Vol. 3A 3-5
PROTECTED-MODE MEMORY MANAGEMENT
3.2.3 Multi-Segment Model
A multi-segment model (such as the one shown in Figure 3-4) uses the full capabilities of the
segmentation mechanism to provided hardware enforced protection of code, data structures, and
programs and tasks. Here, each program (or task) is given its own table of segment descriptors
and its own segments. The segments can be completely private to their assigned programs or
shared among programs. Access to all segments and to the execution environments of individual
programs running on the system is controlled by hardware.
Access checks can be used to protect not only against referencing an address outside the limit
of a segment, but also against performing disallowed operations in certain segments. For
example, since code segments are designated as read-only segments, hardware can be used to
prevent writes into code segments. The access rights information created for segments can also
be used to set up protection rings or levels. Protection levels can be used to protect operating-
system procedures from unauthorized access by application programs.
Figure 3-4. Multi-Segment Model
Linear Address Space
(or Physical Memory)
Segment
Registers
CS
Segment
Descriptors
LimitAccess
Base Address
SS LimitAccess
Base Address
DS LimitAccess
Base Address
ES LimitAccess
Base Address
FS LimitAccess
Base Address
GS LimitAccess
Base Address
LimitAccess
Base Address
LimitAccess
Base Address
LimitAccess
Base Address
LimitAccess
Base Address
Stack
Code
Data
Data
Data
Data