3 multi-segment model – Intel IA-32 User Manual

Vol. 3A 3-5

PROTECTED-MODE MEMORY MANAGEMENT

3.2.3

Multi-Segment Model

A multi-segment model (such as the one shown in Figure 3-4) uses the full capabilities of the
segmentation mechanism to provided hardware enforced protection of code, data structures, and
programs and tasks. Here, each program (or task) is given its own table of segment descriptors
and its own segments. The segments can be completely private to their assigned programs or
shared among programs. Access to all segments and to the execution environments of individual
programs running on the system is controlled by hardware.

Access checks can be used to protect not only against referencing an address outside the limit
of a segment, but also against performing disallowed operations in certain segments. For
example, since code segments are designated as read-only segments, hardware can be used to
prevent writes into code segments. The access rights information created for segments can also
be used to set up protection rings or levels. Protection levels can be used to protect operating-
system procedures from unauthorized access by application programs.

Figure 3-4. Multi-Segment Model

Linear Address Space

(or Physical Memory)

Segment

Registers

CS

Segment

Descriptors

Limit

Access

Base Address

SS

Limit

Access

Base Address

DS

Limit

Access

Base Address

ES

Limit

Access

Base Address

FS

Limit

Access

Base Address

GS

Limit

Access

Base Address

Limit

Access

Base Address

Limit

Access

Base Address

Limit

Access

Base Address

Limit

Access

Base Address

Stack

Code

Data

Data

Data

Data