Intel 80386 manual Protection, Privilege

When, in the course of translating a logical address, the processor produces a linear address that refers to a page table entry whose Present bit is reset, the processor raises an exception called a page fault. Exceptions are covered later in this chapter, but the basic consequence of a page fault is the invocation by the processor of an operating system procedure called the page fault handler. On entry to the page fault handler, Control Register 2 contains the linear address associated with the not-present page. From this address the page fault handler can find the relevant page table entry by translating the linear address just as the processor.did. Note that all bits other than the Present bit in a not-present page table entry are user-defined; they provide a convenient place for the operating system to store the disk address of the not-present page. Having determined the disk address of the not-present page, the page fault handler can allocate a page frame and transfer the page from disk to the frame. After updating the page table entry's address field and Present bit, the page fault handler simply returns. The processor then automatically retrics the faulting instruction, and the result is the same as if the page had been present when the instruction was first executed.

Other fields in an 80386 page ta ble entry help the operating system perform virtual memory opera- tions efficiently. In addition to loading pages on demand, the operating system must maintain a supply offree page frames that can be allocated by the page fault handler. To increase the supply of free page frames, the operating system must decide which frames to free. Before it frees a frame, the operating system must also write the page to disk if the page has been modified since it was loaded. To assist the operating system in these activities, the 80386 architecture provides an Accessed bit and a Dirty bit in each page table entry; the processor updates these bits auto- matically for all present pages. The 80386 sets the Accessed bit whenever the page is read or written and sets the Dirty bit whenever the page is written. By periodically examining and resetting

the Accessed bits, the operating system can identify pages that have not recently been used. The frames containing these pages are good candidates for freeing because pages that have not recently been used are unlikely to be used in the near future. When the operating system has selected a page to give up its page frame, the page does not have to be written to disk unless the processor has set its Dirty bit.

Each page table entry also contains a 3-bit field that the operating system can use as it likes. Operating systems commonly use this field to mark pages with special status conditions such as "locked for 1/0."

3.4 Protection

The 80386 provides an array of protection mechanisms that operating systems can selectively employ to fit their needs. One form of protection, the separation of task address spaces by segment descriptor tables and page tables, has already been discussed. This separation effectively pre- vents application tasks from interfering with each other's code and data. In addition' to isolating tasks from each other, the 80386 pro- vides facilities for protecting the operating system from application code, for protecting one part of the operating system from other parts, and for protecting a task from some of its own errors. Besides making operating systems more robust, the 80386 protection system can simplify de- bugging by trapping and isolating errors to specific tasks. All 80386 protection facilities are implemented on-chip so protection checking can be performed without performance penalties.

3.4.1 Privilege

Many of the 80386 protection facilities are based on the notion of a privilege hierarchy. At any instant, a task's privilege is equal to the privilege level of the code segment it is executing. In each segment descriptor is a field that defines the privilege level of the associated segment; the field