Vol. 3A 5-29
PROTECTION
5.11.5
Overrides to Page Protection
The following types of memory accesses are checked as if they are privilege-level 0 accesses, regardless of the CPL
at which the processor is currently operating:
•
Access to segment descriptors in the GDT, LDT, or IDT.
•
Access to an inner-privilege-level stack during an inter-privilege-level call or a call to in exception or interrupt
handler, when a change of privilege level occurs.
5.12
COMBINING PAGE AND SEGMENT PROTECTION
When paging is enabled, the processor evaluates segment protection first, then evaluates page protection. If the
processor detects a protection violation at either the segment level or the page level, the memory access is not
carried out and an exception is generated. If an exception is generated by segmentation, no paging exception is
generated.
Page-level protections cannot be used to override segment-level protection. For example, a code segment is by
definition not writable. If a code segment is paged, setting the R/W flag for the pages to read-write does not make
the pages writable. Attempts to write into the pages will be blocked by segment-level protection checks.
Page-level protection can be used to enhance segment-level protection. For example, if a large read-write data
segment is paged, the page-protection mechanism can be used to write-protect individual pages.
Table 5-3. Combined Page-Directory and Page-Table Protection
Page-Directory Entry
Page-Table Entry
Combined Effect
Privilege
Access Type
Privilege
Access Type
Privilege
Access Type
User Read-Only
User
Read-Only
User Read-Only
User
Read-Only User
Read-Write
User
Read-Only
User
Read-Write
User
Read-Only
User
Read-Only
User
Read-Write
User
Read-Write
User
Read/Write
User
Read-Only
Supervisor
Read-Only
Supervisor
Read/Write*
User
Read-Only
Supervisor
Read-Write
Supervisor
Read/Write*
User
Read-Write
Supervisor
Read-Only Supervisor
Read/Write*
User Read-Write
Supervisor
Read-Write
Supervisor
Read/Write
Supervisor
Read-Only
User
Read-Only
Supervisor
Read/Write*
Supervisor
Read-Only
User
Read-Write
Supervisor
Read/Write*
Supervisor
Read-Write
User
Read-Only
Supervisor
Read/Write*
Supervisor
Read-Write
User
Read-Write
Supervisor
Read/Write
Supervisor
Read-Only
Supervisor
Read-Only
Supervisor
Read/Write*
Supervisor
Read-Only
Supervisor
Read-Write
Supervisor
Read/Write*
Supervisor
Read-Write
Supervisor
Read-Only
Supervisor
Read/Write*
Supervisor
Read-Write
Supervisor
Read-Write
Supervisor
Read/Write
NOTE:
* If CR0.WP = 1, access type is determined by the R/W flags of the page-directory and page-table entries. IF CR0.WP = 0, supervisor
privilege permits read-write access.