Michal Ludvig
<
michal@logix.cz
>
Home Page
Humorník
Douglas Adams
Programming and development
Nagios and SNMP scripts
SMTP client
DDNS updater
YubiKey-LDAP
VIA PadLock
VIA VT-310DP pipeline configurator
OpenChrome for OpenSUSE
IPsec-tools
CryptoDev 4 Linux
libfaketime.so
FastCrypt driver
S/MIME decoder
HTML lowercaser
CygProfiler suite
AMD64 registers
CFI for GAS
NetShips
ptrace() demo
XFree86 support for GDB
Etc.
Publications and documents
Linux on AMD64
VIA PadLock - Wicked fast encryption
VIA PadLock - Ďábelsky rychlé šifrování
Jak funguje initramdisk
Linux a 64 bitů
Secure networking
Napište si debugger
AMD64 - AMD Opteron
IPv6 krok za krokem I
IPv6 krok za krokem II
IPv6 krok za krokem III
Sharp Zaurus
Mosix - počítejte rychleji! I
Mosix - počítejte rychleji! II
Mosix - počítejte rychleji! III
What's new in GDB 6.0
Prev:
5.2 Page Translation
Next:
6.1 Why Protection?
Chapter 6 Protection
6.1 Why Protection?
6.2 Overview of 80386 Protection Mechanisms
6.3 Segment-Level Protection
6.3.1 Descriptors Store Protection Parameters
6.3.1.1 Type Checking
6.3.1.2 Limit Checking
6.3.1.3 Privilege Levels
6.3.2 Restricting Access to Data
6.3.2.1 Accessing Data in Code Segments
6.3.3 Restricting Control Transfers
6.3.4 Gate Descriptors Guard Procedure Entry Points
6.3.4.1 Stack Switching
6.3.4.2 Returning from a Procedure
6.3.5 Some Instructions are Reserved for Operating System
6.3.5.1 Privileged Instructions
6.3.5.2 Sensitive Instructions
6.3.6 Instructions for Pointer Validation
6.3.6.1 Descriptor Validation
6.3.6.2 Pointer Integrity and RPL
6.4 Page-Level Protection
6.4.1 Page-Table Entries Hold Protection Parameters
6.4.1.1 Restricting Addressable Domain
6.4.1.2 Type Checking
6.4.2 Combining Protection of Both Levels of Page Tables
6.4.3 Overrides to Page Protection
6.5 Combining Page and Segment Protection
Figure 6-1. Protection Fields of Segment Descriptors
Figure 6-2. Levels of Privilege
Figure 6-3. Privilege Check for Data Access
Figure 6-4. Privilege Check for Control Transfer without Gate
Figure 6-5. Format of 80386 Call Gate
Figure 6-6. Indirect Transfer via Call Gate
Figure 6-7. Privilege Check via Call Gate
Figure 6-8. Initial Stack Pointers of TSS
Figure 6-9. Stack Contents after an Interlevel Call
Figure 6-10. Protection Fields of Page Table Entries
Table 6-1. System and Gate Descriptor Types
Table 6-2. Useful Combinations of E, G, and B Bits
Table 6-3. Interlevel Return Checks
Table 6-4. Valid Descriptor Types for LSL
Table 6-5. Combining Directory and Page Protection
Prev:
5.2 Page Translation
Next:
6.1 Why Protection?