Memory segment
From Free net encyclopedia
On the Intel x86 architecture, a memory segment is the portion of memory which may be addressed by a single index register without changing a 16-bit segment selector. In real mode or protected mode on the 80286 processor (or V86 mode on the 80386 and later processors), a segment is always 64 kibibytes in size (using 16-bit index registers). In 32-bit protected mode, available in 80386 and subsequent processors, a segment can have variable length.
In 16-bit real mode, enabling applications to make use of multiple memory segments (in order to access more memory than available in any one 64K-segment) was quite complex, but was viewed as a necessary evil for all but the smallest tools (which could do with less memory). The root of the problem was that no appropriate address-arithmetic instructions suitable for flat addressing of the entire memory range were available. Flat addressing is possible by applying multiple instructions, which however leads to slower programs.
In protected mode, segmentation has a completely different meaning. Segmentation is a virtual memory scheme, like paging which although is supported on x86, is not supported on many other architectures. On the 386 and later, programs issue logical (48-bit) addresses (in a 16-bit segmented address space the middle 16-bit are 0, while in a 32-bit flat address space, the top 16-bit is not 0 (in fact it cannot be 0, since this means a null selector), but are the same for every such references (except code, because a segment cannot be readable, writable and executable at the same time)), which go through the segmentation unit to be translated into linear addresses (32-bit) before being sent to the paging unit (if enabled) which then translates those into physical addresses (also 32-bit). The segmentation unit works as follows:
A logical address consists of a 16-bit segment selector and a 32-bit offset. The segment selector must be located in one of the segment registers: CS, DS, SS, ES, FS, GS. That selector consists of a 2-bit Requested Privilege Level (RPL), a 1-bit Table Indicator (TI), and a 13-bit index. The processor will index by the appropriate amount (times 8 since segment descriptors are 8 bytes) into the GDT (Global Descriptor Table) if TI=0, or the LDT (Local Descriptor Table) if TI=1. It then performs the following privilege check:
max(CPL, RPL) > DPL
where CPL is the current privilege level (lower 2 bits in CS), RPL is the requested privilege level from the segment selector, and DPL is the descriptor privilege level of the segment (found in the descriptor). If the equation is true, the processor generates a general protection fault (#GP). Otherwise, address translation continues. This privilege check is actually only done once, when the segment register is loaded since segment descriptors are cached in hidden parts of the segment registers.
The processor then takes the 32-bit offset and compares it against the segment limit specified in the segment desciptor. If it is larger, a GP fault is generated. Otherwise, the processor adds the segment base (32-bit, specified in descriptor) to the offset and this creates a linear address.
Logical addresses can be explicitly specified in x86 assembler language, e.g. (AT&T syntax):
movl $42, %fs:(%eax) ; Equivalent to M[fs:eax]<-42) in RTL
Usually, however, implied segments are used. All instruction fetches come from the code segment in the CS register. Most memory references come the from data segment in the DS register. Processor stack references, either implicitly (e.g. push and pop instructions) or explicitly (memory accesses using the ESP or EBP registers) use the stack segment in the SS register. Finally, string instructions (e.g. stos, movs) also use the extra segment ES.
Segmentation cannot be turned off on x86 processors, so many operating systems use a flat memory model to make segmentation unnoticeable to programs. For instance, the Linux kernel sets up only 4 segments:
* __KERNEL_CS (Kernel code segment, base=0, limit=4GB, DPL=0) * __KERNEL_DS (Kernel data segment, base=0, limit=4GB, DPL=0) * __USER_CS (User code segment, base=0, limit=4GB, DPL=3) * __USER_DS (User data segment, base=0, limit=4GB, DPL=3)
Since the base is set to 0 in all cases and the limit 4 GiB, the segmentation unit does not affect the addresses the program issues before they arrive at the paging unit.
Segments can be defined to be either code, data, or system segments. Additional permission bits are present to make segments read only, read/write, execute, etc.
Note that code may always modify all segment registers except CS (the code segment). This is because the current privilege level (CPL) of the processor is stored in the lower 2 bits of the CS register. The only way to raise the processor privilege level (and reload CS) is through the lcall (far call) and int (interrupt) instructions. Similarly, the only way to lower the privilege level (and reload CS) is through lret (far return) and iret (interrupt return).
For more about segmentation, see the IA-32 manuals freely available on the AMD or Intel websites.