background image

Vol. 3A 5-29

PROTECTION

5.11.5 

Overrides to Page Protection

The following types of memory accesses are checked as if they are privilege-level 0 accesses, regardless of the CPL 
at which the processor is currently operating:

Access to segment descriptors in the GDT, LDT, or IDT.

Access to an inner-privilege-level stack during an inter-privilege-level call or a call to in exception or interrupt 
handler, when a change of privilege level occurs.

5.12 

COMBINING PAGE AND SEGMENT PROTECTION

When paging is enabled, the processor evaluates segment protection first, then evaluates page protection. If the 
processor detects a protection violation at either the segment level or the page level, the memory access is not 
carried out and an exception is generated. If an exception is generated by segmentation, no paging exception is 
generated.
Page-level protections cannot be used to override segment-level protection. For example, a code segment is by 
definition not writable. If a code segment is paged, setting the R/W flag for the pages to read-write does not make 
the pages writable. Attempts to write into the pages will be blocked by segment-level protection checks.
Page-level protection can be used to enhance segment-level protection. For example, if a large read-write data 
segment is paged, the page-protection mechanism can be used to write-protect individual pages.

Table 5-3.  Combined Page-Directory and Page-Table Protection

Page-Directory Entry

Page-Table Entry

Combined Effect

Privilege

Access Type

Privilege

Access Type 

Privilege 

Access Type

User Read-Only 

User

Read-Only 

User Read-Only

User

Read-Only User 

Read-Write

User

Read-Only

User

Read-Write

User

Read-Only

User

Read-Only 

User

Read-Write

User

Read-Write

User

Read/Write

User

Read-Only

Supervisor

Read-Only

Supervisor

Read/Write*

User

Read-Only

Supervisor

Read-Write

Supervisor

Read/Write*

User

Read-Write

Supervisor

Read-Only Supervisor

Read/Write*

User Read-Write

Supervisor

Read-Write

Supervisor 

Read/Write

Supervisor

Read-Only

User

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Only

User

Read-Write

Supervisor

Read/Write*

Supervisor

Read-Write

User

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Write

User

Read-Write

Supervisor

Read/Write

Supervisor

Read-Only

Supervisor

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Only

Supervisor

Read-Write

Supervisor

Read/Write*

Supervisor

Read-Write

Supervisor

Read-Only

Supervisor

Read/Write*

Supervisor

Read-Write

Supervisor

Read-Write

Supervisor

Read/Write

NOTE:

* If CR0.WP = 1, access type is determined by the R/W flags of the page-directory and page-table entries. IF CR0.WP = 0, supervisor 

privilege permits read-write access.