OSDev.org

I've been studying how paging and access controls work on x86_64 and I’m trying to understand the interaction between the USER flag used for page entries and memory access from user-mode processes.

As far as I understand, setting the USER flag in a page table entry allows a page to be accessible from user-mode (ring 3). However, my question is:

If a page in the higher half of the address space (typically used by the kernel) is mapped with the USER flag set in the PML4, PML3, PML2, and PT entries, does that mean a user-mode process can access this address, or is there additional enforcement at the CPU level (e.g., canonical address restrictions) that prevents user-mode code from accessing this region, even if it’s marked as USER?

There is no further restriction on user accesses. If you map a page to the high side with the user bit set in all page levels, the access is allowed. See AMD APM vol. 2, §5.6.1, which goes into further detail.

Thank you!

On x86(_64), higher-half is just a convention that most OSes follow (though on 32-bit x86, Linux usually used only the top quarter of the address space for the OS). On other architectures, the details vary. Some have an entirely different address space for the kernel, or just turn paging off entirely in kernel mode. Some may enforce a particular division of the address space.