Professional Documents
Culture Documents
MP Unit 4 Oneshot
MP Unit 4 Oneshot
Hello Friend!
These notes are not free,
The FEES of these notes is that you should pray
for me.
Please remember me in your prayers
Apni Duaon Me Mujhe bhi yaad kar lena.
: Dr. Shameem Ahmad
(Sarcastic Teacher)
Micro Processor
Unit 4
Need of Protection
• The protection was needed due to the invention of
viruses (bugs.)
• The purpose of the protection features of the 80386 is to
help detect and identify bugs.
• The 80386 supports applications that may consist of
thousands of program modules.
• In such applications, it is very critical to detect and
eliminate the bugs as quickly as possible to confine their
damage.
• To make debug applications fast and robust, the 80386
contains mechanisms to verify memory accesses and
instruction execution.
1
03-02-2024
Limit Check
• The Descriptor of the target segment has a limit field,
which gives the max size of a segment. Segment size can
vary from 1 byte to 4 GB.
• The offset address (effective offset address) which is
desired to be accessed by an instruction, must be within
this limit, only then the access is granted.
• If not, a general protection fault (INTERRUPT 13) occurs.
• For byte access(8bit), offset address must be <= limit.
• For word access(16bit), offset address must be <= (limit-1).
• double word access(32bit), offset address must be <= (Limit-3)
• The limit here will also depend on granularity bit in
segment descriptor.
2
03-02-2024
Type Check
• Whenever a selector is loaded into a segment register, the
corresponding target Descriptor is copied from the
Descriptor table and loaded into a Descriptor cache.
• The Descriptor indicates the type of segment
(code/data/stack). That is compared to the type of the
Segment Register into which the selector was being loaded
(CS/SS/DS etc).
• Access is only granted if the type matches.
• If not, a general protection fault (INTERRUPT 13) occurs.
• Eg: If a selector is loaded into CS register, then the
corresponding Descriptor must indicate that it is a code type
segment.
• Additionally, the type of access is also checked to restrict
read/write access to a segment.
• Eg: If the Descriptor indicates that a code segment is nor
readable or a data segment is readable but not writeable, then
an attempt to violate these rules will also lead to a protection
fault
3
03-02-2024
4
03-02-2024
Protection Rings
• The concept of privilege is
implemented by assigning a
value from zero to three to key
objects recognized by the
processor.
• The value zero represents the
greatest privilege, the value
three represents the least
privilege.
• Its shown as co-centric rings of
increasing radius.
• The center is for the segments
containing the most critical
software, usually the kernel of
the operating system.
• Outer rings are for the segments
of less critical software.
5
03-02-2024
Call Gates
• 80386 uses gate descriptors provide protection for
control transfer between executable segments at
different privilege levels.
• A Gate descriptor consists of the following components:
• Selector: It specifies the target code segment's selector, which
identifies the segment containing the code to be executed.
• Gate Type: It indicates the type of gate, such as Call Gate,
Task Gate, or Interrupt Gate.
• Offset: It specifies the offset within the target code segment
where the execution should continue after the transfer.
• Privilege Level: It specifies the privilege level required to
execute the code segment.
• Stack Segment and Stack Pointer: These fields specify the
stack segment and stack pointer to be loaded when the transfer
occurs.
6
03-02-2024
Gate descriptor
Working
• When a program encounters a Call Gate instruction, it
triggers a transfer of control to the specified code segment.
• Privilege Level Check: The processor checks if the privilege level
of the calling program or task is sufficient to execute the code
segment specified in the Call Gate.
• Code Segment Loading: If the privilege level is appropriate, the
processor loads the new code segment specified in the Call Gate into
the code segment register (CS).
• Stack Setup: The processor sets up the stack segment (SS) and
stack pointer (SP) values specified in the Call Gate.
• Control Transfer: Finally, the processor transfers control to the
offset specified in the Call Gate.
7
03-02-2024
I/O PROTECTION
• Two mechanisms provide protection for I/O
functions:
1. The IOPL field in the EFLAGS register defines the
right to use I/O-related instructions.
8
03-02-2024
9
03-02-2024
PYQ
• Need for protection, rules of protection check
• Protection within v86 task
• Concept of privilege level
• i/o privilege instruction
• DPL, RPL,CPL
• Call gate procedure, and change of privilege level
• Page level protection
• List Five aspect of protection
• 2 mechanism of i/o protection
• i/o bitmap
• Combining seg and page level prot
10
03-02-2024
Thank You
Like Share & Subscribe to
SarcasticTeacher
@ShameemSir
11