FACTOID # 9: The bookmobile capital of America is Kentucky.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
   
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Protected mode

Protected mode is an operational mode of x86-compatible CPUs of the 80286 series or later. x86 or 80x86 is the generic name of a microprocessor architecture first developed and manufactured by Intel. ... CPU redirects here. ... The Intel 80286 is an x86-family 16-bit microprocessor that was introduced by Intel on February 1, 1982. ...

Contents

Features

Protected mode has a number of new features designed to enhance multitasking and system stability, such as memory protection, and hardware support for virtual memory as well as task switching. It is sometimes abbreviated p-mode and also called Protected Virtual Address Mode in the Intel iAPX 286 Programmer's Reference Manual (iAPX 286 is just another name for the Intel 80286). In the 80386 and later 32-bit processors, a paging system was added and is part of protected mode. In computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. In the case of a computer with a single CPU, only one task is said to be running at any point in time, meaning that the CPU is... Memory protection is a system that prevents one process from corrupting the memory of another process running on the same computer at the same time. ... The memory pages of the virtual address space seen by the process, may reside non-contiguously in primary, or even secondary storage. ... The Intel 80286 is an x86-family 16-bit microprocessor that was introduced by Intel on February 1, 1982. ... An Intel 80286 Microprocessor AMD 80286 with 12 Mhz. ... In computer operating systems, paging memory allocation algorithms divide computer memory into small partitions, and allocates memory using a page as the smallest building block. ...


Most modern x86 operating systems run in protected mode, including Linux, FreeBSD, OpenBSD, NetBSD and Microsoft Windows 3.0 (which also ran in real mode for compatibility with Windows 2.x applications) and later. To meet Wikipedias quality standards, this article or section may require cleanup. ... Linux (also known as GNU/Linux) is a Unix-like computer operating system. ... FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through the 386BSD and 4. ... OpenBSD is a freely available Unix-like computer operating system descended from Berkeley Software Distribution (BSD), a Unix derivative created at the University of California, Berkeley. ... NetBSD is a freely redistributable, open source version of the Unix-like BSD computer operating system. ... A typical Windows 3. ... Real mode (also called real address mode in Intels manuals) is an operating mode of 80286 and later x86-compatible CPUs. ...


The other main operational mode of 286 and later CPUs is real mode, a backwards compatibility mode that disables these features, designed to allow old software to run on newer chips. As a design specification, all x86 CPUs, except the obscure embedded Intel 80376, start in real mode at boot time to ensure backwards compatibility with legacy operating systems. They must be switched into protected mode by a program before any protected mode features are available. In modern computers, this switch is usually one of the very first tasks performed by the operating system at boot time. Real mode (also called real address mode in Intels manuals) is an operating mode of 80286 and later x86-compatible CPUs. ... The Intel 80376, introduced January 16, 1989, was a variant of the Intel 80386 intended for embedded systems. ... To meet Wikipedias quality standards, this article or section may require cleanup. ...


While software-mediated multitasking is certainly possible on systems running in real mode, the memory protection features of protected mode prevent an erroneous program from damaging the memory "owned" by another task or by the operating system kernel. Protected mode also has hardware support for interrupting a running program and shifting execution context to another, enabling pre-emptive multitasking. To meet Wikipedias quality standards, this article or section may require cleanup. ... A kernel connects the software and hardware of a computer. ... Pre-emptive multitasking is a form of multitasking. ...


Privilege levels

In protected mode, there four privilege levels or rings, numbered from 0 to 3. Kernel code that needs to use privileged instructions runs in ring 0, and user applications normally run in ring 3. In computer science hierarchical protection domains, often called protection rings, is a mechanism to protect data and functionality from faults (fault tolerance) and malicious behaviour (computer security). ... A protection ring is one of two or more hardware-enforced levels of privilege within the architecture of a computer CPU. Rings were among the more revolutionary and visible concepts introduced by the Multics operating system, a highly secure predecessor of todays UNIX family of operating systems (however, most... A kernel connects the software and hardware of a computer. ...


The operating system may assign rings 1 and 2 to system services that applications can call, like network protocols or window management. Doing so lets the services directly access the data of the application, while protecting the services from the application and the kernel from the services. However, it requires the operating system to specify memory protection at the segment level (because page-level protection on the 80386 cannot distinguish between rings 0, 1, and 2) and can be difficult if the operating system needs to be portable to processors that support only two rings. An operating system can instead achieve equivalent or stronger protection by running the services in ring 3 but in a different address space. This however costs a more complex context switch at the time of the call: unless the service is given a separate Task State Segment, the processor must first switch to Ring 0 to change the address space, and then back to Ring 3 to execute the service. In networking, a communications protocol or network protocol is the specification of a set of rules for a particular type of communication. ... An example of a graphical user interface in Windows XP, with the My Music window displayed In computing, a window is a visual area, usually rectangular in shape, containing some kind of user interface, displaying the output of and allowing input for one of a number of simultaneously running computer... The introduction to this article provides insufficient context for those unfamiliar with the subject matter. ... A context switch is the computing process of storing and restoring the state (context) of a CPU such that multiple processes can share a single CPU resource. ... The Task State Segment is a special x86 structure which holds information about a task. ...


The processor checks privilege levels in the following situations. If the code being run is not privileged enough, the result is usually an exception that the operating system can handle; but there are also instructions that make the same checks without raising exceptions.

  • Privileged instruction. Some instructions can only be executed in ring 0: for example LGDT (load global descriptor table), which can redefine segments arbitrarily and thereby defeat the protection mechanism. POPF (pop flags from the stack) is always allowed but can change the IOPL field only in ring 0.
  • Input/output. The privilege level required for I/O instructions and modifying the interrupt flag is defined via the IOPL field of EFLAGS. Even if the current privilege level does not suffice, I/O to specific ports may still be allowed via the I/O permission bit map in the task state segment (not supported by the 80286).
  • Loading a segment register, and far jumps and calls. Each segment has a descriptor that defines the descriptor privilege level (DPL) required for using that segment. The selector value loaded into a segment register also encodes a requestor's privilege level (RPL), which is intended to be set with the ARPL instruction, to mark selectors received from less privileged code. The processor makes different checks for data accesses, stack switching, direct control transfers, and indirect control transfers via a gate.
  • Returning to less-privileged code. The processor clears all segment registers that contain selectors that code in the new privilege level would not itself have been able to load there.
  • Paging (not supported by the 80286). A bit in each page table entry controls whether the page can be used only in rings 0, 1, and 2 (supervisor mode), or also in ring 3 (user mode).

The RPL in the CS (code segment) register is always the current privilege level. Reading this register cannot be trapped, which complicates native virtualization of operating systems, as they normally expect to have ring 0 for themselves. See x86 virtualization. It has been suggested that Condition Code Register be merged into this article or section. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... In computing, Input/output, or I/O, is the collection of interfaces that different functional units (sub-systems) of an information processing system use to communicate with each other, or the signals (information) sent through those interfaces. ... In computing, an interrupt is an asynchronous signal from hardware or software indicating the need for attention. ... Memory-mapped I/O (MMIO) and port I/O (also called port-mapped I/O or PMIO) are two complementary methods of performing input/output between the CPU and I/O devices in a computer. ... On the Intel x86 architecture, a memory segment is the portion of memory which may be addressed by a single index register without changing a 16-bit segment selector. ... A far pointer is, in a Segmented architecture computer, a pointer which includes a segment number, making it possible to point to addresses outside of the current segment. ... In computer operating systems, paging memory allocation algorithms divide computer memory into small partitions, and allocates memory using a page as the smallest building block. ... In computer terms, supervisor mode is a hardware-mediated flag which can be changed by code running in system-level software. ... User mode refers to two similar concepts in computer architecture. ... In computing, native virtualization is a virtualization technique that presents a software virtual machine by leveraging hardware-based Virtualization Technology supported by some CPUs. ... x86 virtualization is the method by which the x86 processor architecture is virtualized. ...


386 extensions to protected mode

These included:

  • paging
  • 32-bit segment offsets (this and paging made it possible to make a 32-bit flat address space with the 80386, used in modern operating systems)
  • 32-bit physical address space (this extension is not present on the 80386 processors that have an 80286 bus, for example the 80386SX)
  • ability to switch back to real mode
  • virtual 8086 mode
  • I/O permission bitmaps

Some of them used what was documented (in the Intel iAPX 286 Programmer's Reference Manual) as reserved bits on the 286. In computer operating systems, paging memory allocation algorithms divide computer memory into small partitions, and allocates memory using a page as the smallest building block. ... The Intel 80386 is a microprocessor which was used as the central processing unit (CPU) of many personal computers from 1986 until 1994 and later. ... In the 80386 and later, Virtual 8086 mode, also called virtual real mode, allows the execution of real mode applications that violated the rules mentioned here under the control of a protected mode operating system. ...


Real mode application compatibility

The Intel iAPX 286 Programmer's Reference Manual states the protected mode is just an overlay over the 80186 instruction set, and indeed the 80286 protected mode, for application programmers, didn't add much beyond having access to up to 16 MB of physical memory and 1 GB of virtual memory (512 MB global, 512 MB local) and was binary compatible with real-mode code, so in theory, 8086 and 80186 application code could run in protected mode if it followed these rules, although it will run slower than in real mode because loading segment registers is slower: The 80186 is a microprocessor that was developed by Intel circa 1982. ... The memory pages of the virtual address space seen by the process, may reside non-contiguously in primary, or even secondary storage. ... The 8086 is a 16-bit microprocessor chip designed by Intel in 1978, which gave rise to the x86 architecture. ... The 80186 is a microprocessor that was developed by Intel circa 1982. ... Real mode (also called real address mode in Intels manuals) is an operating mode of 80286 and later x86-compatible CPUs. ... Segmentation is one of the most common ways to achieve memory protection; another common one is paging. ...

  • no segment arithmetic
  • no use of privileged instructions
  • no direct hardware access
  • no writing to code segment (which means that self-modifying code is never allowed)
  • no executing data (that, together with segmentation, provides some buffer overflow protection)
  • no assumption that segments overlap

In reality, almost all DOS application programs violated these rules, for lack of replacement DOS or BIOS calls or because of the insufficient level of performance of such calls. The most common violations were segment arithmetic and direct hardware access. Also some of the BIOS interrupts use numbers that were reserved by Intel. In other words, protected mode was less compatible with DOS applications than real mode applications would be and so there was a need for virtual 8086 mode, which came with the 386. In computer science, self-modifying code is code that modifies itself on purpose. ... ‹ The template below has been proposed for deletion. ... In the 80386 and later, Virtual 8086 mode, also called virtual real mode, allows the execution of real mode applications that violated the rules mentioned here under the control of a protected mode operating system. ...


See also

Real mode (also called real address mode in Intels manuals) is an operating mode of 80286 and later x86-compatible CPUs. ... Unreal mode is a mode in which the x86 processors and x86-64 processors can operate, as are real mode, protected mode and long mode. ... In the 80386 and later, Virtual 8086 mode, also called virtual real mode, allows the execution of real mode applications that violated the rules mentioned here under the control of a protected mode operating system. ... In the x86-64 CPU architecture Long mode, is the mode where an application (or operating system) can access the 64-bit instructions and registers, while 32-bit programs are executed in a compatibility mode. ... x86 or 80x86 is the generic name of a microprocessor architecture first developed and manufactured by Intel. ... Wikibooks has more about this subject: Programming:x86 assembly x86 assembly language is the assembly language for the x86 class of processors, which includes Intels Pentium series and AMDs Athlon series. ... A protection ring is one of two or more hardware-enforced levels of privilege within the architecture of a computer CPU. Rings were among the more revolutionary and visible concepts introduced by the Multics operating system, a highly secure predecessor of todays UNIX family of operating systems (however, most...

External links

  • http://x86.ddj.com/articles/pmbasics/tspec_a1_doc.htm

References

  • The Intel Microprocessors (8086/8088, 80186/80188, 80286, 80386, 80486, Pentium, Pentium Pro Processor, Pentium II, Pentium II, Pentium III, and Pentium 4) Architecture, Programming, and Interfacing. Barry B. Brey
  • Intel Corporation (1985). iAPX 286/10 High Performance Microprocessor with Memory Management and Protection (80286-10, 80286-8, 80286-6). Order number 210253-009. In Intel Corporation (1986), Microsystem Components Handbook, Volume I: Microprocessors, ISBN 1-555-12-001-6, order number 230843 (both volumes).

  Results from FactBites:
 
"Working in the Protected Mode Environment" (6054 words)
Protected mode on the 386 offers the programmer better protection and more memory than on the 286.
In V86 mode, the 386 operates in protected mode but allows some programs it is running to use a simulated real-mode environment.
Although the processor is in V86 mode, the interrupt handling still occurs in protected mode.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m