03-02-2024

Hello Friend!
These notes are not free,
The FEES of these notes is that you should pray
for me.
Please remember me in your prayers
Apni Duaon Me Mujhe bhi yaad kar lena.
: Dr. Shameem Ahmad
(Sarcastic Teacher)

Micro Processor
Unit 4

Need of Protection
• The protection was needed due to the invention of
viruses (bugs.)
• The purpose of the protection features of the 80386 is to
help detect and identify bugs.
• The 80386 supports applications that may consist of
thousands of program modules.
• In such applications, it is very critical to detect and
eliminate the bugs as quickly as possible to confine their
damage.
• To make debug applications fast and robust, the 80386
contains mechanisms to verify memory accesses and
instruction execution.

1
 03-02-2024

Overview of 80386DX Protection Mechanisms

• Protection is a mechanism to prevent unauthorized
access to programs and data.
• This prevents misuse and corruption of system
programs and data.
• The protection mechanism take place in address
translation.
• There are 3 checks performed by the processor:
• Limit Check
• Type Check
• Privilege check

Limit Check
• The Descriptor of the target segment has a limit field,
which gives the max size of a segment. Segment size can
vary from 1 byte to 4 GB.
• The offset address (effective offset address) which is
desired to be accessed by an instruction, must be within
this limit, only then the access is granted.
• If not, a general protection fault (INTERRUPT 13) occurs.
• For byte access(8bit), offset address must be <= limit.
• For word access(16bit), offset address must be <= (limit-1).
• double word access(32bit), offset address must be <= (Limit-3)
• The limit here will also depend on granularity bit in
segment descriptor.

2
 03-02-2024

Type Check
• Whenever a selector is loaded into a segment register, the
corresponding target Descriptor is copied from the
Descriptor table and loaded into a Descriptor cache.
• The Descriptor indicates the type of segment
(code/data/stack). That is compared to the type of the
Segment Register into which the selector was being loaded
(CS/SS/DS etc).
• Access is only granted if the type matches.
• If not, a general protection fault (INTERRUPT 13) occurs.
• Eg: If a selector is loaded into CS register, then the
corresponding Descriptor must indicate that it is a code type
segment.
• Additionally, the type of access is also checked to restrict
read/write access to a segment.
• Eg: If the Descriptor indicates that a code segment is nor
readable or a data segment is readable but not writeable, then
an attempt to violate these rules will also lead to a protection
fault

3
 03-02-2024

Privilege Check The operation is only allowed if the

EPL< DPL
• 80386 µP provides 4 levels of protection called Privilege
Levels.
• The following Privilege Levels are checked before granting
access to data or code:
• RPL (Requestor Privilege Level): RPL is the Privilege Level of the
original supplier of the selector (program). RPL is determined by the
two LSBs of the selector
• DPL (Descriptor Privilege Level): DPL is the least Privilege Level at
which a task may access that Descriptor and thereby access the
segment associated with the Descriptor. DPL is stored at bit 5 and 6 of
the access rights byte of the Descriptor.
• CPL (Current Privilege Level): CPL is the Privilege Level at which
the task is currently executing. It is equal to the Privilege Level of the
Code Segment currently being executed. It is Stored in the two LSBs of
the Code Segment Register (Except for a Confirming Code Segment).
A user invisible register stores the value of CPL.
• EPL (Effective Privilege Level): It is the least Privilege Level
between RPL and CPL (numerically highest).
EPL = max (RPL, CPL).

Page Level Protection

• Privilege check:
• U/S =0 Supervisor level
• U/S =1 User Level
• If CPL=3 it means the uP is executing at user level
• If CPL=0,1,2 it means the uP is executing at supervisor level
• When the processor is operating at supervisor level all pages
are addressable but when its executing at user level only
pages belonging to user level are addressable.
• Type Check:
• When processor is executing at supervisor level all pages are
both readable and writeable.
• When processor is executing at user level only pages
belonging to user level are accessible as follows:
• R/W bit=0 Read only access (only readable page)
• R/W bit=1 Read/write access(readable and writeable page)

4
 03-02-2024

Protection Rings
• The concept of privilege is
implemented by assigning a
value from zero to three to key
objects recognized by the
processor.
• The value zero represents the
greatest privilege, the value
three represents the least
privilege.
• Its shown as co-centric rings of
increasing radius.
• The center is for the segments
containing the most critical
software, usually the kernel of
the operating system.
• Outer rings are for the segments
of less critical software.

Combining Page level and segment level

protection
• When paging is enabled, first segment level protection is
evaluated.
• If the everything is good then only page level protection is
evaluated.
• If the processor detects a protection violation at any stage, the
requested operation can’t proceed and an exception occurs.

5
 03-02-2024

Conforming Code Segment

• A conforming code segment allows a lower
privilege level code (e.g., user mode) to call a
higher privilege level code.
• This is useful in situations where certain privileged
operations or system services need to be accessed
by user-level programs without switching the entire
execution context to a higher privilege level.
• The conforming flag in the code segment descriptor
should be set(1) to indicate that the segment is a
conforming code segment. (i.e. the type bits will be
11X)

Call Gates
• 80386 uses gate descriptors provide protection for
control transfer between executable segments at
different privilege levels.
• A Gate descriptor consists of the following components:
• Selector: It specifies the target code segment's selector, which
identifies the segment containing the code to be executed.
• Gate Type: It indicates the type of gate, such as Call Gate,
Task Gate, or Interrupt Gate.
• Offset: It specifies the offset within the target code segment
where the execution should continue after the transfer.
• Privilege Level: It specifies the privilege level required to
execute the code segment.
• Stack Segment and Stack Pointer: These fields specify the
stack segment and stack pointer to be loaded when the transfer
occurs.

6
 03-02-2024

Gate descriptor

Working
• When a program encounters a Call Gate instruction, it
triggers a transfer of control to the specified code segment.
• Privilege Level Check: The processor checks if the privilege level
of the calling program or task is sufficient to execute the code
segment specified in the Call Gate.
• Code Segment Loading: If the privilege level is appropriate, the
processor loads the new code segment specified in the Call Gate into
the code segment register (CS).
• Stack Setup: The processor sets up the stack segment (SS) and
stack pointer (SP) values specified in the Call Gate.
• Control Transfer: Finally, the processor transfers control to the
offset specified in the Call Gate.

7
 03-02-2024

I/O PROTECTION
• Two mechanisms provide protection for I/O
functions:
1. The IOPL field in the EFLAGS register defines the
right to use I/O-related instructions.

2. The I/O permission bit map of an 80386 TSS segment

defines the right to use ports in the I/O address space.

IO Privilege Level Bits

• The IOPL bits in flag register defines the privilege level needed to
execute I/O-related instructions.
• There are six instructions that instructions can be executed only if CPL
< IOPL:
• IN: Input
• INS: Input String
• OUT: Output
• OUTS: Output String
• CLI: Clear Interrupt-Enable Flag
• STI: Set Interrupt-Enable
These are called sensitive instructions, because they are sensitive to IOPL.
• Any attempt by a less privileged procedure to use a sensitive
instruction results in a general protection exception.
• A task can change IOPL only with the POPF instruction; however, the
procedure executing at PL0 only can change the IOPL bits.
• An attempt by a less privileged procedure to alter IOPL does not result
in an exception; IOPL simply remains unaltered.

8
 03-02-2024

I/O Permission Bit Map

• The 80386 has the ability to selectively trap I/O space
references to specific I/O addresses.
• The structure that enables selective trapping is the I/O
Permission Bit Map in the TSS segment.
• The I/O permission map is a bit vector with variable size
and location.
• The processor locates the I/O permission map by means of
the I/O map base field (16bit offset) in the fixed portion of
the TSS.
• The I/O Permission Bitmap can be viewed as a 0-64 Kbit
bit string, which begins in memory at offset “I/O Map
base” in the current TSS and ends with TSS.
• Because the I/O permission map is in the TSS segment,
different tasks can have different maps.

• In protected mode, when it encounters an I/O instruction

(1IN, INS, OUT, or OUTS), the processor checks if
• The CPL < IOPL, the I/O operation may proceed.
• If CPL > IOPL, the processor checks the I/O permission map.
• Each bit in the I/O Permission Bitmap corresponds to a
single byte-wide I/O port. If a bit is 0, I/O to the
corresponding byte wide port can occur without error.
• For example, the bit for port 4l is found at I/O map base
+5, bit offset 1.
• The processor tests all the bits that correspond to the I/O
addresses spanned by an I/O operation
It is not necessary for the I/O permission
map to represent all the I/O addresses.
I/O addresses not spanned by the map.
For example, if TSS limit is equal to I/O
map base +31, the first 256 I/O ports are
mapped; I/O operations on any port
greater than 255 cause an exception.

9
 03-02-2024

Five aspects of protection

1. Limit check
2. Type check
3. Privilege check
4. Level check (user/supervisor)
5. Page type check (read only /readable and
writeable)

PYQ
• Need for protection, rules of protection check
• Protection within v86 task
• Concept of privilege level
• i/o privilege instruction
• DPL, RPL,CPL
• Call gate procedure, and change of privilege level
• Page level protection
• List Five aspect of protection
• 2 mechanism of i/o protection
• i/o bitmap
• Combining seg and page level prot

10
 03-02-2024

Thank You
Like Share & Subscribe to
SarcasticTeacher
@ShameemSir

11