Intel x86 processor memory protection summary knowledge points

Once the processor memory protection mechanism is enabled, the processor performs a protective check on each memory access to ensure that all accesses satisfy the protection policy. Protection checking and address translation are performed in parallel.
Protection checks include segment-level checks and page-level checks. The checking sequence is segment first and then page. The checking basis is segment descriptor, page directory and page table. The basis for checking is the privilege level.
A privilege level is a privilege number defined by Intel to implement protection.
Segment level checks include segment boundary checks, segment type checks, privilege level checks, long pointer checks, etc. The principles of segment-level inspection are:
  1. Low-privilege code cannot access high-privilege data
  2. High-privilege code can access low-privilege data
  3. Code can only use the same stack as its privilege level, and when the privilege level switches, the stack switches with it.
  4. Control can only be transferred to incompatible code segments with the same privilege level (long JMP and long CALL)
  5. Control can be transferred to compatible code segments of equal or higher privilege level, but not to compatible code segments of lower privilege level (long JMP and long CALL).
  6. Even call gates, interrupt gates, and trap gates cannot transfer control from a high privilege level to a low privilege level.
  7. Transfer of control to a higher privilege level using a long RET is not allowed.
Page-level checks include privilege-level checks and read-write checks. The relevant flags are the U/S and R/W bits in the page directory/page table entry. A page with U/S bit 0 is a super page, and a 1 is a user page. In general, the code in the super page can access all pages (regardless of the R/W flag), and the code in the user page can only access the user page.When CR0.WP is set to 1, code in the superpage also cannot write to read-only user pages.
A page with an NXB of 1 can only be used as a data page, and an instruction that attempts to execute a data page will cause a processor exception.
zh_CNZH-CN