Title: Pentium Protection Rings
1Pentium Protection Rings
- COP6614 Operating Systems Techniques
- Instructor Prof. E. Montagne
- Department of Computer Science
- University of Central Florida
- Fall 2005
- Presented By - Poonam Hajgude
2Overview
- Why Protection is necessary?
- Pentium Architecture
- Protection Types
- - Segment level protection
- - Page level protection
- - Combination of segment and page level
protection - Conclusion
-
3 Why Protection?
- For controlling the access of programs,
processes, or users to the resources defined by
the computer system. - To guarantee reliable multitasking.
- To guarantee total user separation.
- To maintain system stability, reliability.
- In end user systems, guarding against the
possibility of software failures caused by
undetected program bugs.
4Protection Types
- Segment Level Protection
- Page Level Protection
- Combination Of Segment and Page Level Protection
5Pentium Architecture Segmentation
- A mechanism which enables to divide the linear
address space into smaller protected address
spaces called segments. - Protection mechanism uses a data structure called
Segment Descriptor which resides in the tables
in main memory. - In Intel, six segment registers
(CS,SS,DS,ES,FS,GS) hold pointers to segment
descriptor. - A segment can be accessed if the segment register
is loaded with a pointer (selector) to that
segment descriptor.
6The Execution Environment
Segment Descriptor (SD)
Code Segment (CS)
Stack Segment (SS)
SD
SD
Data Segment (DS)
ES
Memory
SD
GS
SD
FS
SD
7Segment Selector
8Segment Descriptor
9Types Of Segmentation Model
- Flat Segmentation Model
- Does not partition the linear address space.
- Segment size size of linear address space (4
GB)
10Types Of Segmentation Model Cont..
- 2) Multi- Segment Model
- Partitions the linear address space into
different segment sizes.
11Segment Level Protection
- Each memory reference is checked to verify that
it satisfies the protection checks which are
performed in parallel with address translation. - There are five protection checks
- Type check
- Limit check
- Restriction of address domain
- Restriction of procedure entry points
- Restriction of instruction set
- Each segment has privilege level.
- Any application attempt to access a more
privileged segment will result in a
general-protection exception.
12 Type Checking
- Writable bit in Data segment register controls
whether to write a program to the segment. - Readable bit of executable segment specifies
whether a program can read from the segment.
13 Limit Checking
- Limit field of segment descriptor prevents
program from addressing outside the segment. - Attempt to access memory outside the segment
causes the general protection error.
14 Restriction of Addressable Domain(Protection
Rings)
- Processor defines 4 privilege levels (0-3)
- Greater number means less privilege.
- If a program existing in lesser privilege level
attempts to access a segment in more privilege
level, then general protection exception is
generated
15Terms
- DPL (Descriptor Privilege Level)
- - Segment privilege level is stored in the DPL
field of segment descriptor. - CPL (Current Privilege Level)
- - The privilege level of current program in
execution. - - Lowest two bits of CS holds the value of
CPL. - RPL (Requestor privilege Level)
- - The privilege level of procedure which created
the selector - Privilege levels are checked when the selector of
a descriptor is loaded into a segment
register.
16 Restricting Access to Data
- To Address operands in memory, a segment selector
for a data segment must be loaded into a data
segment register. - Instruction may load segment register if
- DPL is same or less privileged level then
CPL and the selectors RPL. - As CPL changes addressable domain task varies.
- - If CPL 0, data segment at all privilege
levels are accessible. - - If CPL3, only data segments at privilege
level 3 are accessible.
17Protecting Data Segments Example
18Restricting Control Transfers
- Control transfers are provided by Jmp and Call
instructions. - Near forms of Jmp and Call transfers program
control within the current code segment
therefore subject to limit checking. - Far forms of Jmp and Call transfers program
control to other segments so processor performs
privilege checking and operand selects a call
gate descriptor.
19Privilege check for Control transfers Without
Gate
- Control can only be transferred to other
segments of the same privilege segment if - The DPL of the segment is equal to the CPL.
- (If segment is a conforming code segment, its DPL
is more privileged than the CPL.)
20Protecting Code Segment Example(Near Transfer)
CALL C PROC
CALL C PROC
21Call Gates (Restriction of Procedure Entry Points)
- Used to transfer control among executable
segments at different privilege levels. - Two main functions
- To define an entry point of a procedure.
- To specify the privilege level required to enter
a procedure.
22Call Gate Privilege Check
Both of the following privilege rules must be
satisfied otherwise, a general-protection
exception is generated. MAX (CPL,RPL) gate
DPL Destination code segment DPL CPL
23Using Call-Gates Example MAX(CPL,RPL) gate
DPL Destination code segment DPL CPL
CALL ltCG-Agt
CALL ltCG-Bgt
CALL ltCG-Bgt
CALL ltCG-Bgt
24Interrupt Descriptor Table
25Using IDT Gates
- The processor compares the CPL with the DPL of
the IDT Gate. - Perform the switch only if the DPL is equal or
higher (less privileged) than the CPL and
destination code segments DPL is less than or
equal to CPL. -
- MAX (CPL,RPL) gate DPL
- Destination code segment DPL CPL
26Stack Switching
- A procedure call to a more privileged level does
the following - 1. Changes the CPL.
- 2. Transfers control (execution).
- 3. Switches stacks.
- All inner protection rings have their own stacks
for receiving calls from less privileged levels.
27Stack Switching Contd.
- Stack operations always performed on the stack
segment pointed by SS register - When calling a procedure at higher privileged
segment, it is important that it will not use the
same stack as the less privileged code. - For each process, the operating system is
responsible to create four stack segments (at
each privilege level)
Process CPL3
28Stack Switching Cont..
- The processor copies the procedure parameters to
the stack whos DPL equals the new CPL - Also stores the old SS and ESP values in new
stack - Then and changes SS to point to the new stack
29Restriction of Instruction
- Privileged Instructions
- - Used for system control
- - Executed only when CPL0 at ring 0
- If CPLltgt0 and instruction is executed,
general protection exception is generated. - Sensitive Instructions
- - Used for I/O related activities.
- - Used by procedures executing at privilege
levels 1,2,3.
30Paging
- Linear address space is divided into pages which
resides in physical memory or swap area. Paging
translates linear address into physical address. - 2 level paging architecture.
- 4K page directory consisting of 32 bit page
directory entries (PDEs) - Page tables consist of 32-bit page-table entries
- (PTEs)
31Page Level Protection
- Two page level protection checks are
- Restriction of addressable Domain
- Two levels of privilege
- Superior Level (U/S0) -gt CPL0,1,2
- User Level (U/S1) -gt CPL3
- 2. Type Checking
- Read only access (R/W0)
- Read Write access (R/W1)
-
32Combining Page Segment Protection
- When paging is enabled, processor first evaluates
segment protection and then page protection. - Possible to define a large flat memory space
- consisting of 1 segment with some portions
- that are read-only and other portions that are
- read-write.
33Conclusion
- Protection mechanism defines four privilege
levels and a set of rules for accessing data and
code segments - Code running at a high privilege level (CPL0)
can access all data and code segments - Code running at a low privilege level (CPL3)
must use call-gates to call procedures at
higher-privilege segments.
34References
- The Intel Architecture Software Developers
Manual Vol. 3 -Chapter 12 - The Intel Architecture Software Developers
Manual Vol. 3 - Chapter 3, 9,10,11,13.
- The Intel Architecture Software Developers
Manual Vol. 1 -Chapter 1 - Barry Bery, The Intel Microprocessors
Architecture, Programming and Interfacing,
Fourth Edition - www.ee.technion.ac.il/matrics/Presentations/pentiu
m1
35Thank You.Questions??