Pentium Protection Rings - PowerPoint PPT Presentation

About This Presentation
Title:

Pentium Protection Rings

Description:

Call Gates (Restriction of Procedure Entry Points) ... Call Gate Privilege Check ... Executed only when CPL=0 at ring 0 ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 36
Provided by: poo9
Learn more at: http://www.cs.ucf.edu
Category:

less

Transcript and Presenter's Notes

Title: Pentium Protection Rings


1
Pentium Protection Rings
  • COP6614 Operating Systems Techniques
  • Instructor Prof. E. Montagne
  • Department of Computer Science
  • University of Central Florida
  • Fall 2005
  • Presented By - Poonam Hajgude

2
Overview
  • Why Protection is necessary?
  • Pentium Architecture
  • Protection Types
  • - Segment level protection
  • - Page level protection
  • - Combination of segment and page level
    protection
  • Conclusion

3
Why Protection?
  • For controlling the access of programs,
    processes, or users to the resources defined by
    the computer system.
  • To guarantee reliable multitasking.
  • To guarantee total user separation.
  • To maintain system stability, reliability.
  • In end user systems, guarding against the
    possibility of software failures caused by
    undetected program bugs.

4
Protection Types
  • Segment Level Protection
  • Page Level Protection
  • Combination Of Segment and Page Level Protection

5
Pentium Architecture Segmentation
  • A mechanism which enables to divide the linear
    address space into smaller protected address
    spaces called segments.
  • Protection mechanism uses a data structure called
    Segment Descriptor which resides in the tables
    in main memory.
  • In Intel, six segment registers
    (CS,SS,DS,ES,FS,GS) hold pointers to segment
    descriptor.
  • A segment can be accessed if the segment register
    is loaded with a pointer (selector) to that
    segment descriptor.

6
The Execution Environment
Segment Descriptor (SD)
Code Segment (CS)
Stack Segment (SS)
SD
SD
Data Segment (DS)
ES
Memory
SD
GS
SD
FS
SD
7
Segment Selector
8
Segment Descriptor
9
Types Of Segmentation Model
  • Flat Segmentation Model
  • Does not partition the linear address space.
  • Segment size size of linear address space (4
    GB)

10
Types Of Segmentation Model Cont..
  • 2) Multi- Segment Model
  • Partitions the linear address space into
    different segment sizes.

11
Segment Level Protection
  • Each memory reference is checked to verify that
    it satisfies the protection checks which are
    performed in parallel with address translation.
  • There are five protection checks
  • Type check
  • Limit check
  • Restriction of address domain
  • Restriction of procedure entry points
  • Restriction of instruction set
  • Each segment has privilege level.
  • Any application attempt to access a more
    privileged segment will result in a
    general-protection exception.

12
Type Checking
  • Writable bit in Data segment register controls
    whether to write a program to the segment.
  • Readable bit of executable segment specifies
    whether a program can read from the segment.

13
Limit Checking
  • Limit field of segment descriptor prevents
    program from addressing outside the segment.
  • Attempt to access memory outside the segment
    causes the general protection error.

14
Restriction of Addressable Domain(Protection
Rings)
  • Processor defines 4 privilege levels (0-3)
  • Greater number means less privilege.
  • If a program existing in lesser privilege level
    attempts to access a segment in more privilege
    level, then general protection exception is
    generated

15
Terms
  • DPL (Descriptor Privilege Level)
  • - Segment privilege level is stored in the DPL
    field of segment descriptor.
  • CPL (Current Privilege Level)
  • - The privilege level of current program in
    execution.
  • - Lowest two bits of CS holds the value of
    CPL.
  • RPL (Requestor privilege Level)
  • - The privilege level of procedure which created
    the selector
  • Privilege levels are checked when the selector of
    a descriptor is loaded into a segment
    register.

16
Restricting Access to Data
  • To Address operands in memory, a segment selector
    for a data segment must be loaded into a data
    segment register.
  • Instruction may load segment register if
  • DPL is same or less privileged level then
    CPL and the selectors RPL.
  • As CPL changes addressable domain task varies.
  • - If CPL 0, data segment at all privilege
    levels are accessible.
  • - If CPL3, only data segments at privilege
    level 3 are accessible.

17
Protecting Data Segments Example
18
Restricting Control Transfers
  • Control transfers are provided by Jmp and Call
    instructions.
  • Near forms of Jmp and Call transfers program
    control within the current code segment
    therefore subject to limit checking.
  • Far forms of Jmp and Call transfers program
    control to other segments so processor performs
    privilege checking and operand selects a call
    gate descriptor.

19
Privilege check for Control transfers Without
Gate
  • Control can only be transferred to other
    segments of the same privilege segment if
  • The DPL of the segment is equal to the CPL.
  • (If segment is a conforming code segment, its DPL
    is more privileged than the CPL.)

20
Protecting Code Segment Example(Near Transfer)
CALL C PROC
CALL C PROC
21
Call Gates (Restriction of Procedure Entry Points)
  • Used to transfer control among executable
    segments at different privilege levels.
  • Two main functions
  • To define an entry point of a procedure.
  • To specify the privilege level required to enter
    a procedure.

22
Call Gate Privilege Check
Both of the following privilege rules must be
satisfied otherwise, a general-protection
exception is generated. MAX (CPL,RPL) gate
DPL Destination code segment DPL CPL
23
Using Call-Gates Example MAX(CPL,RPL) gate
DPL Destination code segment DPL CPL
CALL ltCG-Agt
CALL ltCG-Bgt
CALL ltCG-Bgt
CALL ltCG-Bgt
24
Interrupt Descriptor Table
25
Using IDT Gates
  • The processor compares the CPL with the DPL of
    the IDT Gate.
  • Perform the switch only if the DPL is equal or
    higher (less privileged) than the CPL and
    destination code segments DPL is less than or
    equal to CPL.
  • MAX (CPL,RPL) gate DPL
  • Destination code segment DPL CPL

26
Stack Switching
  • A procedure call to a more privileged level does
    the following
  • 1. Changes the CPL.
  • 2. Transfers control (execution).
  • 3. Switches stacks.
  • All inner protection rings have their own stacks
    for receiving calls from less privileged levels.

27
Stack Switching Contd.
  • Stack operations always performed on the stack
    segment pointed by SS register
  • When calling a procedure at higher privileged
    segment, it is important that it will not use the
    same stack as the less privileged code.
  • For each process, the operating system is
    responsible to create four stack segments (at
    each privilege level)

Process CPL3
28
Stack Switching Cont..
  • The processor copies the procedure parameters to
    the stack whos DPL equals the new CPL
  • Also stores the old SS and ESP values in new
    stack
  • Then and changes SS to point to the new stack

29
Restriction of Instruction
  • Privileged Instructions
  • - Used for system control
  • - Executed only when CPL0 at ring 0
  • If CPLltgt0 and instruction is executed,
    general protection exception is generated.
  • Sensitive Instructions
  • - Used for I/O related activities.
  • - Used by procedures executing at privilege
    levels 1,2,3.

30
Paging
  • Linear address space is divided into pages which
    resides in physical memory or swap area. Paging
    translates linear address into physical address.
  • 2 level paging architecture.
  • 4K page directory consisting of 32 bit page
    directory entries (PDEs)
  • Page tables consist of 32-bit page-table entries
  • (PTEs)

31
Page Level Protection
  • Two page level protection checks are
  • Restriction of addressable Domain
  • Two levels of privilege
  • Superior Level (U/S0) -gt CPL0,1,2
  • User Level (U/S1) -gt CPL3
  • 2. Type Checking
  • Read only access (R/W0)
  • Read Write access (R/W1)

32
Combining Page Segment Protection
  • When paging is enabled, processor first evaluates
    segment protection and then page protection.
  • Possible to define a large flat memory space
  • consisting of 1 segment with some portions
  • that are read-only and other portions that are
  • read-write.

33
Conclusion
  • Protection mechanism defines four privilege
    levels and a set of rules for accessing data and
    code segments
  • Code running at a high privilege level (CPL0)
    can access all data and code segments
  • Code running at a low privilege level (CPL3)
    must use call-gates to call procedures at
    higher-privilege segments.

34
References
  • The Intel Architecture Software Developers
    Manual Vol. 3 -Chapter 12
  • The Intel Architecture Software Developers
    Manual Vol. 3
  • Chapter 3, 9,10,11,13.
  • The Intel Architecture Software Developers
    Manual Vol. 1 -Chapter 1
  • Barry Bery, The Intel Microprocessors
    Architecture, Programming and Interfacing,
    Fourth Edition
  • www.ee.technion.ac.il/matrics/Presentations/pentiu
    m1

35
Thank You.Questions??
Write a Comment
User Comments (0)
About PowerShow.com