lib0016.html

Memory Management—Algorithms and implementation in C/C++ Introduction Chapter 1 - Memory Manag

<tr valign="top">
<td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">data</p>
</td><td class="td" align="left">
<p class="table-para">read-only, expand down, accessed</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">data</p>
</td><td class="td" align="left">
<p class="table-para">read-write, expand down</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">data</p>
</td><td class="td" align="left">
<p class="table-para">read-write, expand down, accessed</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-only</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-only, accessed</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-read</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-read, accessed</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-only, conforming</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-only, conforming, accessed</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">0</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-read, conforming</p>
</td>
</tr>
<tr valign="top">
<td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">1</p>
</td><td class="td" align="left">
<p class="table-para">code</p>
</td><td class="td" align="left">
<p class="table-para">execute-read, conforming, accessed</p>
</td>
</tr>
</tbody>
</table>
<p class="para">
<i class="emphasis">Accessed</i> memory segments are segments that have been recently accessed so that bit 8 is set. <i class="emphasis">Expand down</i> segments are useful for creating stacks because they support memory constructs, which grow from high memory down toward low memory. <i class="emphasis">Conforming</i> code segments allows less privileged code segments to jump to them and execute their code at the lower privilege level.</p>
<a name="95"></a><a name="IDX-23"></a>
<p class="para">Security-conscious system engineers would be wise to exercise caution with regard to the circumstances in which they allow operating system segments to be conforming.</p>
<div class="qandaset">
<table border="0" cellpadding="0">
<tr class="qandaentry">
<td class="td" valign="top" width="2%">
<p class="first-para">
<a name="LiB6"><b>1.&nbsp;</b></a>
</p>
</td><td class="td" valign="top" width="90%">
<p class="first-para">OK, so we understand how the segments are referenced and what kind of metadata the segment descriptors store. How are these memory segments protected?</p>
</td><td class="td" valign="top" width="8%">
<p class="first-para">
<a href="#LiB5"><img src="images/question.gif" height="24" width="24" alt="As it turns out, the segment selector and segment descriptor contain most of the information needed to implement a protection scheme. The processor makes ample use of this metadata to track down memory access violations. For example, the limit field in the segment descriptor is used to help keep memory from being referenced beyond the designated last byte of a memory segment. Also, the type field in the segment descriptor ensures that a segment that is specified as read-only is not written to. The privilege fields in the segment selector and segment descriptor are used by the processor to prevent a program from illegally executing code or data that has a higher privilege. " border="0"></a>
</p>
</td>
</tr>
</table>
<p class="bold">Answers</p>
<table border="0" cellpadding="0">
<tr class="qandaentry-answer">
<td class="td" valign="top" width="2%">
<p class="first-para">
<a class="internaljump" name="answer.nr-qandaentry.2A067190-D5B8-4FC9-9364-9141AC17C052" href="#LiB6"><b>1.</b></a>&nbsp;</p>
</td><td class="td" valign="top" width="90%">
<p class="first-para">As it turns out, the segment selector and segment descriptor contain most of the information needed to implement a protection scheme. The processor makes ample use of this metadata to track down memory access violations.<p class="first-para">For example, the limit field in the segment descriptor is used to help keep memory from being referenced beyond the designated last byte of a memory segment. Also, the type field in the segment descriptor ensures that a segment that is specified as read-only is not written to. The privilege fields in the segment selector and segment descriptor are used by the processor to prevent a program from illegally executing code or data that has a higher privilege.</p>
</p>
</td>
</tr>
</table>
</div>
<table border="0" cellspacing="0" cellpadding="0" class="note">
<tr>
<td valign="top" class="admon-check"></td><td valign="top" class="admon-title">Note&nbsp;</td><td valign="top" class="admon-body">
<p class="first-para">It is easy to get confused. 0x00 is the <i class="emphasis">highest</i> privilege even though it is the <i class="emphasis">lowest</i> number.</p>
</td>