Intel 80286, 80287 manual Task Management, Protection Mechanisms

INTRODUCTION TO THE 80286

The 80286, like all members of the 8086 series, supports a segmented memory architecture. The 80286 also fully integrates memory segmentation into a comprehensive protection scheme. This protection scheme includes hardware-enforced length and type checking to protect segments from inadvertent misuse.

1.3.2 Task Management

The 80286 is designed to support multi-tasking systems. The architecture provides direct support for the concept of a task. For example, task state segments (see section 8.2 in Chapter 8) are hardware- recognized and hardware-manipulated structures that contain information on the current state of all tasks in the system.

Very efficient context-switching (task-switching) can be invoked with a single instruction. Separate logical address spaces are provided for each task in the system. Finally, mechanisms exist to support intertask communication, synchronization, memory sharing, and task scheduling. Task Management is described in Chapter 8.

1.3.3 Protection Mechanisms

The 80286 allows the system designer to define a comprehensive protection policy to be applied, uniformly and continuously, to all ongoing operations of the system. Such a policy may be desirable to ensure system reliability, privacy of data, rapid error recovery, and separation of multiple users.

The 80286 protection mechanisms are based on the notion of a "hierarchy of trust." Four privilege levels are distinguished, ranging from Level 0 (most trusted) to Level 3 (least trusted). Level 0 is usually reserved for the operating system kernel. The four levels may be visualized as concentric rings, with the most privileged level in the center (see figure 1-1).

This four-level scheme offers system reliability, flexibility, and design options not possible with the typical two-level (supervisorluser) separation provided by other processors. A four-level division is capable of separating kernel, executive, system services, and application software, each with different privileges.

At anyone time, a task executes at one of the four levels. Moreover, all data segments and code segments are also assigned to privilege levels. A task executing at one level cannot access data at a more privileged level, nor can it call a procedure at a less privileged level (i.e., trust a less privileged procedure to do work for it). Thus, both access to data and transfer of control are restricted in appro- priate ways.

A complete separation can exist between the logical address spaces local to different tasks, providing users with automatic protection against accidental or malicious interference by other users. The hardware also provides immediate detection of a number of fault and error conditions, a feature that can be useful in the development and maintenance of software.

Finally, these protection mechanisms require relatively little system overhead because they are integrated into the memory management and protection hardware of the processor itself.

1-3