x86 - segmentation in protected mode serves what purpose?

0
votes

I read about the x86 memory segmentation and I think that I'm missing something, the linear(virtual) address is built by taking the 32-bit from the GDT entry (base address), taking the 32-bits from the offset address and sum them to get a 32 bit virtual address.

Now as I see it the 32 offset bits can span the all VA space so there isn't really a need to use the 32 bits base address. So I conclude that the base address didn't really take a role in the translating process, what brings me to the point that the memory protection using segmentation (in x86 protected mode) is useless because we can get VA of segments with ring 0 privileges with the offset address itself. (EG. jump 0x08000001 - to kernel VA when our segment has the ring 3 privilege)

So all memory protection we've got based on paging?

2
securityassemblyx86virtual-memoryprotected-mode

2 Answers

0
votes

Segment selector and Segment Descriptor contains a data about a boundary of memory segment.
Not only a boundary, but also an access type has been contained in the descriptor.

0 to 3 privilege level, less has more privilege. Also read-write-execute information. So each different privilege level in segment has different access authority, and it's a part of fundamental mechanism of protected mode.

Legacy segmentation just prevents a duplicate of each segment area, otherwise code segment would be contaminated by data segment or stack segment memory of application (or user).

Recent segmentation contains more certain protection method with segment selector and segment descriptor.

After booting procedure, system is entering user privilege mode (3) and after than you can't access kernel privilege mode (0) unless using rootkit or perhaps there is another way for skillful hackers. :)

0
votes

Your observation that the 32-bit offset can span the entire VA space is correct. But segment descriptors also include a limit, so any accesses beyond that limit using that segment will cause a #GP (general protection fault). Also, you can't just use a ring-0 segment in ring-3 code; that would defeat the purpose of ring levels in the first place.