Part
English with a size of 7.52 KBWhy protection is needed
In multitasking or multi‑user systems, two programs might try to use the same memory at the same time, which can corrupt data or crash the system.
Protection mechanisms isolate user programs from each other and from the OS, and also help detect bugs by checking whether each memory access and instruction obeys certain safety rules.
Overview of 80386 protection
80386 has four protection levels (0–3), where 0 is most trusted (OS kernel) and 3 is least trusted (user apps).
It uses two main mechanisms: segment‑level protection and page‑level protection, and every memory access is checked against these rules before the actual memory cycle startsSegment‑level protection (idea)
Segment‑level protection has five parts:
Type checking,Limit checking, Restrict which addresses can be used, Restrict where procedures can be entered from, Restrict which instructions can be executed
These checks happen in parallel with address formation, so there is no performance loss; if a rule is broken, a protection exception occurs instead of the acces Type checking and limit checking Type field in a segment descriptor tells what kind of segment it is (code, data, system, read‑only, etc.), so hardware can block illegal uses (for example, writing into a read‑only code segment).
Limit checking ensures a program cannot access memory outside its segment; the limit is interpreted in bytes or 4 KB units depending on G bit, and crossing the limit causes a general protection exception.
Privilege levels and keys (PL, CPL, DPL, RPL, EPL)
Privilege levels form concentric rings: ring 0 (center) for OS kernel, outer rings for less critical software; many systems just use ring 0 (kernel) and ring 3 (user).
Basic terms:
PL: the protection level numbers 0–3.
CPL: current level of the running code (from CS).
DPL: level stored in a descriptor: “lowest privilege allowed to access this descriptor.”
RPL: requestor’s level stored in selector bits.
EPL: effective level = max(RPL, CPL); hardware uses this to decide access.
Page‑level protection
At page level, protection is mainly about:
Which pages are addressable (domain restriction).
Access type (user/supervisor, read/write, etc.).
Page table entries have bits like U/S (user/supervisor) to mark whether a page is for OS (U/S=0) or user (U/S=1).
User vs supervisor pages
If CPL = 0, 1 or 2, CPU is in supervisor mode and can access all pages (both U/S=0 and U/S=1).
If CPL = 3, CPU is in user mode and can only access user pages (U/S=1), so user programs cannot touch OS memory.
Combining segment and page protection
When paging is on, CPU first checks segment protection; if that passes, it then checks page protection.
If either segment or page rules are violated, the access is blocked and a protection exception is raised.
Multitasking basics
Multitasking means running multiple tasks (programs) as if at the same time, by rapidly switching the CPU between them.
For this, the CPU must be able to:
Define a “task” and its context (registers, stack, etc.).
Save the current context and load another one (context switch).
Task, context, and TSS (Task State Segment)
A task = a running program plus its execution context (register values, stacks, etc.).
Context switch = saving all registers of current task and loading registers for the next task.
80386 uses a special data structure called TSS (Task State Segment) to store one task’s context.
TSS: static vs dynamic fields
In each TSS there are two groups of fields:
Static set (CPU reads but does not change):
LDT selector for the task.
CR3/PDBR (page directory base) value.
Stack pointers and segment selectors for privilege levels 0–2.
T‑bit (debug trap), I/O map base, etc.
Dynamic set (updated on each task switch):
General registers (EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI).
Segment registers (CS, DS, ES, SS, FS, GS).
EFLAGS and EIP.
Backlink (selector of previous task’s TSS when nested).
TSS descriptor
TSS is itself stored in memory and described by a TSS descriptor kept in the GDT; TI must be 0 (cannot be in LDT).
The descriptor has base, limit, DPL, G, P bits like normal segment descriptors, plus a type field; type values distinguish available vs busy, 16‑bit vs 32‑bit TSS
Task register (TR)
Task register points to the TSS of the currently running task.
It has a visible part (selector, readable/writable via STR/LTR instructions) and a hidden part where CPU caches base and limit of the TSS descriptor for speed.
Task gate descriptor
A task gate gives an indirect, protected reference to a TSS; it lives in GDT, LDT, or IDT.
The SELECTOR field of a task gate must point to a TSS descriptor; the DPL of the gate controls which code is allowed to cause a task switch through this gate (CPL/RPL must be “high enough privilege”) When does a task switch happen?
80386 switches to another task in four main cases:
Current task executes a far JMP or far CALL directly to a TSS descriptor.
Current task executes a far JMP or far CALL to a task gate.
An interrupt or exception vectors to a task gate in the IDT.
Current task executes IRET when NT (nested task) flag is set.
In each case, hardware saves the old context into old TSS and loads the new context from the new TSS automatically.
Instructions that trigger task switch
ljmp with selector of TSS descriptor.
lcall with selector of TSS descriptor.
int n where IDT entry is a task gate.
iret when NT = 1 (to return to a previous task).
Steps in a task switch
A hardware task switch roughly does:
Check privilege rules to see if switching to the target task is allowed.
Check that new TSS descriptor is present and its limit is valid.
Save all register values of current task into its TSS (context save).
Load TR with new task’s TSS selector and load all registers from new TSS.
Resume execution at new task’s EIP.
Task linking and nesting (NT flag, backlink)
The backlink field in a TSS plus NT flag in EFLAGS allow automatic “return” from a called or interrupted task.
When one task CALLs or is interrupted into another task, CPU stores the old task’s TSS selector into the new TSS backlink and sets NT; when the new task executes IRET and NT is set, CPU switches back to the previous task using that backlink.
Task address space
Each TSS has fields LDT selector and CR3/PDBR, so every task can have its own segment and page mappings.
Tasks can be totally separate (no shared memory), partially shared, or heavily shared, depending on how the OS sets descriptors and page tables; this is a key part of 80386 protection.
If you want, the next reply can be a one‑page exam‑oriented “question‑answer” style summary just for: “protection & privilege levels” or just for “multitasking & TSS/task switching.