Unit 4 : Protection

4.1 Need Of Protection

In multitasking or multi-user operating systems, problems can happen when two or more
users try to read and change the same memory at the same time. This part of the program is
called the critical section, and it must be protected so that only one task can access it at a
time.

Another important part that needs protection is the operating system code. If a user program
has a wrong address, it might overwrite and damage important system data. This can cause
the system to lock up, and the only way to fix it is by restarting the system.

To prevent such problems in multitasking systems, special methods are used to keep the
system safe and running properly.

4.2 Rules of Protection Check

1. CPL (Current Privilege Level)
CPL is the current privilege level of a running program or task in the CPU.
It can be 0 (highest privilege - kernel) to 3 (lowest privilege - user).
It helps the CPU control access to memory and hardware to prevent unauthorized access.

2. DPL (Descriptor Privilege Level)

DPL is the privilege level assigned to a segment (like code or data).
Also ranges from 0 to 3.
A program can only access a segment if its CPL ≤ DPL, ensuring secure access control.

3. RPL (Requested Privilege Level)

RPL is stored in the segment selector when a task wants to access a segment.
It shows the requested level of access.
CPU uses max(CPL, RPL) to decide if access to a segment (with DPL) is allowed.

4. IOPL (I/O Privilege Level)

IOPL controls the ability to execute I/O instructions (like IN, OUT).
Stored in the EFLAGS register, ranges from 0 (highest) to 3 (lowest).
Only tasks with CPL ≤ IOPL can perform I/O operations directly.

5. TSS (Task State Segment)

TSS is a special data structure used in task switching.
It stores CPU register values, stack pointers, and other task-specific data.
Helps the CPU save and restore task states when switching between tasks.

6. GDT (Global Descriptor Table)

GDT is a table that stores descriptors for global segments (code, data, TSS).
Used by the CPU to understand the size, location, and access rights of memory areas.
Shared by all tasks in the system.

7. LDT (Local Descriptor Table)

LDT is similar to GDT but is specific to a particular task.
Stores descriptors for that task’s private segments.
Allows different tasks to have separate views of memory for protection and multitasking.

4.3 5 Aspects of Protection in 80386

1. Type Checking
The 80386 keeps track of what kind of data is stored in each memory segment — like code,
data, or stack. It makes sure that each segment is used correctly
If a program tries to do something wrong (like run data as code), the processor stops it. This
 helps avoid bugs and protects the system from malware or accidental misuse.

2. Limit Checking
Each memory segment in 80386 has a limit (size). When a program runs, the processor checks
whether it's trying to access memory within that limit.
If the program tries to go beyond its allowed memory, the CPU gives an error
It ensures that each program stays within its own memory boundaries.

3. Restriction of Addressable Domain

In 80386, a program can only "see" and access certain areas of memory
The processor blocks programs from accessing memory they shouldn't use.
This protects the system from crashes or security risks caused by one program interfering with
another.

4. Restriction of Procedure Entry Points

Programs often call functions or procedures. In 80386, the CPU makes sure that:
A program can only enter procedures at allowed entry points.
It cannot jump to random places inside another function.

5. Restriction of Instruction Set

Some instructions in 80386 are very powerful
These are called privileged instructions.
Only the operating system or trusted software running in a special mode (Ring 0) can use
them.
If a normal program tries to use them, the processor blocks it.

4.4 Page Level Protection Aspects

Restricting Addressable Domain :
The U/S bit (User/Supervisor bit) controls who can access a memory page.
U/S = 0, the page is meant for the operating system or system software (supervisor level).
When the CPU is working in supervisor mode, it can access all pages.
If U/S = 1, the page is meant for normal user programs.
When the CPU is in user mode, it can access only user-level pages.

Type Checking :
There are two types of page access:
Read-only (if R/W = 1)
Read and Write (if R/W = 0)
In supervisor mode, all pages can be read and written.
In user mode, the CPU checks the R/W bit:
If R/W = 1, the page can be read-only.
If R/W = 0, the page can be read and written.
Also, a program running in user mode cannot access memory meant for the supervisor (OS).

4.5 Various fields in Page Level Protection.

Page level protection in 80386 ensures that only authorized programs or users can access
certain areas of memory. It uses flag bits in the Page Directory Entries (PDEs) and Page Table
Entries (PTEs) to control this access.
 Field Full Name Role in Protection Simple Meaning
1 = Page is in memory0 = Is the page available or
P Present
Page fault occurs missing?
0 = Read-only1 = Read & Can the page be written
R/W Read/Write
write allowed to?
0 = Supervisor (kernel-only)1 Who is allowed to use this
U/S User/Supervisor
= User access allowed page?

Set to 1 when the page is Helps in tracking usage for

A Accessed
accessed (CPU sets this) optimization
Set when a write occurs to Has the page been
D Dirty (only in PTE)
the page modified?
OS can use it for custom
AVL Available to software Reserved for OS/software use
features
Page Size (only in Size of the page being
PS 0 = 4 KB page1 = 4 MB page
PDE) referred to
Global (in PTE, if Prevents TLB flush on task Keeps frequently-used
G
enabled) switch pages cached

4.6 Different levels of protection

Ring 0 (Privilege Level 0 – Most Powerful)
This is the highest privilege level.
Only Operating System kernel code runs here.
It has full access to hardware, memory, and all CPU instructions.
Can execute privileged instructions like enabling paging or handling interrupts.
Example: Windows or Linux kernel code.

Ring 1 (Privilege Level 1)

Used for device drivers or critical system services.
Less privileged than Ring 0 but more than user-level code.
It can access hardware and memory, but not as freely as Ring 0.
Rarely used in many modern OSes (often skipped).

Ring 2 (Privilege Level 2)

Used for system-level utilities that need more access than user apps.
Has access to specific memory areas but not kernel space.
Also rarely used — modern OSes usually use only Ring 0 and Ring 3.

Ring 3 (Privilege Level 3 – Least Powerful)

This is where user applications run (like Chrome, Word, games).
They have the least access and cannot directly talk to hardware.
If they want to do so, they must request help from the OS using system calls.
Prevents user programs from crashing or harming the system.
4.7 What is call gate? Explain how it is used in calling functions with higher privilege
levels.
Call Gate:
A Call Gate is a mechanism in the 80386DX microprocessor that allows a program running in a
lower privilege level (user mode) to safely call a function that runs in a higher privilege level
(kernel mode).

Privilege Levels (PL): The 80386DX processor has different privilege levels:
PL0 (Kernel mode): High privilege, can access all system resources.
PL3 (User mode): Low privilege, restricted access to system resources.

Need for Call Gate: When a program in user mode (PL3) wants to call a function in kernel
mode (PL0), it can't do so directly. This is because of security reasons. The Call Gate acts as a
safe entry point for this transition.

Functioning of Call Gate:

The Call Gate checks if the program can safely switch from user mode to kernel mode.
It then switches the privilege level from PL3 to PL0 and allows the call to the kernel function.
After the function completes, the program is returned back to user mode (PL3).

4.8 How control transfer instructions are executed using the call gate in the system
Control transfer instructions (such as CALL, RET, JMP) are used to transfer control from one
part of a program to another.

Control Transfer Process:

The program uses a control transfer instruction (like CALL).
The instruction checks the privilege level of the caller and called function.
If the called function is in a higher privilege level (like kernel mode), the Call Gate is used to
perform the transition.
 The Call Gate ensures the privilege level is switched from PL3 (user mode) to PL0 (kernel
mode) safely.
After the function in kernel mode completes, control is transferred back to user mode, and the
privilege level is switched back from PL0 to PL3.

4.9 Combining Segment Protection and Page-Level Protection

The 80386 microprocessor uses two types of memory protection: segment protection and
page-level protection, which work together to ensure memory safety and control access.
Segment Protection:
Memory is divided into segments, each with its own access rights (read, write, execute) and
privilege level (PL0 to PL3).
Segments help protect larger areas of memory, ensuring that user programs cannot access
sensitive kernel code.
Page-Level Protection:
Memory is also divided into smaller units called pages (usually 4KB).
Each page has its own access rights (read, write, execute), and protection can be applied to
individual pages, offering finer control.
Combination:
Segment protection controls large memory areas, while page-level protection gives more
detailed control over individual pages.
This combination ensures that programs in lower privilege levels (user mode) cannot access
critical system areas in higher privilege levels (kernel mode).

4.10 Privilege Instructions

CLTS (Clear Task-Switched Flag):
Clears a flag that shows if a task switch has occurred. It’s used to reset the system after a task
switch.

HLT (Halt Processor):

Stops the processor from running. It’s used to halt the system, usually for debugging.

LGDT (Load GDT Register):

Loads the address of the Global Descriptor Table (GDT) into a register.
The GDT is used to define memory segments.

LIDT (Load IDT Register):

Loads the address of the Interrupt Descriptor Table (IDT) into a register.
The IDT helps handle interrupts by pointing to the interrupt routines.

LLDT (Load LDT Register):

Loads the address of the Local Descriptor Table (LDT) into a register.
The LDT is used for memory segments specific to a task or process.

LMSW (Load Machine Status Word):

Loads the Machine Status Word (MSW) with a new value.
The MSW holds flags that control how the processor works, like task switching.

LTR (Load Task Register):

Loads the Task Register (TR) with the address of the Task State Segment (TSS).
The TR helps manage task switching in the system.

MOV to/from CRn (Move to/from Control Register n):

Moves data to or from control registers (CR0 to CR4).
These control system settings, like paging or memory protection.

MOV to/from DRn (Move to/from Debug Register n):

Moves data to or from debug registers (DR0 to DR7).
These are used for debugging and setting breakpoints.

MOV to/from TRn (Move to/from Test Register n):

Moves data to or from test registers (TR0 to TR7).
These are used for testing purposes during debugging.