PROTECTION
An important distinction exists between tasks and programs. Programs (e.g., instructions
in
code
segments) are static and consist of a fixed set of code and data segments each with an associated
privilege level. The privilege assigned to a program determines what the program may
do
when
executed
by a task. Privilege
is
assigned to a program
w~en
the system
is
built or when the program
is
loaded.
Tasks are dynamic; they execute one or more programs. Task privilege changes with time according
to
the privilege level of the program being executed. Each task has a unique set of attributes that define
it, e.g., address space, register values, stack, data, etc. A task may execute a program if that program
appears in the task's address space. The rules of protection control determine when a program may be
executed by a task, and once executed, determine what the program may
do.
7.2
MEMORY
MANAGEMENT
AND
PROTECTION
The protection hardware of the 80286
is
related to the memory management hardware. Since protec-
tion attributes are assigned to segments, they are stored along with the memory management infor-
mation
in
the segment descriptor. The protection information
is
specified when the segment
is
created.
In addition
to
privilege levels, the descriptor defines the segment type (e.g., Code segment, Data segment,
~tc.).
Descriptors may be created either
by
program development tools or by a loader
in
a dynamically
loaded reprogram mabie environment.
The protection control Information consists
of a segment type, its privilege level, and size. These are
fields
in
the access byte of the segment descriptor (see figure 7-2). This information
is
saved on-chip
in
the programmer invisible section of the segment register for fast access during execution. These
entries are changed only when a segment register
is
loaded. The protection data
is
used at two times:
upon loading a segment register and upon each reference to the selected segment.
The hardware performs several checks while loading a segment register.
These checks enforce the
protection rules before any memory reference
is
generated. The hardware verifies that the selected
segment
is
valid (is identified by a descriptor,
is
in
memory, and
is
accessible from the privilege level
in
which the program
is
executing) and that the type
is
consistent with the target segment register. For
example,
you
cannot load a read-only segment descriptor into
SS
because the stack must always be
writable. '
PROGRAM
VISIBLE
SEGMENT
SELECTORS'
::~,
'
ssr-----i
I I
15
SEGMENT
REGISTERS
(loaded
by
program)
o
r-
-
--------P"R<iQR'i"MiNviSIBLE--------
--...,
I
'ACCESS
I
I
RIGHTS
SEGMENT
BASE
ADDRESS
SEGMENT
SIZE
I
i I I I I !
: I . I I I :
I 47
40
39
16 15 0 I
I
SEGMENT
DESCRIPTOR
CACHE
REGISTERS
I
L
________
(!T~M:TI~':.Y
.:o~E~
B':
c:u~
_______
J
G30108
Figure 7-2.
Descriptor
Cache Registers
7-4