Intel 64 and IA-32 Architectures Software Developers Manual Volume 3A, System Programming Guide, Part 1

ManualsBrandsIntel ManualsOtherIntel Pentium 4 Processor 2.80 GHz, 512K Cache, 533 MHz FSB

171

172

173

174

175

176

177

178

179

180

Vol. 3A 4-41

PROTECTION

When the processor is in supervisor mode and the WP flag in register CR0 is clear (its

state following reset initialization), all pages are both readable and writable (write-

protection is ignored). When the processor is in user mode, it can write only to user-

mode pages that are read/write accessible. User-mode pages which are read/write or

read-only are readable; supervisor-mode pages are neither readable nor writable

from user mode. A page-fault exception is generated on any attempt to violate the

protection rules.

Starting with the P6 family, Intel processors allow user-mode pages to be write-

protected against supervisor-mode access. Setting CR0.WP = 1 enables supervisor-

mode sensitivity to user-mode, write protected pages. Supervisor pages which are

read-only are not writable from any privilege level (if CR0.WP = 0). This supervisor

write-protect feature is useful for implementing a “copy-on-write” strategy used by

some operating systems, such as UNIX*, for task creation (also called forking or

spawning). When a new task is created, it is possible to copy the entire address space

of the parent task. This gives the child task a complete, duplicate set of the parent's

segments and pages. An alternative copy-on-write strategy saves memory space and

time by mapping the child's segments and pages to the same segments and pages

used by the parent task. A private copy of a page gets created only when one of the

tasks writes to the page. By using the WP flag and marking the shared pages as read-

only, the supervisor can detect an attempt to write to a user-level page, and can copy

the page at that time.

4.11.4 Combining Protection of Both Levels of Page Tables

For any one page, the protection attributes of its page-directory entry (first-level

page table) may differ from those of its page-table entry (second-level page table).

The processor checks the protection for a page in both its page-directory and the

page-table entries. Table 4-3 shows the protection provided by the possible combina-

tions of protection attributes when the WP flag is clear.

4.11.5 Overrides to Page Protection

The following types of memory accesses are checked as if they are privilege-level 0

accesses, regardless of the CPL at which the processor is currently operating:

• Access to segment descriptors in the GDT, LDT, or IDT.

• Access to an inner-privilege-level stack during an inter-privilege-level call or a

call to in exception or interrupt handler, when a change of privilege level occurs.

4.12 COMBINING PAGE AND SEGMENT PROTECTION

When paging is enabled, the processor evaluates segment protection first, then eval-

uates page protection. If the processor detects a protection violation at either the

segment level or the page level, the memory access is not carried out and an excep-

tion is generated. If an exception is generated by segmentation, no paging exception

is generated.