This slides details on system architecture for x86 which includes register basics , memory paging and security handling . The system architecture is configured by BIOS during booting of x86 based PC/Desktops.
2. Intel Confidential
Department or Event Name 2
Intel Confidential
Department or Event Name 2
2
Overview of System Level Architecture
System level architecture provides framework of registers ,data structures
and instructions to support basic operations for application programs . This
framework includes :-
• Memory management,
• Interrupt and exception handling
• Task management
• Control of multiple processors.
Note 2 : “Interrupt and exception handling” & “Control of multiple processors” not covered in this slide deck.
Note 1: Resources from Intel 64 and IA-32 Architecture Software Developer Manual Volume 3
3. Intel Confidential
Department or Event Name 3
Intel Confidential
Department or Event Name 3
3
Overview of Registers and Data Structures in IA-32 Mode
Refer from Intel SDM Vol -3
Refer from Intel SDM Vol -3
Memory
Management(
Paging)
Memory
Management
(Segmentation)
Controlling
Processor Task
Management
Interrupt and
Exception
Handling
4. Intel Confidential
Department or Event Name 4
Intel Confidential
Department or Event Name 4
4
Overview of Registers and Data Structures in IA-32e Mode
Refer from Intel SDM Vol -3
Memory
Management
(Paging)
Memory
Management
(Segmentation)
Controlling
Processor
Task
Management
Interrupt and
Exception
Handling
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
5. 5
5
5
Mode of
Operation
x86 supported modes are
below :-
Protected Mode
Real Address Mode
System Management Mode
Virtual-8086 Mode
64-bit Mode (IA-32e sub mode)
Compatibility Mode (IA-32e sub mode)
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
6. Intel Confidential
Department or Event Name 6
Intel Confidential
Department or Event Name 6
6
Protected Mode
Native Mode of Processor
Provides architectural features like segmentation, paging etc.
PE (protection-enable) and PG (paging) bits in CR0 enables
protection mode and paging.
Segmentation is enabled by default.
7. Intel Confidential
Department or Event Name 7
Intel Confidential
Department or Event Name 7
7
Real Address Mode
• Following Power-Up or Reset. In this mode , PE bit of CR0 is always
zero.
• Supports real address memory model.
• In this memory model , memory is segmented with an array of 16
segments where each segment is 64KBytes and supports 1 MB
memory (16*64KB=1MB,2^20 bytes address space) .
8. Intel Confidential
Department or Event Name 8
Intel Confidential
Department or Event Name 8
8
System management Mode (SMM)
SMM is special mode which provides an OS or executive with a mechanism to
implement power management and OEM differentiation features.
This mode is entered through SMI (system management interrupt).
In SMM , processor switches to separate address space while saving the
context of currently running program or task.
Upon returning from SMM (uses RSM instruction), processor is placed back
into its state prior to the SMI .
9. Intel Confidential
Department or Event Name 9
Intel Confidential
Department or Event Name 9
9
Virtual 8086 Mode
Its quasi mode in IA-32 protected mode but not supported in IA-32e mode.
It allows processor to execute 8086 software in protected , multi-tasking
environment.
It uses real address memory model same as used in Real Mode.
Setting VM bit in EFLAG register enables this mode.
10. Intel Confidential
Department or Event Name 10
Intel Confidential
Department or Event Name 10
10
64-bit Mode (IA-32e sub mode)
Supports 64-bit linear addressing and physical memory larger than
64GBytes.
LME (long mode enable) and LMA (Long mode active) bits in IA32_EFER
(extended MSR) tells if processor is in 64-bit mode.
In this, segmentation is partially enabled by treating segment base of
CS,DS,ES and SS as zero. Hence it creates a flat 64-bit linear address model.
11. 11
11
11
System Flags
System Flags supported by
EFLAG/RFLAG register.
EFLAG is 32-bit flag register .
RFLAG is 64-bit register where upper 32-bit is reserved
while lower 32-bit is exactly same as EFLAG.
These register manages status, control and debugging.
Only privileged code can modify system flags.
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
13. 13
13
13
Control Registers
Following control registers in
x86
• CR0
• CR1 (reserved)
• CR2 (contains page fault address)
• CR4
• CR8 (available in 64-bit mode only)
• XCR0
• PKRU
14. Intel Confidential
Department or Event Name 14
Intel Confidential
Department or Event Name 14
14
Basics of Control Registers
• Decides operating mode of
processor and characteristic of the
currently executing task.
• They are 32-bit in all 32-bit and
compatibility mode and 64-bit in
64-bit mode.
• They can be modified by MOV CRn
instruction at privilege level 0 only.
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
16. Intel Confidential
Department or Event Name 16
Intel Confidential
Department or Event Name 16
16
CR3 (PDBR- Page directory
base register)
• Contains physical address (20-bit or 52-
bit) of paging structure base (Includes all
bits except lower 12-bits given page size
is 4KB)
• Also contains flags PCD (paging cache
disable) and PWT (page write
through).These flags control caching of
paging structure in processor’s internal
data cache.
• In PAE mode, it is base address of page-
directory pointer table and in IA-32e
mode , it is base address of PML4 table.
18. Intel Confidential
Department or Event Name 18
Intel Confidential
Department or Event Name 18
18
CR8
• Provides read/write access to TPR (task priority register).
• Controls priority of external interrupts allowed to interrupt processor .
• Setting specific priority in bit 3:0 of CR8 allows only interrupts having priority above that
can interrupt processor.
• TPR and CR8 together decides which interrupt to be allowed and which are not.
19. Intel Confidential
Department or Event Name 19
Intel Confidential
Department or Event Name 19
19
XCR0 (Extended Control Register)
• CPUID decides whether XCR0 supported or not.
• It provides processor states components in form
of 8 bits (1:9).
• OS can program these bits and provide context
management.
• The context management is meant to enable what
XSAVE feature can do when these bits are set or
cleared.
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual Vol 3
20. Intel Confidential
Department or Event Name 20
Intel Confidential
Department or Event Name 20
20
PKRU (Protection Key Rights Register)
• It provides protection-key feature for 4-level paging.
• Allows protections via access-disable (AD) and write-disable
(WD) bits for user-mode pages with 16 pairs of {AD , WD}.
• 4-bit (59:62 for 64-bit page) mentioned in each page decides
the protection key for that page.
• Protection is only for Data pages.
• RDPKRU and WRPKRU instruction can be used to read/write
this register.
21. 21
21
21
Segmentation
What is Segmentation?
Provides a mechanism of isolating
code, data and stack of multiple
programs running together.
Here , processor’s linear address
space is divided in multiple smaller
segments.
A Segment is addressed by Logical
address which is “Segment
Selector (16-bit)+ Offset (32-bit)”
22. Intel Confidential
Department or Event Name 22
Intel Confidential
Department or Event Name 22
22
Segmentation
Contd..
• Segment Selector indexes Global Descriptor table (GDT) or
LDT (based on TI=Table indicator) to locate Segment
descriptors.
• A Segment descriptor has base address, access rights, size
of segment, privilege level and segment type.
• The offset part of logical address is added to the base
address of that segment descriptor and this way a byte is
accessed in linear address space.
• Compilers , Linkers ,Loaders etc. generate segment
selectors and offsets for different parts of a program.
23. Intel Confidential
Department or Event Name 23
Intel Confidential
Department or Event Name 23
23
Obtaining Physical Address from Segments
(2^13)8192
Descriptors
NULL descriptor is used to initialize segment.
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
24. Intel Confidential
Department or Event Name 24
Intel Confidential
Department or Event Name 24
24
Segment Registers and Segment Descriptor
Hidden part/Descriptor
Cache/Shadow Register
In IA-32e mode , all six segment registers are used but in IA32-e mode, ES,DS and SS are not used, Instead canonical
form of linear address references are checked than performing limit checks as done in IA-32 mode.
13-bit
Selector
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
Descriptor Size in IA-32 Mode = 8 Byte
Descriptor Size in IA-32e Mode = 16 Byte
Total Descriptors = 2^13 = 8192
25. Intel Confidential
Department or Event Name 25
Intel Confidential
Department or Event Name 25
25
Segment types and bits’ Details
• Type fields decides following –
• Data segment - E, W and A bits
• Code segment - C, R and A bits
• System Segment - LDT,TSS, Call gate,
Interrupt gate, Trap gate, Task gate
• DPL – take values between 0-3
• G,E,C, Type , Limit and DPL fields
defines protection mechanism for
that segment.
• D/B field decides size for operand ,
effective address, and stack
pointer along with upper bound
for SS.
When S=1
When S=0
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
For SS, if E=1 (expand-down), B field sets limit to
4Gbytes(FFFFFFFF) or 64Kbytes(FFFF).
26. Intel Confidential
Department or Event Name 26
Intel Confidential
Department or Event Name 26
26
Code Segment and Data Segment Types
E-Expand Direction
W – write-enable
A - Accessed
When S=1
C-Conforming
R – Read Enable
A - Accessed D/B bit for Data Segment decide upper bound when E bit decides if data
segment is expand-down or expand-up segment.
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
27. Intel Confidential
Department or Event Name 27
Intel Confidential
Department or Event Name 27
27
System Segments and Gates Descriptors
When S=0
System Segment Descriptors
Call gate Descriptors
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
28. Intel Confidential
Department or Event Name 28
Intel Confidential
Department or Event Name 28
28
Instruction
impacting
Segment
Registers and
Segment
Descriptors
These instructions change
CS or other segments
registers as per their
usage.
29. 29
29
29
Paging
What is Paging?
Provides a virtual memory system where
virtual address spaces of program’s execution
environment are mapped to physical
addresses as needed.
It too provides isolations among multiple
tasks running together.
Here each segment is divided into
pages(typically 4KB) and stored on disk or in
physical memory.
30. Intel Confidential
Department or Event Name 30
Intel Confidential
Department or Event Name 30
30
LME
LMA
NXE
ELFAGS
PE,PG and WP
PSE,PAE,PGE,PCIDE,SMEP,SMAP,PKE
Configuration settings 1-
6 enables paging and
control it.
Physical address of
first paging
structure
CR2
IA32 extended Feature MSR
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
1
2
4
3
5
1
2
3
4
5
Paging Configuration
6
6
31. Intel Confidential
Department or Event Name 31
Intel Confidential
Department or Event Name 31
31
Three Mods of Paging
32-Bit paging
PAE-paging
4-level paging
PG=1,PAE=0,LME=0
PG=1,PAE=1,LME=0
PG=1,PAE=1,LME=1,
Only in IA-32e Mode
MAXPHYADDR = 40-bit
Page Size = 4KB,4MB
Linear Addr. Width = 32-bit
MAXPHYADDR = 52-bit
(2^52 = 4PBytes)
Page Size = 4KB,2MB
Linear Addr. Width = 32-bit
Supports NXE
MAXPHYADDR = 52-bit
Page Size = 4KB,2MB,1GB
Linear Addr. Width = 48-bit
Supports NXE,PCIDE,PKE
32. Intel Confidential
Department or Event Name 32
Intel Confidential
Department or Event Name 32
32
32-bit Paging Structure
PDE = Page Directory Entry
PTE = Page Table Entry
PS = Page Size
1024
Entries
1024
Entries
4096
Entries
Physical address
4GB
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
33. Intel Confidential
Department or Event Name 33
Intel Confidential
Department or Event Name 33
33
32-bit Paging
Cont.…
1024
Entries
4GB
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
34. Intel Confidential
Department or Event Name 34
Intel Confidential
Department or Event Name 34
34
Selection of PDE from CR3 Entry (Physical
address = 40-bit)
0
31:22 of Linear
address
0
1024 PDEs
20 Bits
(Notice explanation using colour coding of ellipsis and rows in all slides related with paging bits details)
35. Intel Confidential
Department or Event Name 35
Intel Confidential
Department or Event Name 35
35
Using 32-bit PDE to decide on Physical Address for 4-Mbyte Page Size (CR4.PSE=1)
20:13 of PDE
31:22 of
PDE
21:0 of linear
address
Present
(P:0) Flag
Page Size(PS:7)
4Mbyte Address
Space
36. Intel Confidential
Department or Event Name 36
Intel Confidential
Department or Event Name 36
36
Selection of PTE (4KByte Page Size) from PDE
31:12 of
PDE
21:12 of Linear
address
0
1024 PTEs
0
Present
(P:0) Flag
Page Size(PS:7)
37. Intel Confidential
Department or Event Name 37
Intel Confidential
Department or Event Name 37
37
Using 32-bit PTE to get final physical Address for 32-bit Linear
address
0
31:12 of
PTE
11:0 of Linear
address
Present
(P:0) Flag
38. Intel Confidential
Department or Event Name 38
Intel Confidential
Department or Event Name 38
38
PAE Paging
and Selection
of PDPTE
4
Entries
512
Entries
512
Entries
4096
Entries
PDPTE = Page-directory
Pointer table
PDE = Page Directory Entry
PTE = Page Table Entry
PS = Page Size
M = 52-bit
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
39. Intel Confidential
Department or Event Name 39
Intel Confidential
Department or Event Name 39
39
PAE Paging Cont.…
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
40. Intel Confidential
Department or Event Name 40
Intel Confidential
Department or Event Name 40
40
Selection of PDE from PDPTEi and Linear address
29:21 of Linear
Address
0
Present
(P:0) Flag
40 bits(12:51)
41. Intel Confidential
Department or Event Name 41
Intel Confidential
Department or Event Name 41
41
52-bit PDE points to 2-Mbyte Page or not based on PS flag?
Present
(P:0) Flag
Page
Size(PS:7)
20:0 of Linear
Address
Depends on
IA32_EFER.NX
E
31 bits(21:51)
42. Intel Confidential
Department or Event Name 42
Intel Confidential
Department or Event Name 42
42
Using 52-bit PDE to select PTE
Present
(P:0) Flag
Page
Size(PS:7)
20:12 of Linear
Address
Depends on
IA32_EFER.N
XE
40 bits(12:51)
43. Intel Confidential
Department or Event Name 43
Intel Confidential
Department or Event Name 43
43
Using 52-bit PTE to get final physical address for given 32-bit linear
address
Present
(P:0) Flag
Page
Size(PS:7)
11:0 of Linear
Address
Depends on
IA32_EFER.N
XE
40 bits(12:51)
44. Intel Confidential
Department or Event Name 44
Intel Confidential
Department or Event Name 44
44
4-Level Paging
(CR4.PCIDE=0)
512
Entries
512
Entries
512
Entries
512
Entries
4096
Entries
PML4 = Page map level 4
PDPTE = Page-directory Pointer
table
PDE = Page Directory Entry
PTE = Page Table Entry
PS = Page Size
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
45. Intel Confidential
Department or Event Name 45
Intel Confidential
Department or Event Name 45
45
4-Level Paging with 2-Mbyte Page Size
512
Entries
512
Entries
512
Entries
2-MByte
Entries
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
46. Intel Confidential
Department or Event Name 46
Intel Confidential
Department or Event Name 46
46
4-Level Paging 1-Gbyte page Size
512
Entries
512
Entries
1-Gbyte
Entries
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
47. Intel Confidential
Department or Event Name 47
Intel Confidential
Department or Event Name 47
47
Selection of PML4E from PML4 table
address(M=52 bit)
47:39 of Linear
Address
0
40 bits(12:51)
48. Intel Confidential
Department or Event Name 48
Intel Confidential
Department or Event Name 48
48
Selection of PDPTE from 52-bit PML4E
38:30 of Linear
Address
0
Depends on
IA32_EFER.N
XE
Present
(P:0) Flag
40 bits(12:51)
49. Intel Confidential
Department or Event Name 49
Intel Confidential
Department or Event Name 49
49
PDPTE points to 1 GB Page or not based on PS flag?
29:0 of Linear
Address
Page
Size(PS)
Present
(P:0) Flag
Depends on
CR4.PKE and
PKRU register
Depends on
IA32_EFER.N
XE
22 bits(30:51)
50. Intel Confidential
Department or Event Name 50
Intel Confidential
Department or Event Name 50
50
Selection of PDE from PDPTE
29:21 of Linear
Address
Page
Size(PS:7)
Present
(P:0) Flag
0
Depends on
IA32_EFER.NXE
40 bits(12:51)
51. Intel Confidential
Department or Event Name 51
Intel Confidential
Department or Event Name 51
51
PDE points to 2-Mbyte Page or not based on PS flag?
20:0 of Linear
Address
Page
Size(PS:7)
Present
(P:0) Flag
Depends on
CR4.PKE and
PKRU register.
Depends on
IA32_EFER.NX
E
31 bits(21:51)
52. Intel Confidential
Department or Event Name 52
Intel Confidential
Department or Event Name 52
52
Selection of PTE from PDE
20:12 of Linear
Address
0
Page
Size(PS:7)
Present (P:0)
Flag
Depends on
IA32_EFER.NX
E
40 bits(12:51)
53. Intel Confidential
Department or Event Name 53
Intel Confidential
Department or Event Name 53
53
Using 52-bit PTE to get final physical address
for 48-bit linear address
11:0 of Linear
Address
Present
(P:0) Flag
Page
Size(PS:7)
Depends on
IA32_EFER.N
XE
Depends on
CR4.PKE and
PKRU
register
40 bits(12:51)
54. Intel Confidential
Department or Event Name 54
Intel Confidential
Department or Event Name 54
54
Access Rights
• Supervisor-mode/user-mode( CPL < 3 or CPL =3)
• Implicit Supervisor-mode (accessing system data structures)
• Explicit Supervisor-mode
• Access rights also gets controlled by U/S bit in paging structures.
• CR4.SMAP and EFLAGS.AC decides data reads from user-mode linear address while executing in supervisor mode.
• CR0.WP , R/W bit in paging structure ,CR4.SMAP and ELFAGS.AC bits decides data writes for supervisor and user-mode addresses.
• IA32_EFER.NXE, CR4.SMEP and XD bit in paging structure decides instruction fetches from supervisor mode as well as user mode
addresses.
• Access rights in TLBs and paging-structure caches might differ from access rights on paging structures in memory.
• Protection keys provide additional mechanism in 4-level paging only to decide on data read/write for user-mode linear addresses.
It works in conjunction with CR4.PKE,CR4.WP,PKRU register (32-bit) and RDPKRU/WRPKRU instructions.
55. Intel Confidential
Department or Event Name 55
Intel Confidential
Department or Event Name 55
55
Page Fault (PF, exception#14)
• Page Fault Happens in two cases
• Present flag (P:0) in paging
structure is set to “0”.
• Present flag is set to “1” but
access right is not permitted.
• SGX-induced page faults are
different than above ordinary page
faults.
• See the Error Code definitions for
more details.
Error Code definitions
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
56. Intel Confidential
Department or Event Name 56
Intel Confidential
Department or Event Name 56
56
PCID (Process Context Identifiers)
• CR4.PCIDE enables this feature for 4-level paging only.
• TLB entries and paging structure cache entries are associated with a particular PCID.
• A logical processor uses TLB and paging cache entries for current PCID only .
•
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
57. Intel Confidential
Department or Event Name 57
Intel Confidential
Department or Event Name 57
57
TLB (Translation lookaside buffers)
Cache individual translation referenced by page number/frame
Each translation entry contains information on physical address of page frame, access rights and
memory attributes that help translate linear address to physical address.
TLB entries are associated with current PCID.
Accessed Flag need to be set to 1 to be cached in TLB.
58. Intel Confidential
Department or Event Name 58
Intel Confidential
Department or Event Name 58
58
Global Pages
CR4.PGE and G flag in paging structure entry for a page enable this
feature.
With both above bits set to 1, TLB entry cached for this linear address
translation is considered as Global.
A logical processor may use this global TLB entry for linear address
translation irrespective of different PCID value for that TLB entry.
59. Intel Confidential
Department or Event Name 59
Intel Confidential
Department or Event Name 59
59
PML4 Cache
Referenced by 47:39 bit of Linear address .
It contains respective PML4E entry and its flag details.
PDPTE,PDE,PTE and final page entries are derived from the cached 52-bit PML4E entry.
PML4E entry is cached only when P flag is set to 1.
Cached PML4E entry may differ from PML4E entry in memory.
60. 60
60
60
Privilege levels and
Protection
How Protection works?
Protection mechanism operates at
segment level by providing four privilege
levels say 0-3 where 0 is highest level of
protection and 3 is lowest level of
protection.
Protection mechanism operates at page
level by providing two privilege levels
say 0-1 where 0 is for supervisor- mode
related page s while 1 is for user mode
related pages.
61. Intel Confidential
Department or Event Name 61
Intel Confidential
Department or Event Name 61
61
Protection Checks
• Before any memory cycle, following checks need to be done and if fails ,it raises an exception.
• Limit Check – In 32-bi t mode, checks limit field for valid segment access along with G,E and B bits in segment
descriptor and also in descriptor table’s limit fields (GDTR ,LDTR and IDTR). No limit checking in 64-bit mode except
descriptor table’s limits.
• Type Check – checks for valid loads and attributes in segments like code, data , system ,LDTR and TR. Also perform
checks on instruction carrying valid segment addresses or types.
• Privilege level Checks - Checks CPL, DPL ,RPL . See the next slide for more details.
• Restriction of Addressable domain – Checks addressable domains based on segment privilege levels and page-
protection levels.
• Restriction of Procedure entry points – Performs Call Gates specific Checks as mentioned in further slide.
• Restriction of instruction set – Instruction allow to execute only at higher privilege level but not at lower privilege
level. Some examples are LGDT,LLDT LTR , LIDT etc…
• Beside these, there are instructions who can perform checks on valid segment accesses. Some examples are
LAR,LSL,VERR,VERW,ARPL etc.
62. Intel Confidential
Department or Event Name 62
Intel Confidential
Department or Event Name 62
62
Privilege levels
•Stored in bit 0 and 1 of CS or SS registers.
•Get changed as switches b/w code segments of different CPL.
•Different behaviour for Conforming Segment.
CPL –
•Stored in segment descriptor
•Different behaviour for TSS, data segment, call gates,
nonconforming and conforming code segments based on CPL of
current program accessing them.
DPL-
•Stored in 0 and 1 of segment selector and acts as override to
CPL.
•Prevents less privilege application code to access a more
privileged code accidentally.
•Setting to 0 by software disable RPL check.
RPL –
• Loads DS only if numerically DPL >= (CPL and RPL)
• Loading CS causes control transfer (near jump (no check ) and far jump with check)
• Load SS only if DPL=CPL=RPL
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
63. Intel Confidential
Department or Event Name 63
Intel Confidential
Department or Event Name 63
63
Call Gates
• Reside in GDT or LDT but not in IDT (8-byte/16-byte
in length).
• Specifies an entry point in a code segment with a
DPL and param count on stack switch (only 16/32-
bit).
• Has following way to get called leading to check
validity of control transfer based on CPL,RPL and DPL
(follow rules same as for DS in previous slide beside
conforming/non-conforming segments).
• This call may lead to stack switch if required.
Call Gat e Type (0CH
-32/64bit
04H-16bit)
CALL <Far pointer of Call gate >
JMP <Far Pointer of Call gate >
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
64. Intel Confidential
Department or Event Name 64
Intel Confidential
Department or Event Name 64
64
Page Level Protection
• Segment level protection are done first then page
protections are evaluated.
• Page-level protection enhance segment level
protection by providing more granularity.
• Two page-level protections are enabled by using U/S
and R/W flag in page table entries.
• Supervisor mode has access to all pages in R/W
mode while User mode has access to only user level
pages unless CR0.WP flag is not set.
• XD bit provides additional page level protection in
PAE and IA-32e mode.
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
65. 65
65
65
Task Management
What is task in x86 context?
A basic unit of work which processor can dispatch, execute and suspend.
A Task is made by execution space and TSS .
Execution Space = Code +Stack + Data segments
TSS = Above Segments Info + Task State Info + Task Linking Info
Task is identified using Segment Selector of it’s TSS.
TR (task register) loads segment selector and descriptor information once a task is
scheduled for execution while paging information is loaded in CR3 register.
66. Intel Confidential
Department or Event Name 66
Intel Confidential
Department or Event Name 66
66
TSS Selection in 32-bit mode
LTR and STR
loads and
stores TR
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
67. Intel Confidential
Department or Event Name 67
Intel Confidential
Department or Event Name 67
67
Task-State Segment (TSS) in 32-bit
mode
Dynamic Fields get updated
when a task is suspended.
Static Fields get created when
during task creation but doesn’t get
changed afterwards.
Note :The colour coding above defines dynamic
and static fields, respectively.
67H (104-1)
max limit for
TSS
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
68. Intel Confidential
Department or Event Name 68
Intel Confidential
Department or Event Name 68
68
TSS in 64-Bit Mode
Interrupt Stack
Table (IST)
Stack Pointers
at priv. levels
0-2
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3
69. Intel Confidential
Department or Event Name 69
Intel Confidential
Department or Event Name 69
69
Task Gate
• As Task descriptor exists in GDT only hence not every procedure or program can access it .
• Task fills the gap as it can exists in GDT,LDT or in IDT .
• Based on DPL of procedure and task gate , the corresponding task descriptor in GDT can
be accessed.
• More than one task gates can point to same TSS descriptor ( as shown in next slide)
• Interrupts or exception can be handled through different task specified by Task gate in IDT.
70. Intel Confidential
Department or Event Name 70
Intel Confidential
Department or Event Name 70
70
Task Gate Contd…
Reference from Intel® 64 and IA-32 Architecture Software Developer’s Manual
Vol 3