Intel 80386 manual System Architecture

Memory-mapped devices can be protected by the standard 80386 segment and page protection mechanisms.

In addition to its memory address space, the 80386 has a 64 kilobyte I/O address space. Devices mapped into this space are manipulated with the Input, Output, Input String, and Output String instructions. The first two instructions transfer a byte, word, or dword to or from the EAX register. The latter two instructions transfer a string of bytes, words, or dwords to or from memory.

The 80386 I/O instructions are privilege level sensitive. In the Flags register is a field called I/O Privilege Level (lOPL), which defines the minimum privilege level at which the running task can execute I/O instructions. (IOPL is loaded from the TSS so tasks can have different IOPLs). For example, if a task's 10PL is I, then the task cannot issue I/O instructions except

when it is running at privilege level I or O. The . 10PL mechanism supports multilevel protected operating systems in which, for example, critical and stable kernel procedures run at privilege level 0, and more volatile I/O procedures run at privilege level I; in this case the operating system has only to set IOPL to I when it creates a task. Because IOPL is task-specific, trusted tasks can be allowed execute I/O instructions while running application code, allowing them, for example, to directly manipulate special devices, for which no operating system driver is available.

To perform direct memory access (DMA) I/O, an 80386 operating system passes a physical address to the DMA controller and must guar- antee that the target segment(s) and/ or page(s) do not move during the transfer. One way to mark pages "locked for I/O" is to use one of the three user-defined page table bits.