SlideShare a Scribd company logo

Pentium protected mode.ppt

Download as PPT, PDF
P
PramodBorole2

This document provides an overview of protected mode in Intel processors. It describes the key features of protected mode, including memory management using segmentation and paging, protection rings, privilege levels, descriptor tables, and segment selector registers. It also explains the protected mode register model and how address translation works to map virtual addresses to physical addresses.

Engineering
1 of 103
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
P.B.BOROLE 1 Pentium VOL II (PROTECTED MODE)
P.B.BOROLE 2
P.B.BOROLE 3 PROTECTED MODE  Features.  Protected mode register model.  System programming concepts and requirements.  Memory Organization and Management ( Segmentation and paging).  Protection mechanism.  Single task system with protection.  Multitasking system with protection.  Virtual 8086 mode.  IO protection.  Interrupts and Exceptions.  Programming.
P.B.BOROLE 4 Features  Provides advanced architecture that supports memory management, virtual addressing, paging, protection and multitasking.  PC can access memory above 640k bytes.  Real mode is analogous to driving a car in first gear while protected mode is analogous to driving a car at full speed.  Real mode is intended to set initial parameters of protected mode.  Used by UNIX , OS/2, Windows, DOS32, DPMI.  Segment value functions as a Selector.
P.B.BOROLE 5 Features  Segment registers are used to hold Selector value.  MMU implements both segmentation and paging models.  Enables on chip multitasking hardware that allows execution of tasks on time shared basis.  Task switching is possible within 19s at 19 MHz.  The size of each segment is not fixed. The maximum value is 4G.  Each segment is protected from others.  Can detect segment overflow and underflow.  Segment overlapping is not allowed.
P.B.BOROLE 6 Features  Provides on chip hardware that implements a protection mechanism. This mechanism puts restrictions on the access of local and system resources by task in multitasking environment.  Indicates whether segment is present in memory or not. Used by OS to swap segments.  Provides 4 privilege levels Viz. level 0,1,2 and 3  Level 0 – most privilege level, while Level 3 is least privilege level.  IO ports can be protected i.e. privilege levels can be assigned to each IO port.
P.B.BOROLE 7 Features  Physical address is 32 bits.  EMM386 can be used to access extended memory.  Two types – 16 bit (286) and 32 bit (386)  16 bit protected mode – PASCAL 7.0 Borland  32 bit protected mode – C++ compiler Borland.  Slower than real mode. But speed is compensated by huge size of memory.  Programming in protected mode is difficult.  CPU has restriction on access due to protection mechanism This reduces possibility of making disasters by bad code.
P.B.BOROLE 8 Features  Current program cannot access more privileged data or call less privileged code than own privilege (although can return to less privileged code).  Call to more privileged code cannot use any target address caller wants, it can use addresses specified by system only.  Call to more privileged code must change stack to make sure enough stack space is available for called code (so caller cannot cause crash in it).  Can be returned to real mode with out reset ( not available in 286). but it needs some preparation
P.B.BOROLE 9 Features  Virtual address space is 64 tera bytes i.e. 214232=246. Where 214-> Total number of descriptor or possible number of base addresses and 232-> Total number of possible offset addresses.  Allocates global and local resources.  Properties of segment can be defined like readable, write able and executable.  Executes all real and protected mode instructions.  In same privilege level, applications are isolated from each other by assigning different local resources and providing protection among local resources. This improves software reliability of the OS.
P.B.BOROLE 10 Features  Provides a special kind of descriptor that can be used to transfer control from lower privilege level to higher privilege level viz. gate descriptor.  Can save status of current task on the stack during task switching .  Can distinguish between unnested and nested tasks.  IP is 32 bits  Provides additional registers GDTR, IDTR, LDTR and TR.  Provides some additional control flags.  Control registers are effective.
P.B.BOROLE 11 Features  Indicates whether page is present in memory or not.  Saves the address at which page fault occurred in register. This information is necessary to swap pages.  PE bit is set.  Provides invisible 64 bit descriptor cache register for each segment register. It holds the descriptor of current segment.  Provides interrupt descriptor table instead of vector table. But it supports only 256 interrupts.  ISRs can be protected.
P.B.BOROLE 12 Features  Each vector is called ‘Gate’.  Location of IDT is defined in IDTR.  Provides Virtual mode in which 8086 program can be executed. Provides all protections for 8086 programs.  Provides some additional predefined interrupts.  32 bit addressing mechanism:- (386 protected mode) BBBBBBBB <- Base address from descriptor + YYYYYYYY <- Offset address provided by instruction ------------------------ ZZZZZZZZ <- Physical address. It should not be greater than 32 bits
P.B.BOROLE 13 Features  16 bit addressing mechanism(286 protected) BBBBBB <- Base address from descriptor. + 00YYYY <- Offset address provided by instruction -------------------- ZZZZZZ <- Physical address Should not be greater than 24 bits $ For every memory access, it uses selector, descriptor and offset. $ IO address is not segmented and paged.
P.B.BOROLE 14 Features  Default and segment overrides are similar to real mode.  Descriptors are stored in Descriptor tables.  Descriptor tables are stored in RAM. Hence some memory must be reserved for tables.  Descriptor tables can be set by special 386-aware linkers available from a number of vendors. Protection Systems.  Protected mode is useful in general purpose system.  Not required in embedded system (diskless system). But the address space is 32 bits. It may reduce software development cost.
P.B.BOROLE 15 Protected mode For example, if you were interested in doing 16 bit graphics, at 800x600, it would take 800x600x2bytes of memory just to hold a screen. Obviously this would not fit in one segment (I believe the limit is 65535 bytes) So what do you do? Well one solution would be to split it up into many different segments.... but, first, that would become very difficult and complex to program, and second, real mode limits the number of segments you can have (I believe its under 10). And due to Mr Bill/ionaire/ Gates, you are pretty much stuck in a world that lives under the 1 meg mark.
P.B.BOROLE 16 Protected mode system SEMICONDUCTOR MEMORY INCLUDES DESCRIPTOR TABLES, OS, MONITOR AND APPLICATION PROGRAMS PROTECTED IO SECONDARY MEMORY CPU MMU WITH SELECTOR AND SYSTEM REGISTERS
P.B.BOROLE 17 Protected mode memory GDT LDTs IDT Monitor program ROM Loaded OS System tasks User tasks
P.B.BOROLE 18 Protected mode memory System Program GDT System code,data and Stack segments RAM User programs LDTs User code,data And stack segments RAM
P.B.BOROLE 19 Protected-Mode Register Model  GDTR : global descriptor table register  LDTR : local descriptor table register  IDTR : interrupt descriptor table register  TR : task register  EIP : 32 bits in length  EFLAGS  CR0, CR1, CR2, CR3CR4  DR0-DR7(Debug registers)  TR6-TR7(Test registers) EIP CS DS SS ES FS GS AX BX CX DX SP BP SI DI EFLAGS GDTR IDTR LDTR CR0 CR1 CR2 CR3 TR DR0 DR1 DR2 DR3 DR4 DR5 DR6 DR7 TR6 TR7 Limit Limit Base Base 0 15 16 47 MSW
P.B.BOROLE 20 Protected-Mode Register Model  Provides one 32 bit instruction pointer EIP -> 386,486 and Pentium program or 16 bit instruction pointer EIP -> 286 program. Function is similar to real mode.  Provides six selector registers viz. CS, DS, SS, ES, FS and GS with invisible cache 64 bit cache registers.  Provides eight 32 bit data registers.  Provides one 32 bit flag register.  Provides two 48 bit, and two 16 bit system registers.  Provides four 32 bit control, eight 32 bit debug, and two 32 bit task register.
P.B.BOROLE 21 Segment Selector Register and the Cache Registers CS DS SS ES FS GS Programmer accessible Selectors Transparently Loaded by MPU Access RightsBase Address Limit 0 19 20 51 52 63 64-bit Segment Descriptor Cache Registers
P.B.BOROLE 22 Segment Selector Register and the Cache Registers  Each segment register functions as a select register.  Each selector points only one descriptor of a descriptor table(GDT or LDT).  Each selector holds index value,TI bit and RPL  GDT or each LDT contains 8192 descriptors.  CS selector is always used in conjunction with EIP to access code segments of system or user programs.  SS selector used to access stacks of system or user programs.
P.B.BOROLE 23 Segment Selector Register and the Cache Registers  DS, ES, FS and GS are used to access data segments of system or user program.  Each selector has 64 bit invisible cache register.  Cache register holds current descriptor of the current segment. This avoids re-access of descriptor  386 can hold six descriptors at a time.  Each descriptor is eight bytes long.  Selector has it’s own privilege level(RPL). RPL bits are used by OS.  Selector is initialized through instructions.  Selector does not point to the segment directly.
P.B.BOROLE 24 Register With Changed Functionality  Example: CS: 1007H, GDT base 00100000H, LDT base 00120000H  (CS) = 0001 0000 0000 0111 : RPL = 3, TI =1, Index = 0001 0000 0000 0  Address of the segment descriptor = 00120000H + 1000H = 00121000H SEGMENT SELECTOR REGISTER 1-0 2 15-3 Requested Privilege Level(RPL) Indicates selector privilege level desired Table Indicator (TI) TI=0 use global descriptor table (GDT) TI=1 use local descriptor table (LDT) Index select descriptor entry in table INDEX TI RPL
P.B.BOROLE 25 T I Protected Memory Management and Address Translation  Virtual Address and Virtual Address Space  virtual address : selector(16-bit): offset(32-bit)  214(16,384 = 16K) unique segments of memory, each of which has a maximum size of 4G bytes  Total virtual address space = 246 , 64 TB selector offset 47 32 31 0 RPL INDEX
P.B.BOROLE 26 Protected Memory Management and Address Translation Local segment 8191 Local segment 1 Local segment 0 Global segment 8191 Global segment 1 Global segment 0 Local address space 32 Terabytes Global address space 32 Terabytes Virtual Address Space 64 Terabytes  Segment Partitioning of the Virtual Address Space
P.B.BOROLE 27  Index value is multiplied by 8 and result is added into base address or starting address of descriptor table. Index  8 + Base address of table = address of descriptor.  TI bit is used to select either GDT(TI = 0) or LDT(TI = 1).  RPL is request privilege level of selector. It is compared with DPL and CPL CPL is current privilege level of CS and RPL is privilege level of new selector.  Segment selectors are visible to application programs as part of a pointer variable, but the values of selectors are usually assigned or modified by link editors or linking loaders, not by application programs.. Segment Selector Register and the Cache Registers
P.B.BOROLE 28 Segment Selector Register and the Cache Registers  In systems in which multiple processors have access to the same descriptor tables, it is the responsibility of software to reload the segment registers when the descriptor tables are modified. If this is not done, an old segment descriptor cached in a segment register might be used after its memory- resident version has been modified.  MOV, POP, LDS, LES, LSS, LGS, and LFS instructions are used to load selector.CALL, JMP, and RET, IRET, INTnn, INTO and INT3
P.B.BOROLE 29 EFLAGS
P.B.BOROLE 30 EFLAGS  IF: Interrupt enable flag. The CPL, IOPL, and the state of the VME flag in control register CR4 determine whether the IF flag can be modified by the CLI, STI, POPF, POPFD, and IRET instructions.
P.B.BOROLE 31 EFLAGS  VM : virtual 8086 Mode - system flag.  set only in Protected Mode by IRET instruction and by task switches.  unaffected by POPF.  RF : resume flag - system flag  in conjunction with the debug register breakpoints. Used to enable or disable debug exception. If RF = 1, then disable debug exception  NT: nested task flag - system flag  indicates that the execution of this task is nested within another task.
P.B.BOROLE 32 EFLAGS  IOPL : input/output privilege flag - system flag  indicates the numerically maximum CPL value permitted to execute I/O instructions. This field can only be modified by the POPF and IRET instructions when operating at a CPL of 0.  AC: Alignment Check: If this flag and AM flag in CR0 are set, then it enables alignment checking of memory references. It generates “alignment check exception” if the misaligned operand is accessed. Alignment-check exceptions are generated only in user mode (privilege level 3).This exception is not generated in PL0The alignment-check exception can be used to check alignment of data. This is useful when exchanging data with other processors, which require all data to be aligned.
P.B.BOROLE 33 Pentium flags  VIF: Contains virtual image of IF flag. Used in conjuction with VIP flag.The processor accepts this flag only when either VME or PVI flag in control register CR4 is set and the IOPL is less than 3. (The VME flag enables the virtual-8086 mode extensions; the PVI flag enables the protected-mode virtual interrupts.)
P.B.BOROLE 34 Pentium flags  VIP:Virtual interrupt pending: Set by software to indicate that an interrupt is pending; cleared to indicate that no interrupt is pending. This flag is used in conjunction with the VIF flag. The processor reads this flag but never modifies it. The processor only recognizes the VIP flag when either the VME flag or the PVI flag in control register CR4 is set and the IOPL is less than 3.
P.B.BOROLE 35 Pentium Flags  ID:If the program or procedure is able set or clear this flag then the software can execute CPUID instruction. This instruction is used to identify type of Pentium CPU
P.B.BOROLE 36 Memory Management CPU GDTR LDTR (selector) IDTR TR(selector) GDT LDT IDT TSS LDTR cache TR cache Memory LDT Descriptor TSS Descriptor
P.B.BOROLE 37  Application Program : a collection of tasks  task: a group of program routines that together perform a specific function.  A task can activate both global and local segments of memory. Task 1 Local Address Space Global Address Space Task 3 Local Address Space Task 2 Local Address Space Task 1 Virtual Address Space Task 2 Virtual Address Space Task 3 Virtual Address Space
P.B.BOROLE 38 Memory Management Registers  Global Descriptor Table Register.  48 bit register.  Used to point GDT.  Divided into two components viz. Base and limit.  Base value( 32 bit) indicates the starting address of GDT.  Limit value(16 bit) indicates the size of GDT.  Used by OS only.  Initialized in real mode.  Defines characteristics of global address space.  It has no cache register.
P.B.BOROLE 39 GDTR BASE LIMIT 0 15 16 47 LIMIT -> 16 bit field. Indicates the length of GDT in terms of bytes . The maximum size of GDT is 65536 bytes. Limit = Size -1 BASE -> 32 bit field. Gives 32 bit physical starting address of GDT.
P.B.BOROLE 40 LDTR  16 bit register.  Used as a local selector.  Points LDT descriptor stored in GDT.  GDT contains many LDT descriptors.  Each LDT has LDT descriptor in GDT.  Points only one LDT descriptor at a time.  Used to change LDT.  Provides 48 bit cache register.  A 48 bit cache register is used to hold current LDT descriptor.  Each task may have it’s own LDT.
P.B.BOROLE 41 LDTR 13 bit Index Value 0 0 0 0 2 3 15 Lower 3 bits are always zeros. Upper 13 bits are used as Index Value Index value is multiplied by 8 and added into base address stored in GDTR. Physical Address of LDT descriptor in GDT = Base address in GDTR + (Index value8).
P.B.BOROLE 42 LDTR CACHE REGISTER 32 BIT BASE Address of LDT 16 BIT LIMIT Access Right This Register is not available for user. It holds LDT descriptor of current LDT. Base address is the physical address of LDT. Limit indicates the size of LDT. Limit = Size -1 Access right provides protection mechanism.
P.B.BOROLE 43 Local Descriptor Table  Local Descriptor Table  Each task can have access to own private descriptor table(LDT) in addition to GDT.  Contains descriptors that provide access to code and data in segments of memory. LIMIT BASE LIMIT BASE selector 0 0 0 15 15 15 31 31 GDTR LDTR LDTR cache program invisible GDT LDT0 LDTn         
P.B.BOROLE 44 IDTR  48 bit register.  Points IDT.  IDT contains descriptors. Maximum 256.  Consists of base and limit value.  Base address indicates the starting address of IDT.  Limit value indicates the size of IDT.  Used by interrupts and exceptions only.  ISRs are invoked via IDT.  It has no cache register.
P.B.BOROLE 45 IDTR 32 bit Base address of IDT Limit 16 bit Not more than 256*8-1 15 16 47 Base address is the physical address of IDT. Limit value indicates the size of IDT. Limit = Size –1. The maximum size of IDT is 256  8..
P.B.BOROLE 46 Interrupt Descriptor Table  Interrupt Descriptor Table (IDT)  Contains interrupt descriptors, not segment descriptors.  IDT can also be up to 64KB; But 386 only supports up to 256 interrupts and exceptions(2KB). BASE LIMIT 0 47 16 15 0 255 1 Interrupt Descriptor Table (IDT) Interrupt Descriptor Table Register(IDTR) MAX: 2k bytes 256 entries
P.B.BOROLE 47 TR  16 bit register.  Used in task switching.  Holds 16 bit Selector value.  Initial selector must be loaded under software control.  Then TR is loaded automatically with appropriate value during each task switch operation.  Has 48 bit cache register. But not available for user.  Points TSS descriptor stored in GDT.
P.B.BOROLE 48 TR 13 BIT Index Value 0 0 0 0 2 3 15 13 bit Index value is multiplied by 8 and added into Base address Of GDTR. This will give physical address of TSS descriptor in GDT. Physical address of TSS descriptor in GDT = Base address in GDTR + Index  8.
P.B.BOROLE 49 TR CACHE REGISTER 32 BIT Base address of TSS 16 BIT LIMIT Access right Base address is the physical address of TSS. TSS is used to save system Information of the task. TSS also indicates the information needed to initiate the task.
P.B.BOROLE 50 Task Register  Task Register  task switching mechanism.  TSS descriptor.  TSS : task state segment; information needed to initiate the task, such as initial values for the user-accessible registers. Physical Memory GDT TSS TSS descriptor TR BASE LIMIT 0 15 16 47
P.B.BOROLE 51 Control Registers  Provides five 32 bit control registers viz. CR0, CR1, CR2, CR3 and CR4.  Available in protected mode only ( Some bits of CR0 are available in real mode also).  Many registers are used in paging mechanism.  Lower SIX bits of CR0 form system control flags. They are also called machine status word.
P.B.BOROLE 52 Control Register 31 PG 30 CD 29 NW 18 AM 16 WP 5 NE 4 ET 3 TS 2 EM 1 MP 0 PE CR0 Other bits are reserved
P.B.BOROLE 53 Control registers CR0 (386 bits)  PG : Paging enable bit. Used to enable paging Unit within segments.  ET: Processor extension. Reserved  TS: Task Switch. Automatically set in task switching.  EM: Emulate coprocessor. Indicates presence of coprocessor. But in Pentium this bit is 0.
P.B.BOROLE 54 Control registers CR0 (386 bits)  MP: Monitor Coprocessor . Must be set to run 286 and 386 programs on Pentium.  PE: Protection Enable: Used to operate 386 in protected mode PE = 0 -> Real mode, PE = 1 -> Protected mode. Set by loading MSW or CR0. Reset automatically after reset signal.
P.B.BOROLE 55 Control registers CR0 (Pentium)  CD: Cache Disable. Disables cache writes when set  NW: Not write through. Disable cache write through operation when set  AM: Alignment mask. Allows alignment checking when set  WP: Write protect. Enforces supervisor level write protection when set.  NE: Numeric Error. Allows floating point errors to be reported when set
P.B.BOROLE 56 Control Registers RESERVED CR1 PAGE FAULT LINEAR ADDRESS CR2 31 TO 12 Page Directory Base 4 PCD 3 PWT CR3
P.B.BOROLE 57 Control registers  CR1 : reserved by Intel  CR2: Page fault linear address register: 32 bit register. Holds the 32 bit linear address that caused the last page fault.
P.B.BOROLE 58 Control registers  CR3: Page directory base address: 32 bit register. Upper 20 bits. Stores physical base address of page directory table. Page directory table is always page aligned. Task Switch will also change contents of this register.  PCD: Cache disable. This bit determines whether the current memory access is cached or not.  PWT: Write through This bit enables write through operation between the cache and memory
P.B.BOROLE 59
P.B.BOROLE 60 Control Registers CR4 6 MCE 4 PSE 3 DE 2 TSD 1 PVI 0 VME CR4
P.B.BOROLE 61 Control Register CR4  MCE:Enables machine check exception.  PSE: Allows 4 MB pages when set.  DE: Debugging extensions. Enables IO break points when set.  TSD: Time stamp disable. Used to make the RDTSC instruction (read from time stamp counter) privileged.  PVI: Protected mode virtual interrupt. When set, allows a virtual interrupt flag to be maintained in protected mode.  VME: Virtual 8086 mode extension. When set, enables emulation of a virtual interrupt flag.
P.B.BOROLE 62
P.B.BOROLE 63 Memory management  Three components: logical, linear and physical  Transfers logical address into physical address in two steps viz. segment and Page translation  Logical address consists of segment selector and segment offset. This address is converted into a linear address. Logical address is also called virtual address.  In page translation, the linear address is converted into physical address (optional).  Segment provides a mechanism of isolating individual code, data and stack modules so that tasks can run on the same processor without interfering with one another.  Paging provides a mechanism of implementing a conventional demand-paged, virtual memory system. Provides isolation between tasks.
P.B.BOROLE 64 Protected memory
P.B.BOROLE 65 Physical Address Space and Virtual-to-Physical Address Translation SELECTOR OFFSET SEGMENT TRANSLATION PG? DIR PAGE OFFSET 31 0 PAGE TRANSLATION PHYSICAL ADDRESS PAGING DISABLED PAGING ENABLED LOGICAL ADDRESS LINEAR ADDRESS
P.B.BOROLE 66 Segmentation Virtual to Physical Address Translation SELECTOR OFFSET SEGMENT TRANSLATION PG? DIR PAGE OFFSET 31 0 PAGE TRANSLATION PHYSICAL ADDRESS PAGING DISABLED PAGING ENABLED LOGICAL ADDRESS LINEAR ADDRESS Data Segment Descriptor Cache Register Selector Offset(EBX) (DS) Data Segment LDT Operand Segment Descriptor
P.B.BOROLE 67 Memory management
P.B.BOROLE 68
P.B.BOROLE 69 Block diagram of MMU
P.B.BOROLE 70 Memory management  Segmentation unit translates the logical address into 32 bit linear address.  Paging unit converts 32 bit linear address into 32 bit physical address.  Paging mechanism manages only one segment at a time.  Paging mechanism manages huge segment.  Semiconductor memory contains segments and descriptor tables.
P.B.BOROLE 71 Memory management
P.B.BOROLE 72 Protected memory model: flat model Limit field sets the size of memory. If the memory accessed beyond this Range, the microprocessor will general protection faults. This model provides less protection. In protected mode, at least two segments must be prepared.
P.B.BOROLE 73 Protected memory model: flat model More protection can be provided by enabling paging.
P.B.BOROLE 74 Multisegment model
P.B.BOROLE 75 Multisegment model  This model uses full capability of segmentation mechanism.  Provides full protection among code data system segments.  Each task has it’s own table.  Access to each segment is controlled by on chip hardware.  System program segments can be protected.
P.B.BOROLE 76 Descriptor tables  Each segment has descriptor.  An array of descriptors.  A memory array of 8 byte entries.  Three types of tables viz. GDT, LDT and IDT.  But two types of table used by each selector viz. GDT and LDT.  Each system must have one GDT.  The system have one or more LDTs.  GDT is not segment itself. It is data structure of linear address space.  LDT is located in a system segment of the LDT type.  The size is not fixed and location is not fixed.
P.B.BOROLE 77 GDT  Contains descriptor of any type except trap and interrupt gates.  Pointed by GDTR.  Contains maximum 8192 descriptors.  Descriptors are available for all tasks.  The size of table varies in step of 8 bytes.  The base address of GDT is stored in GDTR.  The base address should be aligned.  To access this table TI bit of selector should be 0.  Must be stored in data segment.
P.B.BOROLE 78 GDT  The first descriptor is NULL descriptor.  The NULL descriptor is unique to the GDT.  It has a TI = 0 and INDEX = 0.  This descriptor is never referenced by the processor.  The data stored in it’s place can be used for any purpose e.g. Pointer to GDT itself.  LGDT instruction needs a six byte pointer to the GDT and NULL descriptor has 8 bytes.  The NULL selector always causes an error.
P.B.BOROLE 79 GDT GDT_PTR DW GDT_LENGTH-1 DD PHYSICAL_GDT_ADDRESS Then in the code segment: LGDT GDT_PTR This is cleaner approach to access GDT. No. Of descriptors in GDT = Size of Table 8 Limit = size -1 Starting address of GDT = BBBBBBBB (Base address stored in GDTR) Ending address of GDT = BBBBBBBB + LIMIT
P.B.BOROLE 80 GDT The physical address of descriptor in GDT = Base address+ Index  8. = BBBBBBBB -> 32 BIT BASE ADDRESS IN GDT + I I I I 0 0 -> 13 BIT INDEX  8 --------------------------------------------------------- GGGGGGGG -> 32 BIT PHYSICALADDRESS OF DESCRIPTOR IN GDT.
P.B.BOROLE 81 LDT  System has one or more LDTs.  Each task has it’s own LDT.  One LDT may be shared by two or more tasks.  Used by application programs  Optional.  Located in system segment.  It’s descriptor (LDT descriptor) is stored in GDT.  LDT descriptor is pointed by LDTR.  Number LDTs = Number of LDT descriptor in GDT.  Each LDT contains 8192 descriptors.  Only one LDT is active at a time.  Each LDT has LDT descriptor and segment selector.  LDT descriptor can be located anywhere in GDT.
P.B.BOROLE 82 LDT Starting address of LDT = BBBBBBBB -> Base address stored in LDT Descriptor. Ending address of LDT BBBBBBBB+ LIMIT: LIMIT value is present In LDT descriptor. No. of descriptors in LDT = Size of LDT 8 Limit = size -1 LDT contains code, data, stack, task gate and call gate descriptors. Address of descriptor in LDT = BBBBBBBB -> Base address stored in LDT descriptor + I I I I 0 0 -> Index 8 -------------------------------------------------------------- LLLLLLLL -> 32 bit physical address of Descriptor in LDT
P.B.BOROLE 83 LDT Address of LDT descriptor in GDT = BBBBBBBB -> Base address in GDTR + I I I I 0 0 -> Index  8 where Index is present in LDTR -------------------------------------------------- GGGGGGGG ->32 bit Physical address of LDT descriptor in GDT
P.B.BOROLE 84 Global and Local Descriptor Tables
P.B.BOROLE 85 Descriptors  Used to convert logical address into linear address.  Created by compilers, linkers,loaders or the OS.  Not created by application program.  Gives characteristics of the segment.  Segment cannot be accessed without descriptor.  8 byte quantity.  Managed by on chip MMU.  Current descriptor is loaded into in cache register of CPU.  Divided into four fields viz. Base address , Limit, control and access right.  Two types – system and segment.
P.B.BOROLE 86 Format of Descriptor LIMIT (L15 - L0) BASE (B15 – B0) BASE( B23 – B16) ACCESS RIGHT LIMIT L19 –L16 AVL 0 D/B G BASE ( B31 – B24) 0 1 2 3 4 5 6 7 D0 D15 D7
P.B.BOROLE 87 BASE ADDRESS  32 bit field.  Base address of segment.  Gives starting address of segment.  Offset address is added into this base address.  Must be aligned.  Starting address of segment = BBBBBBBB + YYYYYYYY --------------------------------- ZZZZZZZZ
P.B.BOROLE 88 LIMIT  20 bit field.  Indicates the size of segment.  Size = limit + 1.  Used in conjunction with G bit.  G= 0 ; the size of segment varies from 1Bto1MB. The offset address varies from 00000 to FFFFF.  G=1 ; the size of segment varies from 4KB to 4GB. The offset address varies from 00000000 to FFFFFFFF. The size of segment = (LIMIT+1)4KB. The size of segments is indicated in terms of page size. The maximum number of pages = 1M. Note:- the sum of base and offset shouldn't be greater than 32 bit. If G=1 and LIMIT = FFFFF the lowest 12 bits of base address should be 0.
P.B.BOROLE 89 Descriptor Control Format G : Granularity bit G = 1-> Page (the lowest 12 bits of segment base address should be zero). G = 0->Byte (1MB max). D/B: Function depends upon the segment type like code or stack. For code segment this is D bit. Default length for operands and effective addresses. D = 1->32-bit operation (386) Window NT’95/96,OS/2 Set by USE32 directive. D = 0->16-bit operation (286) DOS Window 3.1 Reset by USE16 directive. The effect this bit is overridden by operand size and address size prefix bytes.
P.B.BOROLE 90 Descriptor Control Format For stack segment (LIFO) this flag is B(BIG). It specifies the size of stack pointer. B= 1->32bit SP and B=0 ->16 bit SP. For Random stack this flag indicates the maximum or upper bound on stack segment. B = 1-> FFFFFFFFH (4 Giga byte), B = 0 ->FFFFFH (64K byte) AVL: Programmer available. Used by OS only. AVL = 0 -> segment is not available for application program. AVL = 1 -> segment is available for application program.
P.B.BOROLE 91 Access right byte  Specifies operation characteristics of a segment.  Controls access to the segment.  Indicates protection level of the segment.  Distinguishes between system segment and non system segment.  Indicates whether segment is readable, writable or executable.  Indicates whether segment is accessed or not.
P.B.BOROLE 92 Non System Segment descriptors  Defines data, code, stack segments.  Used by both system and application programs.  S=1 in access right byte. P DPL S=1 E ED/C R/W A
P.B.BOROLE 93 Descriptors SEGMENT LIMIT 15 .. 0 BASE 23..16 P S TYPE A 0 4 0 8 7 Bit Position Name Function 7 6-5 4 Present (P) Descriptor Privilege Level (DPL) Segment Descriptor Type (S) P=1 Segment is mapped into physical memory P=0 No mapping to physical memory exists, base and limit are not used Segment privilege attribute used in privilege tests S=1 Code or Data segment descriptor S=0 System segment Descriptor or Gate Descriptor 3 2 1 Executable(E) Expansion Direction(ED) Writeable(W) E=0 Data segment descriptor type is : ED=0 Expand Up segment ED=1 Expand Down segment W= 0 Data segment may not be written into W= 1 Data segment may be written into 3 2 1 Executable(E) Conforming(C) Readable(R) E=1 Code segment descriptor type is: C=1 Code segment may only be executed When CPL DPL and CPL remains unchanged R=0 Code segment may not be read R=1 Code segment may be read 0 Accessed(A) A=0 Segment has not been accessed A=1 Segment selector has been loaded into segment register or used by selector test instruction
P.B.BOROLE 94 Non System Segment descriptors  P bit indicates whether segment is present in memory or not. P = 0 -> Segment is not present and P = 1-> Segment is present.  This bit used by OS. If P = 0 and segment is accessed through this descriptor, then the microprocessor activates interrupt INT 11. Then the ISR swaps segments. After swapping requested segment, the OS sets P bit of newly loaded segment descriptor and resets P bit of saved segment descriptor.  DPL: defines privilege level of the segment. Used to protect segment from low privilege caller.
P.B.BOROLE 95 Non System Segment descriptors  S: Used to distinguish between non system segment and system segment descriptors.  S = 1-> Non system segment descriptor.  E: Executable; Used to distinguish between data and code segments. E=0 -> Data segment including stack. E = 1 -> Code segment.  ED/C: Expand direction/conforming; When E=0, then this bit functions as ED, ED indicates whether the segment is data or stack. ED = 0 -> Data segment( access segment randomly). Offset address  limit. ED = 1 -> Stack segment LIFO. SP must be used in conjunction with SS. Offset address Limit
P.B.BOROLE 96 Non System Segment descriptors  When E =1, then this bit functions as C ( conforming) bit. Used to distinguish between conforming and nonconforming code segments.  C= 0 -> Non conforming code segment. In this case, the new CPL will change. The new CPL is EPL.  C = 1 -> Conforming code segment. In this case, new CPL is equal to old CPL.  R/W Read/Write. When E= 0( data segment), then this bit functions as W bit. This bit indicates whether data segment is writable or not.  W = 0 -> data segment is not writable. W= 1 -> data segment is writable.
P.B.BOROLE 97 Conforming Code segment  Conforming segments are used for code modules such as math libraries and exception handlers, which support applications but do not require access to protected system facilities. These modules are part of the operating system or executive software, but they can be executed at numerically higher privilege levels (less privileged levels).
P.B.BOROLE 98 Conforming Code segment  Keeping the CPL at the level of a calling code segment when switching to a conforming code segment prevents an application program from accessing nonconforming code segments while at the privilege level (DPL) of a conforming code segment and thus prevents it from accessing more privileged data. Most code segments are nonconforming. For these segments, program control can be transferred only to code segments at the same level of privilege,
P.B.BOROLE 99 Non System Segment descriptors  When E =1 (code segment) then this bit functions as R bit. This bit indicates whether code segment is readable or not. R = 0 -> code segment is not readable and R = 1 -> code segment is readable.  A: Accessed; This bit indicates whether the segment is accessed or not.This bit is set by microprocessor each time a descriptor is loaded into a cache register. A= 1 -> Segment accessed. This bit is reset by OS periodically. This bit is also used by OS to swap segments.
P.B.BOROLE 100 Loading Descriptor from Descriptor Table LDTR descriptor CS descriptor 00A00000H FFFFH GDTR 00A00000H 00A0FFFFH 2000H LDTR 00A02007H 00A02000H 00 0 0 82 90 00 0000 FFFF 0 F FE 60 FFFF 0000 0090000H FFFFH 00900000H 0090FFFFH 1005H CS 0060000H FFFFH 00901007H 00901000H 0060FFFFH 00600000H GDT (64KB) LDT (64KB) CODE SEGMENT (1 MB) SYSTEM MEMORY USER MEMORY
P.B.BOROLE 101 System descriptors  16 possible system descriptors.  All system descriptors are present in GDT while some system descriptors are present in LDTs.  Normally system segment descriptor are used by OS.  The value of S in right access byte is 0.  Their functions are fixed and specified by Intel.  The type of system descriptor is indicated by type field.
P.B.BOROLE 102 System descriptors P DPL S=0 TYPE TYPE field indicates type of system descriptor.
P.B.BOROLE 103 System descriptors System descriptor Access Right byte: 82H 82H = 1000 0010: S=0 system segment, Type = 0010 = local descriptor table, DPL = 00 = privilege level 0, P = 1 present in physical memory Name Value Description Type 0 1 2 3 4 5 6 7 8 9 A B C D E F Reserved Available 16 bit TSS LDT Busy 16 bit TSS Call Gate Task Gate 16 bit Interrupt gate 16 bit Trap gate Reserved Available 32 bit TSS Reserved Busy 32 bit TSS 32 bit Call Gate Reserved 32 bit Interrupt Gate 32 bit Trap Gate P 0 1 Descriptor contents are not valid Descriptor contents are valid DPL 0-3 Descriptor Privilege level 0,1,2, or 3 BASE 32-bit number Base address of special system data segment in memory LIMIT 20-bit number Offset of last byte in segment from the base 0 4 SEGMENT LIMIT 15 .. 0 SEGMENT BASE 15 .. 0 BASE 23..16 BASE 31..24 G X 0 LIMIT 19..16 P DPL 0 TYPE A 3 7 AVL 0 23 16 15 8 7 24 32

More Related Content

PPTX
Introduction to Embedded System I: Chapter 2 (5th portion)
Moe Moe Myint
 
PDF
Application Layer Protocols for the IoT
Damien Magoni
 
PDF
RTOS for Embedded System Design
anand hd
 
PPTX
cplds
Anish Gupta
 
PDF
Verification of amba axi bus protocol implementing incr and wrap burst using ...
eSAT Journals
 
PPTX
Microprocessor 8086 instructions
Ravi Anand
 
PDF
IEEE-488
Jessore University of Science & Technology, Jessore.
 
PPTX
80386-1.pptx
BLACKSPAROW
 
Introduction to Embedded System I: Chapter 2 (5th portion)
Moe Moe Myint
 
Application Layer Protocols for the IoT
Damien Magoni
 
RTOS for Embedded System Design
anand hd
 
cplds
Anish Gupta
 
Verification of amba axi bus protocol implementing incr and wrap burst using ...
eSAT Journals
 
Microprocessor 8086 instructions
Ravi Anand
 
IEEE-488
Jessore University of Science & Technology, Jessore.
 
80386-1.pptx
BLACKSPAROW
 

What's hot (20)

PDF
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
PPTX
Stack and subroutine
Suchismita Paul
 
PPT
8051 instruction set
Andri Prastiyo
 
PDF
PAI Unit 2 Protection in 80386 segmentation
KanchanPatil34
 
PPTX
AMBA Ahb 2.0
Akhil Srivastava
 
DOC
Question bank malp 3340302
SHAH JAINAM
 
PPTX
OLSR | Optimized Link State Routing Protocol
Jagannath University, Bangladesh
 
PPT
8085 interrupts
Ram Babu
 
PPTX
Memory Segmentation of 8086
Nikhil Kumar
 
PDF
8086 memory segmentation
mahalakshmimalini
 
PPTX
I2C Protocol
Sudhanshu Janwadkar
 
PPTX
Stacks & subroutines 1
deval patel
 
PPTX
I2 c protocol
Azad Mishra
 
PPTX
Branching instructions in 8086 microprocessor
Rabin BK
 
PDF
Study of Leach Protocol- A Review
Editor IJMTER
 
PPT
8086 pin details
AJAL A J
 
PPTX
Introduction about APB Protocol
Pushpa Yakkala
 
PPTX
An application of 8085 register interfacing with LCD
Taha Malampatti
 
PPTX
Multi threading models
DarakhshanNayyab
 
DOCX
8096 microcontrollers notes
Dr.YNM
 
Coverage and Introduction to UVM
Dr. Shivananda Koteshwar
 
Stack and subroutine
Suchismita Paul
 
8051 instruction set
Andri Prastiyo
 
PAI Unit 2 Protection in 80386 segmentation
KanchanPatil34
 
AMBA Ahb 2.0
Akhil Srivastava
 
Question bank malp 3340302
SHAH JAINAM
 
OLSR | Optimized Link State Routing Protocol
Jagannath University, Bangladesh
 
8085 interrupts
Ram Babu
 
Memory Segmentation of 8086
Nikhil Kumar
 
8086 memory segmentation
mahalakshmimalini
 
I2C Protocol
Sudhanshu Janwadkar
 
Stacks & subroutines 1
deval patel
 
I2 c protocol
Azad Mishra
 
Branching instructions in 8086 microprocessor
Rabin BK
 
Study of Leach Protocol- A Review
Editor IJMTER
 
8086 pin details
AJAL A J
 
Introduction about APB Protocol
Pushpa Yakkala
 
An application of 8085 register interfacing with LCD
Taha Malampatti
 
Multi threading models
DarakhshanNayyab
 
8096 microcontrollers notes
Dr.YNM
 
Ad

Similar to Pentium protected mode.ppt (20)

PPT
Protection Mechanism.ppt
PramodBorole2
 
PPTX
32- bit Microprocessor-Indtel 80386.pptx
Yuvraj994432
 
PPTX
Protected addressing mode and Paging
marada0033
 
PPTX
Protection mode
Deepak Kumar
 
PPT
80286 education project compiter application .ppt
deepparmar73
 
PPT
Architecture_of_80386_Microprocessor - Inroduction
rajasekarandpm
 
PPT
Pentium Real Mode.ppt
PramodBorole2
 
PPTX
It322 intro 2
J Cza Àkera
 
PPT
80386
anita bodke
 
PPT
Microprocessor 80386
yash sawarkar
 
PPT
Al2ed chapter3
Abdullelah Al-Fahad
 
PPT
Architecture_of_80386_Micropro-An Introduction
rajasekarandpm
 
PPT
ADVANCED MICROPROCESSORS featuers, block diagram and register organization.ppt
NaganarasaiahGoud
 
PPTX
80386.pptx
DrRaskarSandeepCompu
 
PDF
80386_AKRay.pdf study computer programme
deepparmar73
 
PPTX
Microprocessor Protected Mode Memory addressing By DHEERAJ KATARIA
Dheeraj Kataria
 
PPT
Real to protected_mode
Akshay Nagpurkar
 
PPTX
The microprocessor and it's architecture
samaa ali
 
PPT
Architecture of 80386(www.munnuz.co.cc)
muneer.k
 
PPT
Chapter2.3 4-mikroprocessor
teknik komputer ui
 
Protection Mechanism.ppt
PramodBorole2
 
32- bit Microprocessor-Indtel 80386.pptx
Yuvraj994432
 
Protected addressing mode and Paging
marada0033
 
Protection mode
Deepak Kumar
 
80286 education project compiter application .ppt
deepparmar73
 
Architecture_of_80386_Microprocessor - Inroduction
rajasekarandpm
 
Pentium Real Mode.ppt
PramodBorole2
 
It322 intro 2
J Cza Àkera
 
80386
anita bodke
 
Microprocessor 80386
yash sawarkar
 
Al2ed chapter3
Abdullelah Al-Fahad
 
Architecture_of_80386_Micropro-An Introduction
rajasekarandpm
 
ADVANCED MICROPROCESSORS featuers, block diagram and register organization.ppt
NaganarasaiahGoud
 
80386.pptx
DrRaskarSandeepCompu
 
80386_AKRay.pdf study computer programme
deepparmar73
 
Microprocessor Protected Mode Memory addressing By DHEERAJ KATARIA
Dheeraj Kataria
 
Real to protected_mode
Akshay Nagpurkar
 
The microprocessor and it's architecture
samaa ali
 
Architecture of 80386(www.munnuz.co.cc)
muneer.k
 
Chapter2.3 4-mikroprocessor
teknik komputer ui
 
Ad

Recently uploaded (20)

PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PDF
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
PPTX
web development for engineering and engineering
keshriji700
 
PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PDF
PPT on Performance Review to get promotions
prashant593122
 
PDF
composite construction of structures.pdf
AinieButt1
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
Human-AI Collaboration: Balancing Agentic AI and Autonomy in Hybrid Systems
ijccsa
 
web development for engineering and engineering
keshriji700
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Construction Project Organization Group 2.pptx
vj5agdales
 
PPT on Performance Review to get promotions
prashant593122
 
composite construction of structures.pdf
AinieButt1
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 

Pentium protected mode.ppt

  • 1. P.B.BOROLE 1 Pentium VOL II (PROTECTED MODE)
  • 3. P.B.BOROLE 3 PROTECTED MODE  Features.  Protected mode register model.  System programming concepts and requirements.  Memory Organization and Management ( Segmentation and paging).  Protection mechanism.  Single task system with protection.  Multitasking system with protection.  Virtual 8086 mode.  IO protection.  Interrupts and Exceptions.  Programming.
  • 4. P.B.BOROLE 4 Features  Provides advanced architecture that supports memory management, virtual addressing, paging, protection and multitasking.  PC can access memory above 640k bytes.  Real mode is analogous to driving a car in first gear while protected mode is analogous to driving a car at full speed.  Real mode is intended to set initial parameters of protected mode.  Used by UNIX , OS/2, Windows, DOS32, DPMI.  Segment value functions as a Selector.
  • 5. P.B.BOROLE 5 Features  Segment registers are used to hold Selector value.  MMU implements both segmentation and paging models.  Enables on chip multitasking hardware that allows execution of tasks on time shared basis.  Task switching is possible within 19s at 19 MHz.  The size of each segment is not fixed. The maximum value is 4G.  Each segment is protected from others.  Can detect segment overflow and underflow.  Segment overlapping is not allowed.
  • 6. P.B.BOROLE 6 Features  Provides on chip hardware that implements a protection mechanism. This mechanism puts restrictions on the access of local and system resources by task in multitasking environment.  Indicates whether segment is present in memory or not. Used by OS to swap segments.  Provides 4 privilege levels Viz. level 0,1,2 and 3  Level 0 – most privilege level, while Level 3 is least privilege level.  IO ports can be protected i.e. privilege levels can be assigned to each IO port.
  • 7. P.B.BOROLE 7 Features  Physical address is 32 bits.  EMM386 can be used to access extended memory.  Two types – 16 bit (286) and 32 bit (386)  16 bit protected mode – PASCAL 7.0 Borland  32 bit protected mode – C++ compiler Borland.  Slower than real mode. But speed is compensated by huge size of memory.  Programming in protected mode is difficult.  CPU has restriction on access due to protection mechanism This reduces possibility of making disasters by bad code.
  • 8. P.B.BOROLE 8 Features  Current program cannot access more privileged data or call less privileged code than own privilege (although can return to less privileged code).  Call to more privileged code cannot use any target address caller wants, it can use addresses specified by system only.  Call to more privileged code must change stack to make sure enough stack space is available for called code (so caller cannot cause crash in it).  Can be returned to real mode with out reset ( not available in 286). but it needs some preparation
  • 9. P.B.BOROLE 9 Features  Virtual address space is 64 tera bytes i.e. 214232=246. Where 214-> Total number of descriptor or possible number of base addresses and 232-> Total number of possible offset addresses.  Allocates global and local resources.  Properties of segment can be defined like readable, write able and executable.  Executes all real and protected mode instructions.  In same privilege level, applications are isolated from each other by assigning different local resources and providing protection among local resources. This improves software reliability of the OS.
  • 10. P.B.BOROLE 10 Features  Provides a special kind of descriptor that can be used to transfer control from lower privilege level to higher privilege level viz. gate descriptor.  Can save status of current task on the stack during task switching .  Can distinguish between unnested and nested tasks.  IP is 32 bits  Provides additional registers GDTR, IDTR, LDTR and TR.  Provides some additional control flags.  Control registers are effective.
  • 11. P.B.BOROLE 11 Features  Indicates whether page is present in memory or not.  Saves the address at which page fault occurred in register. This information is necessary to swap pages.  PE bit is set.  Provides invisible 64 bit descriptor cache register for each segment register. It holds the descriptor of current segment.  Provides interrupt descriptor table instead of vector table. But it supports only 256 interrupts.  ISRs can be protected.
  • 12. P.B.BOROLE 12 Features  Each vector is called ‘Gate’.  Location of IDT is defined in IDTR.  Provides Virtual mode in which 8086 program can be executed. Provides all protections for 8086 programs.  Provides some additional predefined interrupts.  32 bit addressing mechanism:- (386 protected mode) BBBBBBBB <- Base address from descriptor + YYYYYYYY <- Offset address provided by instruction ------------------------ ZZZZZZZZ <- Physical address. It should not be greater than 32 bits
  • 13. P.B.BOROLE 13 Features  16 bit addressing mechanism(286 protected) BBBBBB <- Base address from descriptor. + 00YYYY <- Offset address provided by instruction -------------------- ZZZZZZ <- Physical address Should not be greater than 24 bits $ For every memory access, it uses selector, descriptor and offset. $ IO address is not segmented and paged.
  • 14. P.B.BOROLE 14 Features  Default and segment overrides are similar to real mode.  Descriptors are stored in Descriptor tables.  Descriptor tables are stored in RAM. Hence some memory must be reserved for tables.  Descriptor tables can be set by special 386-aware linkers available from a number of vendors. Protection Systems.  Protected mode is useful in general purpose system.  Not required in embedded system (diskless system). But the address space is 32 bits. It may reduce software development cost.
  • 15. P.B.BOROLE 15 Protected mode For example, if you were interested in doing 16 bit graphics, at 800x600, it would take 800x600x2bytes of memory just to hold a screen. Obviously this would not fit in one segment (I believe the limit is 65535 bytes) So what do you do? Well one solution would be to split it up into many different segments.... but, first, that would become very difficult and complex to program, and second, real mode limits the number of segments you can have (I believe its under 10). And due to Mr Bill/ionaire/ Gates, you are pretty much stuck in a world that lives under the 1 meg mark.
  • 16. P.B.BOROLE 16 Protected mode system SEMICONDUCTOR MEMORY INCLUDES DESCRIPTOR TABLES, OS, MONITOR AND APPLICATION PROGRAMS PROTECTED IO SECONDARY MEMORY CPU MMU WITH SELECTOR AND SYSTEM REGISTERS
  • 17. P.B.BOROLE 17 Protected mode memory GDT LDTs IDT Monitor program ROM Loaded OS System tasks User tasks
  • 18. P.B.BOROLE 18 Protected mode memory System Program GDT System code,data and Stack segments RAM User programs LDTs User code,data And stack segments RAM
  • 19. P.B.BOROLE 19 Protected-Mode Register Model  GDTR : global descriptor table register  LDTR : local descriptor table register  IDTR : interrupt descriptor table register  TR : task register  EIP : 32 bits in length  EFLAGS  CR0, CR1, CR2, CR3CR4  DR0-DR7(Debug registers)  TR6-TR7(Test registers) EIP CS DS SS ES FS GS AX BX CX DX SP BP SI DI EFLAGS GDTR IDTR LDTR CR0 CR1 CR2 CR3 TR DR0 DR1 DR2 DR3 DR4 DR5 DR6 DR7 TR6 TR7 Limit Limit Base Base 0 15 16 47 MSW
  • 20. P.B.BOROLE 20 Protected-Mode Register Model  Provides one 32 bit instruction pointer EIP -> 386,486 and Pentium program or 16 bit instruction pointer EIP -> 286 program. Function is similar to real mode.  Provides six selector registers viz. CS, DS, SS, ES, FS and GS with invisible cache 64 bit cache registers.  Provides eight 32 bit data registers.  Provides one 32 bit flag register.  Provides two 48 bit, and two 16 bit system registers.  Provides four 32 bit control, eight 32 bit debug, and two 32 bit task register.
  • 21. P.B.BOROLE 21 Segment Selector Register and the Cache Registers CS DS SS ES FS GS Programmer accessible Selectors Transparently Loaded by MPU Access RightsBase Address Limit 0 19 20 51 52 63 64-bit Segment Descriptor Cache Registers
  • 22. P.B.BOROLE 22 Segment Selector Register and the Cache Registers  Each segment register functions as a select register.  Each selector points only one descriptor of a descriptor table(GDT or LDT).  Each selector holds index value,TI bit and RPL  GDT or each LDT contains 8192 descriptors.  CS selector is always used in conjunction with EIP to access code segments of system or user programs.  SS selector used to access stacks of system or user programs.
  • 23. P.B.BOROLE 23 Segment Selector Register and the Cache Registers  DS, ES, FS and GS are used to access data segments of system or user program.  Each selector has 64 bit invisible cache register.  Cache register holds current descriptor of the current segment. This avoids re-access of descriptor  386 can hold six descriptors at a time.  Each descriptor is eight bytes long.  Selector has it’s own privilege level(RPL). RPL bits are used by OS.  Selector is initialized through instructions.  Selector does not point to the segment directly.
  • 24. P.B.BOROLE 24 Register With Changed Functionality  Example: CS: 1007H, GDT base 00100000H, LDT base 00120000H  (CS) = 0001 0000 0000 0111 : RPL = 3, TI =1, Index = 0001 0000 0000 0  Address of the segment descriptor = 00120000H + 1000H = 00121000H SEGMENT SELECTOR REGISTER 1-0 2 15-3 Requested Privilege Level(RPL) Indicates selector privilege level desired Table Indicator (TI) TI=0 use global descriptor table (GDT) TI=1 use local descriptor table (LDT) Index select descriptor entry in table INDEX TI RPL
  • 25. P.B.BOROLE 25 T I Protected Memory Management and Address Translation  Virtual Address and Virtual Address Space  virtual address : selector(16-bit): offset(32-bit)  214(16,384 = 16K) unique segments of memory, each of which has a maximum size of 4G bytes  Total virtual address space = 246 , 64 TB selector offset 47 32 31 0 RPL INDEX
  • 26. P.B.BOROLE 26 Protected Memory Management and Address Translation Local segment 8191 Local segment 1 Local segment 0 Global segment 8191 Global segment 1 Global segment 0 Local address space 32 Terabytes Global address space 32 Terabytes Virtual Address Space 64 Terabytes  Segment Partitioning of the Virtual Address Space
  • 27. P.B.BOROLE 27  Index value is multiplied by 8 and result is added into base address or starting address of descriptor table. Index  8 + Base address of table = address of descriptor.  TI bit is used to select either GDT(TI = 0) or LDT(TI = 1).  RPL is request privilege level of selector. It is compared with DPL and CPL CPL is current privilege level of CS and RPL is privilege level of new selector.  Segment selectors are visible to application programs as part of a pointer variable, but the values of selectors are usually assigned or modified by link editors or linking loaders, not by application programs.. Segment Selector Register and the Cache Registers
  • 28. P.B.BOROLE 28 Segment Selector Register and the Cache Registers  In systems in which multiple processors have access to the same descriptor tables, it is the responsibility of software to reload the segment registers when the descriptor tables are modified. If this is not done, an old segment descriptor cached in a segment register might be used after its memory- resident version has been modified.  MOV, POP, LDS, LES, LSS, LGS, and LFS instructions are used to load selector.CALL, JMP, and RET, IRET, INTnn, INTO and INT3
  • 30. P.B.BOROLE 30 EFLAGS  IF: Interrupt enable flag. The CPL, IOPL, and the state of the VME flag in control register CR4 determine whether the IF flag can be modified by the CLI, STI, POPF, POPFD, and IRET instructions.
  • 31. P.B.BOROLE 31 EFLAGS  VM : virtual 8086 Mode - system flag.  set only in Protected Mode by IRET instruction and by task switches.  unaffected by POPF.  RF : resume flag - system flag  in conjunction with the debug register breakpoints. Used to enable or disable debug exception. If RF = 1, then disable debug exception  NT: nested task flag - system flag  indicates that the execution of this task is nested within another task.
  • 32. P.B.BOROLE 32 EFLAGS  IOPL : input/output privilege flag - system flag  indicates the numerically maximum CPL value permitted to execute I/O instructions. This field can only be modified by the POPF and IRET instructions when operating at a CPL of 0.  AC: Alignment Check: If this flag and AM flag in CR0 are set, then it enables alignment checking of memory references. It generates “alignment check exception” if the misaligned operand is accessed. Alignment-check exceptions are generated only in user mode (privilege level 3).This exception is not generated in PL0The alignment-check exception can be used to check alignment of data. This is useful when exchanging data with other processors, which require all data to be aligned.
  • 33. P.B.BOROLE 33 Pentium flags  VIF: Contains virtual image of IF flag. Used in conjuction with VIP flag.The processor accepts this flag only when either VME or PVI flag in control register CR4 is set and the IOPL is less than 3. (The VME flag enables the virtual-8086 mode extensions; the PVI flag enables the protected-mode virtual interrupts.)
  • 34. P.B.BOROLE 34 Pentium flags  VIP:Virtual interrupt pending: Set by software to indicate that an interrupt is pending; cleared to indicate that no interrupt is pending. This flag is used in conjunction with the VIF flag. The processor reads this flag but never modifies it. The processor only recognizes the VIP flag when either the VME flag or the PVI flag in control register CR4 is set and the IOPL is less than 3.
  • 35. P.B.BOROLE 35 Pentium Flags  ID:If the program or procedure is able set or clear this flag then the software can execute CPUID instruction. This instruction is used to identify type of Pentium CPU
  • 36. P.B.BOROLE 36 Memory Management CPU GDTR LDTR (selector) IDTR TR(selector) GDT LDT IDT TSS LDTR cache TR cache Memory LDT Descriptor TSS Descriptor
  • 37. P.B.BOROLE 37  Application Program : a collection of tasks  task: a group of program routines that together perform a specific function.  A task can activate both global and local segments of memory. Task 1 Local Address Space Global Address Space Task 3 Local Address Space Task 2 Local Address Space Task 1 Virtual Address Space Task 2 Virtual Address Space Task 3 Virtual Address Space
  • 38. P.B.BOROLE 38 Memory Management Registers  Global Descriptor Table Register.  48 bit register.  Used to point GDT.  Divided into two components viz. Base and limit.  Base value( 32 bit) indicates the starting address of GDT.  Limit value(16 bit) indicates the size of GDT.  Used by OS only.  Initialized in real mode.  Defines characteristics of global address space.  It has no cache register.
  • 39. P.B.BOROLE 39 GDTR BASE LIMIT 0 15 16 47 LIMIT -> 16 bit field. Indicates the length of GDT in terms of bytes . The maximum size of GDT is 65536 bytes. Limit = Size -1 BASE -> 32 bit field. Gives 32 bit physical starting address of GDT.
  • 40. P.B.BOROLE 40 LDTR  16 bit register.  Used as a local selector.  Points LDT descriptor stored in GDT.  GDT contains many LDT descriptors.  Each LDT has LDT descriptor in GDT.  Points only one LDT descriptor at a time.  Used to change LDT.  Provides 48 bit cache register.  A 48 bit cache register is used to hold current LDT descriptor.  Each task may have it’s own LDT.
  • 41. P.B.BOROLE 41 LDTR 13 bit Index Value 0 0 0 0 2 3 15 Lower 3 bits are always zeros. Upper 13 bits are used as Index Value Index value is multiplied by 8 and added into base address stored in GDTR. Physical Address of LDT descriptor in GDT = Base address in GDTR + (Index value8).
  • 42. P.B.BOROLE 42 LDTR CACHE REGISTER 32 BIT BASE Address of LDT 16 BIT LIMIT Access Right This Register is not available for user. It holds LDT descriptor of current LDT. Base address is the physical address of LDT. Limit indicates the size of LDT. Limit = Size -1 Access right provides protection mechanism.
  • 43. P.B.BOROLE 43 Local Descriptor Table  Local Descriptor Table  Each task can have access to own private descriptor table(LDT) in addition to GDT.  Contains descriptors that provide access to code and data in segments of memory. LIMIT BASE LIMIT BASE selector 0 0 0 15 15 15 31 31 GDTR LDTR LDTR cache program invisible GDT LDT0 LDTn         
  • 44. P.B.BOROLE 44 IDTR  48 bit register.  Points IDT.  IDT contains descriptors. Maximum 256.  Consists of base and limit value.  Base address indicates the starting address of IDT.  Limit value indicates the size of IDT.  Used by interrupts and exceptions only.  ISRs are invoked via IDT.  It has no cache register.
  • 45. P.B.BOROLE 45 IDTR 32 bit Base address of IDT Limit 16 bit Not more than 256*8-1 15 16 47 Base address is the physical address of IDT. Limit value indicates the size of IDT. Limit = Size –1. The maximum size of IDT is 256  8..
  • 46. P.B.BOROLE 46 Interrupt Descriptor Table  Interrupt Descriptor Table (IDT)  Contains interrupt descriptors, not segment descriptors.  IDT can also be up to 64KB; But 386 only supports up to 256 interrupts and exceptions(2KB). BASE LIMIT 0 47 16 15 0 255 1 Interrupt Descriptor Table (IDT) Interrupt Descriptor Table Register(IDTR) MAX: 2k bytes 256 entries
  • 47. P.B.BOROLE 47 TR  16 bit register.  Used in task switching.  Holds 16 bit Selector value.  Initial selector must be loaded under software control.  Then TR is loaded automatically with appropriate value during each task switch operation.  Has 48 bit cache register. But not available for user.  Points TSS descriptor stored in GDT.
  • 48. P.B.BOROLE 48 TR 13 BIT Index Value 0 0 0 0 2 3 15 13 bit Index value is multiplied by 8 and added into Base address Of GDTR. This will give physical address of TSS descriptor in GDT. Physical address of TSS descriptor in GDT = Base address in GDTR + Index  8.
  • 49. P.B.BOROLE 49 TR CACHE REGISTER 32 BIT Base address of TSS 16 BIT LIMIT Access right Base address is the physical address of TSS. TSS is used to save system Information of the task. TSS also indicates the information needed to initiate the task.
  • 50. P.B.BOROLE 50 Task Register  Task Register  task switching mechanism.  TSS descriptor.  TSS : task state segment; information needed to initiate the task, such as initial values for the user-accessible registers. Physical Memory GDT TSS TSS descriptor TR BASE LIMIT 0 15 16 47
  • 51. P.B.BOROLE 51 Control Registers  Provides five 32 bit control registers viz. CR0, CR1, CR2, CR3 and CR4.  Available in protected mode only ( Some bits of CR0 are available in real mode also).  Many registers are used in paging mechanism.  Lower SIX bits of CR0 form system control flags. They are also called machine status word.
  • 53. P.B.BOROLE 53 Control registers CR0 (386 bits)  PG : Paging enable bit. Used to enable paging Unit within segments.  ET: Processor extension. Reserved  TS: Task Switch. Automatically set in task switching.  EM: Emulate coprocessor. Indicates presence of coprocessor. But in Pentium this bit is 0.
  • 54. P.B.BOROLE 54 Control registers CR0 (386 bits)  MP: Monitor Coprocessor . Must be set to run 286 and 386 programs on Pentium.  PE: Protection Enable: Used to operate 386 in protected mode PE = 0 -> Real mode, PE = 1 -> Protected mode. Set by loading MSW or CR0. Reset automatically after reset signal.
  • 55. P.B.BOROLE 55 Control registers CR0 (Pentium)  CD: Cache Disable. Disables cache writes when set  NW: Not write through. Disable cache write through operation when set  AM: Alignment mask. Allows alignment checking when set  WP: Write protect. Enforces supervisor level write protection when set.  NE: Numeric Error. Allows floating point errors to be reported when set
  • 56. P.B.BOROLE 56 Control Registers RESERVED CR1 PAGE FAULT LINEAR ADDRESS CR2 31 TO 12 Page Directory Base 4 PCD 3 PWT CR3
  • 57. P.B.BOROLE 57 Control registers  CR1 : reserved by Intel  CR2: Page fault linear address register: 32 bit register. Holds the 32 bit linear address that caused the last page fault.
  • 58. P.B.BOROLE 58 Control registers  CR3: Page directory base address: 32 bit register. Upper 20 bits. Stores physical base address of page directory table. Page directory table is always page aligned. Task Switch will also change contents of this register.  PCD: Cache disable. This bit determines whether the current memory access is cached or not.  PWT: Write through This bit enables write through operation between the cache and memory
  • 60. P.B.BOROLE 60 Control Registers CR4 6 MCE 4 PSE 3 DE 2 TSD 1 PVI 0 VME CR4
  • 61. P.B.BOROLE 61 Control Register CR4  MCE:Enables machine check exception.  PSE: Allows 4 MB pages when set.  DE: Debugging extensions. Enables IO break points when set.  TSD: Time stamp disable. Used to make the RDTSC instruction (read from time stamp counter) privileged.  PVI: Protected mode virtual interrupt. When set, allows a virtual interrupt flag to be maintained in protected mode.  VME: Virtual 8086 mode extension. When set, enables emulation of a virtual interrupt flag.
  • 63. P.B.BOROLE 63 Memory management  Three components: logical, linear and physical  Transfers logical address into physical address in two steps viz. segment and Page translation  Logical address consists of segment selector and segment offset. This address is converted into a linear address. Logical address is also called virtual address.  In page translation, the linear address is converted into physical address (optional).  Segment provides a mechanism of isolating individual code, data and stack modules so that tasks can run on the same processor without interfering with one another.  Paging provides a mechanism of implementing a conventional demand-paged, virtual memory system. Provides isolation between tasks.
  • 65. P.B.BOROLE 65 Physical Address Space and Virtual-to-Physical Address Translation SELECTOR OFFSET SEGMENT TRANSLATION PG? DIR PAGE OFFSET 31 0 PAGE TRANSLATION PHYSICAL ADDRESS PAGING DISABLED PAGING ENABLED LOGICAL ADDRESS LINEAR ADDRESS
  • 66. P.B.BOROLE 66 Segmentation Virtual to Physical Address Translation SELECTOR OFFSET SEGMENT TRANSLATION PG? DIR PAGE OFFSET 31 0 PAGE TRANSLATION PHYSICAL ADDRESS PAGING DISABLED PAGING ENABLED LOGICAL ADDRESS LINEAR ADDRESS Data Segment Descriptor Cache Register Selector Offset(EBX) (DS) Data Segment LDT Operand Segment Descriptor
  • 70. P.B.BOROLE 70 Memory management  Segmentation unit translates the logical address into 32 bit linear address.  Paging unit converts 32 bit linear address into 32 bit physical address.  Paging mechanism manages only one segment at a time.  Paging mechanism manages huge segment.  Semiconductor memory contains segments and descriptor tables.
  • 72. P.B.BOROLE 72 Protected memory model: flat model Limit field sets the size of memory. If the memory accessed beyond this Range, the microprocessor will general protection faults. This model provides less protection. In protected mode, at least two segments must be prepared.
  • 73. P.B.BOROLE 73 Protected memory model: flat model More protection can be provided by enabling paging.
  • 75. P.B.BOROLE 75 Multisegment model  This model uses full capability of segmentation mechanism.  Provides full protection among code data system segments.  Each task has it’s own table.  Access to each segment is controlled by on chip hardware.  System program segments can be protected.
  • 76. P.B.BOROLE 76 Descriptor tables  Each segment has descriptor.  An array of descriptors.  A memory array of 8 byte entries.  Three types of tables viz. GDT, LDT and IDT.  But two types of table used by each selector viz. GDT and LDT.  Each system must have one GDT.  The system have one or more LDTs.  GDT is not segment itself. It is data structure of linear address space.  LDT is located in a system segment of the LDT type.  The size is not fixed and location is not fixed.
  • 77. P.B.BOROLE 77 GDT  Contains descriptor of any type except trap and interrupt gates.  Pointed by GDTR.  Contains maximum 8192 descriptors.  Descriptors are available for all tasks.  The size of table varies in step of 8 bytes.  The base address of GDT is stored in GDTR.  The base address should be aligned.  To access this table TI bit of selector should be 0.  Must be stored in data segment.
  • 78. P.B.BOROLE 78 GDT  The first descriptor is NULL descriptor.  The NULL descriptor is unique to the GDT.  It has a TI = 0 and INDEX = 0.  This descriptor is never referenced by the processor.  The data stored in it’s place can be used for any purpose e.g. Pointer to GDT itself.  LGDT instruction needs a six byte pointer to the GDT and NULL descriptor has 8 bytes.  The NULL selector always causes an error.
  • 79. P.B.BOROLE 79 GDT GDT_PTR DW GDT_LENGTH-1 DD PHYSICAL_GDT_ADDRESS Then in the code segment: LGDT GDT_PTR This is cleaner approach to access GDT. No. Of descriptors in GDT = Size of Table 8 Limit = size -1 Starting address of GDT = BBBBBBBB (Base address stored in GDTR) Ending address of GDT = BBBBBBBB + LIMIT
  • 80. P.B.BOROLE 80 GDT The physical address of descriptor in GDT = Base address+ Index  8. = BBBBBBBB -> 32 BIT BASE ADDRESS IN GDT + I I I I 0 0 -> 13 BIT INDEX  8 --------------------------------------------------------- GGGGGGGG -> 32 BIT PHYSICALADDRESS OF DESCRIPTOR IN GDT.
  • 81. P.B.BOROLE 81 LDT  System has one or more LDTs.  Each task has it’s own LDT.  One LDT may be shared by two or more tasks.  Used by application programs  Optional.  Located in system segment.  It’s descriptor (LDT descriptor) is stored in GDT.  LDT descriptor is pointed by LDTR.  Number LDTs = Number of LDT descriptor in GDT.  Each LDT contains 8192 descriptors.  Only one LDT is active at a time.  Each LDT has LDT descriptor and segment selector.  LDT descriptor can be located anywhere in GDT.
  • 82. P.B.BOROLE 82 LDT Starting address of LDT = BBBBBBBB -> Base address stored in LDT Descriptor. Ending address of LDT BBBBBBBB+ LIMIT: LIMIT value is present In LDT descriptor. No. of descriptors in LDT = Size of LDT 8 Limit = size -1 LDT contains code, data, stack, task gate and call gate descriptors. Address of descriptor in LDT = BBBBBBBB -> Base address stored in LDT descriptor + I I I I 0 0 -> Index 8 -------------------------------------------------------------- LLLLLLLL -> 32 bit physical address of Descriptor in LDT
  • 83. P.B.BOROLE 83 LDT Address of LDT descriptor in GDT = BBBBBBBB -> Base address in GDTR + I I I I 0 0 -> Index  8 where Index is present in LDTR -------------------------------------------------- GGGGGGGG ->32 bit Physical address of LDT descriptor in GDT
  • 84. P.B.BOROLE 84 Global and Local Descriptor Tables
  • 85. P.B.BOROLE 85 Descriptors  Used to convert logical address into linear address.  Created by compilers, linkers,loaders or the OS.  Not created by application program.  Gives characteristics of the segment.  Segment cannot be accessed without descriptor.  8 byte quantity.  Managed by on chip MMU.  Current descriptor is loaded into in cache register of CPU.  Divided into four fields viz. Base address , Limit, control and access right.  Two types – system and segment.
  • 86. P.B.BOROLE 86 Format of Descriptor LIMIT (L15 - L0) BASE (B15 – B0) BASE( B23 – B16) ACCESS RIGHT LIMIT L19 –L16 AVL 0 D/B G BASE ( B31 – B24) 0 1 2 3 4 5 6 7 D0 D15 D7
  • 87. P.B.BOROLE 87 BASE ADDRESS  32 bit field.  Base address of segment.  Gives starting address of segment.  Offset address is added into this base address.  Must be aligned.  Starting address of segment = BBBBBBBB + YYYYYYYY --------------------------------- ZZZZZZZZ
  • 88. P.B.BOROLE 88 LIMIT  20 bit field.  Indicates the size of segment.  Size = limit + 1.  Used in conjunction with G bit.  G= 0 ; the size of segment varies from 1Bto1MB. The offset address varies from 00000 to FFFFF.  G=1 ; the size of segment varies from 4KB to 4GB. The offset address varies from 00000000 to FFFFFFFF. The size of segment = (LIMIT+1)4KB. The size of segments is indicated in terms of page size. The maximum number of pages = 1M. Note:- the sum of base and offset shouldn't be greater than 32 bit. If G=1 and LIMIT = FFFFF the lowest 12 bits of base address should be 0.
  • 89. P.B.BOROLE 89 Descriptor Control Format G : Granularity bit G = 1-> Page (the lowest 12 bits of segment base address should be zero). G = 0->Byte (1MB max). D/B: Function depends upon the segment type like code or stack. For code segment this is D bit. Default length for operands and effective addresses. D = 1->32-bit operation (386) Window NT’95/96,OS/2 Set by USE32 directive. D = 0->16-bit operation (286) DOS Window 3.1 Reset by USE16 directive. The effect this bit is overridden by operand size and address size prefix bytes.
  • 90. P.B.BOROLE 90 Descriptor Control Format For stack segment (LIFO) this flag is B(BIG). It specifies the size of stack pointer. B= 1->32bit SP and B=0 ->16 bit SP. For Random stack this flag indicates the maximum or upper bound on stack segment. B = 1-> FFFFFFFFH (4 Giga byte), B = 0 ->FFFFFH (64K byte) AVL: Programmer available. Used by OS only. AVL = 0 -> segment is not available for application program. AVL = 1 -> segment is available for application program.
  • 91. P.B.BOROLE 91 Access right byte  Specifies operation characteristics of a segment.  Controls access to the segment.  Indicates protection level of the segment.  Distinguishes between system segment and non system segment.  Indicates whether segment is readable, writable or executable.  Indicates whether segment is accessed or not.
  • 92. P.B.BOROLE 92 Non System Segment descriptors  Defines data, code, stack segments.  Used by both system and application programs.  S=1 in access right byte. P DPL S=1 E ED/C R/W A
  • 93. P.B.BOROLE 93 Descriptors SEGMENT LIMIT 15 .. 0 BASE 23..16 P S TYPE A 0 4 0 8 7 Bit Position Name Function 7 6-5 4 Present (P) Descriptor Privilege Level (DPL) Segment Descriptor Type (S) P=1 Segment is mapped into physical memory P=0 No mapping to physical memory exists, base and limit are not used Segment privilege attribute used in privilege tests S=1 Code or Data segment descriptor S=0 System segment Descriptor or Gate Descriptor 3 2 1 Executable(E) Expansion Direction(ED) Writeable(W) E=0 Data segment descriptor type is : ED=0 Expand Up segment ED=1 Expand Down segment W= 0 Data segment may not be written into W= 1 Data segment may be written into 3 2 1 Executable(E) Conforming(C) Readable(R) E=1 Code segment descriptor type is: C=1 Code segment may only be executed When CPL DPL and CPL remains unchanged R=0 Code segment may not be read R=1 Code segment may be read 0 Accessed(A) A=0 Segment has not been accessed A=1 Segment selector has been loaded into segment register or used by selector test instruction
  • 94. P.B.BOROLE 94 Non System Segment descriptors  P bit indicates whether segment is present in memory or not. P = 0 -> Segment is not present and P = 1-> Segment is present.  This bit used by OS. If P = 0 and segment is accessed through this descriptor, then the microprocessor activates interrupt INT 11. Then the ISR swaps segments. After swapping requested segment, the OS sets P bit of newly loaded segment descriptor and resets P bit of saved segment descriptor.  DPL: defines privilege level of the segment. Used to protect segment from low privilege caller.
  • 95. P.B.BOROLE 95 Non System Segment descriptors  S: Used to distinguish between non system segment and system segment descriptors.  S = 1-> Non system segment descriptor.  E: Executable; Used to distinguish between data and code segments. E=0 -> Data segment including stack. E = 1 -> Code segment.  ED/C: Expand direction/conforming; When E=0, then this bit functions as ED, ED indicates whether the segment is data or stack. ED = 0 -> Data segment( access segment randomly). Offset address  limit. ED = 1 -> Stack segment LIFO. SP must be used in conjunction with SS. Offset address Limit
  • 96. P.B.BOROLE 96 Non System Segment descriptors  When E =1, then this bit functions as C ( conforming) bit. Used to distinguish between conforming and nonconforming code segments.  C= 0 -> Non conforming code segment. In this case, the new CPL will change. The new CPL is EPL.  C = 1 -> Conforming code segment. In this case, new CPL is equal to old CPL.  R/W Read/Write. When E= 0( data segment), then this bit functions as W bit. This bit indicates whether data segment is writable or not.  W = 0 -> data segment is not writable. W= 1 -> data segment is writable.
  • 97. P.B.BOROLE 97 Conforming Code segment  Conforming segments are used for code modules such as math libraries and exception handlers, which support applications but do not require access to protected system facilities. These modules are part of the operating system or executive software, but they can be executed at numerically higher privilege levels (less privileged levels).
  • 98. P.B.BOROLE 98 Conforming Code segment  Keeping the CPL at the level of a calling code segment when switching to a conforming code segment prevents an application program from accessing nonconforming code segments while at the privilege level (DPL) of a conforming code segment and thus prevents it from accessing more privileged data. Most code segments are nonconforming. For these segments, program control can be transferred only to code segments at the same level of privilege,
  • 99. P.B.BOROLE 99 Non System Segment descriptors  When E =1 (code segment) then this bit functions as R bit. This bit indicates whether code segment is readable or not. R = 0 -> code segment is not readable and R = 1 -> code segment is readable.  A: Accessed; This bit indicates whether the segment is accessed or not.This bit is set by microprocessor each time a descriptor is loaded into a cache register. A= 1 -> Segment accessed. This bit is reset by OS periodically. This bit is also used by OS to swap segments.
  • 100. P.B.BOROLE 100 Loading Descriptor from Descriptor Table LDTR descriptor CS descriptor 00A00000H FFFFH GDTR 00A00000H 00A0FFFFH 2000H LDTR 00A02007H 00A02000H 00 0 0 82 90 00 0000 FFFF 0 F FE 60 FFFF 0000 0090000H FFFFH 00900000H 0090FFFFH 1005H CS 0060000H FFFFH 00901007H 00901000H 0060FFFFH 00600000H GDT (64KB) LDT (64KB) CODE SEGMENT (1 MB) SYSTEM MEMORY USER MEMORY
  • 101. P.B.BOROLE 101 System descriptors  16 possible system descriptors.  All system descriptors are present in GDT while some system descriptors are present in LDTs.  Normally system segment descriptor are used by OS.  The value of S in right access byte is 0.  Their functions are fixed and specified by Intel.  The type of system descriptor is indicated by type field.
  • 102. P.B.BOROLE 102 System descriptors P DPL S=0 TYPE TYPE field indicates type of system descriptor.
  • 103. P.B.BOROLE 103 System descriptors System descriptor Access Right byte: 82H 82H = 1000 0010: S=0 system segment, Type = 0010 = local descriptor table, DPL = 00 = privilege level 0, P = 1 present in physical memory Name Value Description Type 0 1 2 3 4 5 6 7 8 9 A B C D E F Reserved Available 16 bit TSS LDT Busy 16 bit TSS Call Gate Task Gate 16 bit Interrupt gate 16 bit Trap gate Reserved Available 32 bit TSS Reserved Busy 32 bit TSS 32 bit Call Gate Reserved 32 bit Interrupt Gate 32 bit Trap Gate P 0 1 Descriptor contents are not valid Descriptor contents are valid DPL 0-3 Descriptor Privilege level 0,1,2, or 3 BASE 32-bit number Base address of special system data segment in memory LIMIT 20-bit number Offset of last byte in segment from the base 0 4 SEGMENT LIMIT 15 .. 0 SEGMENT BASE 15 .. 0 BASE 23..16 BASE 31..24 G X 0 LIMIT 19..16 P DPL 0 TYPE A 3 7 AVL 0 23 16 15 8 7 24 32