Real Mode Address Translation: Real Mode Address Translation is not technically the translation of any
addresses. Real Mode Address Translation signifies no translation. That is, the physical address is the same
as the effective address. The operating system uses this mode during initialization and some interrupt
processing. Because there is no translation, there is no access control implemented for this mode. However,
because only the super user can alter MSR[IR] and MSR[DR], there is no violation of security policy.
Block Address Translation (BAT) and access control: BAT checks to see if the effective address is within a
block defined by the BAT array. If it is, BAT goes through the steps described in to perform the access
check for the block and get its physical address.
BAT allows an operating system to designate blocks of memory for use in user mode access only, for
supervisor mode access only, or for user and supervisor access. In addition, BAT allows the operating system
to protect blocks of memory for read access only, read-write access, or no access.
BAT treats instruction or data fetches equally. That is, using BAT, it is not possible to protect a block of
memory with the no-execution access (no instruction fetches, only data load and store operations allowed).
Memory can be protected with the no-execution bit on a per-segment basis, allowing the PAT mechanism to
implement access control based on instruction or data fetches.
5.5.2.3.6 Page Address Translation and access control
If BAT is unable to perform address translation, Page Address Translation is used. Page Address Translation
provides access control at the segment level and at the individual page level. Segment level access control
allows the designation of a memory segment as data only. Page Address Translation mechanism prevents
instructions from being fetched from these data only segments.
103
Figure 5-47: Block Address Translation access control