105 Linux 作業系統 Linux Operating System 許 富 皓. Chapter 2 Memory Addressing.
16.317 Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.

Microprocessor Systems Design I Instructor: Dr. Michael Geiger Fall 2012 Lecture 15: Protected mode intro.
1 Copyright © 2011, Elsevier Inc. All rights Reserved. Appendix B Authors: John Hennessy & David Patterson.

1 Copyright © 2011, Elsevier Inc. All rights Reserved. Appendix B Authors: John Hennessy & David Patterson.
UNIT 2 Memory Management Unit and Segment Description and Paging

UNIT 2 Memory Management Unit and Segment Description and Paging
Intel 80286.

Intel
Interrupts  Interrupt is a process where an external device can get the attention of the microprocessor.  The process starts from the I/O device  The.

Interrupts  Interrupt is a process where an external device can get the attention of the microprocessor.  The process starts from the I/O device  The.
80386DX.

80386DX.
Microprocessor system architectures – IA32 segmentation Jakub Yaghob.

Microprocessor system architectures – IA32 segmentation Jakub Yaghob.
The Pentium Processor.

The Pentium Processor.

Similar presentations

Ads by Google