Protected Mode

The term protected mode (English, German: protected mode or protected mode ), referred to a special operating mode of the IA- 32 architecture (also known as x86 ) Intel, which has been present since the 80286 processor. It allows the limitation of memory access rights for different software, also rose with him directly accessible memory to 16 MB main memory ( 16- bit protected mode ). With the 80386 and the 32- bit protected mode, the linear access up to 4 GB of memory was possible. The protected mode is supported by all modern PC operating systems ( Microsoft optional since Windows 2.0, mandatory since Windows 3.1 and Windows NT 3.1, IBM since OS / 2, Apple since switching to the Intel platform, so with OSX 10.4. 4).

Backgrounds and ideas

Originally there was only the Real Mode on the 8086 architecture, 32 -bit processors in the start mode is still in current x86 for compatibility so that older operating systems such as DOS can run. In this mode, there was no memory protection mechanisms or policies, operating system, and each individual program could access at any time both reading as writing to any memory address. This means the unrealistic requirement of complete freedom from errors in software, there already (eg the operating system) can lead to data loss or instability of the whole system, a single faulty access to an address other software.

To mitigate this situation, mechanisms were introduced, with which to set fine-grained permissions of programs on different storage areas and are up for grabs, so to produce memory protection between different software.

Concept and characteristics

For compatibility, Intel decided to virtual memory management method because here every program continues to be a complete address space can be fooled as in real mode by the MMU. Each program runs in its own space, protected from other software copy of the physical address space. Operating system areas (typically in the upper part of the address space from 2 to 4 GiB ) can be equipped with a higher power level (English " privilege level" ). This also enables the distinction between kernel mode and user mode, which is implemented in modern operating systems.

In protected mode, the CPU supports both segmentation (from 286 ) and paging (from 386 ) and the eponymous memory protection with four different levels of protection at the segment level and two levels of protection on page level. The four different existing in x86 protected mode and designated as rings protection levels or power levels (English " privilege level ") for the code segments that run on different rights. This will prevent erroneous or malicious applications override the operating system and thus alter or may crash, or you can spy on data from other programs, which on the 8086 processor still readily was possible and could not be prevented. A processor switches to protected mode by the Protection Enable ( PE) bit in control register 0 ( CR0 ) is set. Furthermore, there is in protected mode for the Intel 80386 a special mode, the Virtual 8086 Mode ( Virtual Real Mode), which was built to run real-mode programs in protected mode.

16- bit protected mode

In 286 the so-called " 16- bit protected mode " has been introduced. At most 16 MB of physical memory on two tables could be targeted with 8192 segments, each with up to 64 KB. This provides a theoretical memory space of 1 GB. Access to these segments of so-called segment descriptor tables, which are created and managed by the operating system. It is possible to address more virtual addresses than there is physical memory. A virtual memory management, individual segments can be outsourced, for example, on disk and are then marked in the descriptor as " not available". When a read or write access to such a segment occurs, the processor triggers a " segment not present" exception, which is caught by the operating system to load the requested segment again and continue the program.

The 16 -bit protected mode was, among other Digital Research Concurrent DOS 286 (1985 ), FlexOS 286 ( 1986/1987 ), IBM 4680 OS (1986 ), OS / 2 1.x (1987) and MS Windows 3 x is used ( the so-called " standard mode").

Segment selectors

In real mode, the segment registers directly contain the starting address of the memory segment ( more precisely, the top 16 bits of the 20-bit real mode memory address ). In protected mode, however, the segment registers contain a reference to one of the two descriptor tables, in which the properties of the memory segments are recorded.

It supports two descriptor tables: the local descriptor table (LDT ) and the global descriptor table (GDT ). Bit 2 (TI = table indicator) to determine on which of the two tables, the index ( in bits 3 ... 15) refers. Each of the two tables can accommodate up to 8192 entries, the first entry is reserved (with index 0 ) of the GDT as Nullselektor and may refer to any memory area.

Descriptor

The properties of a memory segment that is stored in the Diskriptortabellen include:

• The segment length (segment limit - 1 byte to 64 KiB)
• The starting address ( base address - at exactly 1 byte )
• Segment type (type and S: S = 0 means system segment, S = 1 means user segment)
• Descriptor Privilege level ( dpl, where the value 0 means the stage with the highest privileges, 3 the level with the lowest rights)
• Present - Only segments, the P bit is set in the descriptor to 1, are present in physical memory. This can lead to swapping memory segments ( " swapping" ) are used, since access to segments with P bit = 0, the processor generates an exception that can be caught by the operating system.

32- bit protected mode

With the 386 Protected Mode on 32-bit has been extended, and previously unused fields in the descriptor tables allow you to access up to 4 GB of physical memory, in 8192 segments can address each with up to 4 GB. The following enhancements were made:

• Segment Limit - It was expanded to 20 bits, so that a segment of up to 1 MiB may be large. To support larger segments without making the length field even greater, an additional " Granularitätsbit '(G) has been introduced. If this bit is set, the segment length is no longer interpreted in bytes, but in 4- KiB blocks. This segment sizes are available up to 4 GiB.
• Start address - has been extended to 32 bits, so that the start address can map the entire physical address space
• Operand size - This bit specifies whether a code segment 16 - or 32 -bit code contains, or whether a stack segment over the 16 -bit stack pointer SP or the 32 -bit stack pointer ESP to be addressed.

These extensions dominated the 386 (and any successor processors) even in 16- bit protected mode so that 16 -bit programs that use the 32 -bit instruction set extensions, additional memory can also appeal.

There are also from the 386 the ability to activate side management (paging), which is connected downstream of the segmentation.

64 -bit mode

With the introduction of the AMD64 architecture in K8 processor from AMD, which later also by Intel under the name EM64T (later IA 32e, now Intel 64) was adopted, a new mode of operation in x86 processors has been introduced, which date from the Protected Mode is fundamentally different. In this mode, there is de facto no more segmentation ( with one exception, discussed further in the text ). The base address of the segments is fixed to 0. The descriptor for the code segment is only used to determine the sub-mode ( 64-bit " long mode " or 32-bit "Compatibility Mode", which is used in the execution of 32 -bit programs on a 64- bit operating system ), the "Default operation Size" and the privilege level (English " privilege level" ) of the running in this segment codes used. Only the segment registers FS and GS can get a 64 -bit segment base address of ring 0 by way of special machine instructions directly ( without accessing segment descriptors ).

For system segments the format of the segment descriptors has been extended so that they contain 64 bit base addresses and offsets. These descriptors show so effectively two entries in the descriptor tables.

Paging and memory paging

Most modern operating systems for x86 machines, such as Windows, Linux or Mac OS X, work in protected mode. It is now only used to implement the paging of memory protection, in essence, while the segmentation is no longer used. With this mechanism, each process has its own, be provided by the other processes separate virtual address space in an operating system. At the same time can thereby also the memory sharing between processes, copy- on-write mechanisms or memory paging, as well as a clear separation in kernel and user address space realize ( Memory Protection of the kernel against errors of application programs ). This flat memory model is not secure against buffer overflows.