Data segments

[n00b]

This is probably a stupid question but; I got 4 segments, a code/ a data for the OS and one code/data for the applications (ring 3).
My question is, Why do I have to have a special data segment(ring 3) for applications? I understand that I have to have a separate code segment, since my application shouldnt be able to perform all sorts of operations, but a ring-3 data segment? Why does it mather if a data segment is ring0 or ring3 (since the data segment dont prevent the using of some "dangerous" commands like LIDT for instance)

[Candy]

This is probably a stupid question but; I got 4 segments, a code/ a data for the OS and one code/data for the applications (ring 3).
My question is, Why do I have to have a special data segment(ring 3) for applications? I understand that I have to have a separate code segment, since my application shouldnt be able to perform all sorts of operations, but a ring-3 data segment? Why does it mather if a data segment is ring0 or ring3 (since the data segment dont prevent the using of some "dangerous" commands like LIDT for instance)

Since it also prevents access to system memory (at least, in theory). If you use page level protection, I think it's OK if the system code also uses PL3 data.

[n00b]

so if I have a data segment with low privilege level, I cannot use system memory? But how do I define what?s system memory or not? (really doesnt matter to me, Im using paging), but would be interesting to know

[Candy]

so if I have a data segment with low privilege level, I cannot use system memory? But how do I define what?s system memory or not? (really doesnt matter to me, Im using paging), but would be interesting to know

By setting a segment from X-Y and marking it as PL0, then mapping the rest using PL3, that makes X-Y unusable using usermode. Nice idea, make the usermode segment limited from 0-X and the kernelmode grow-down (not growing) from X-~0, mapping the entire memory range in either piece. Limits access directly, not caring about segmentation .

Note, check userlevel pointers in the kernel before using them.

[n00b]

But since Im using paging and only map the running application, there?s no way a program can access "forbidden" memory. So there?s really no reason to have two different code segments? (using flat memory modell of course). Can an instruction running from ring3 use ring0 memory?

[n00b]

and, I dont see the difference between setting the privilege level of a data segment to 0 or 3. What difference does it make?

[n00b]

I mabye found it, thought it would be better if I wrote (again) and asked if this is correct so a simple yes/no will do

The "privilege-level"(the same bit as the privilege level of a code segment) of a data segment decides if a stack, using that segment, is expanding up or down? Correct or not?

[Curufir]

The "privilege-level"(the same bit as the privilege level of a code segment) of a data segment decides if a stack, using that segment, is expanding up or down? Correct or not?

No. That information is encoded in the segment type bits.

[n00b]

Sorry I mean the 'Conforming' bit. That?s what the FAQ tolds me.

Anyways, what differece does the privilege level do to a data segment? The privilege level of a code segment prevents u from performing some operations, but I really dont get what the privilege level is good for when talking about data segments

[n00b]

I suppose a program running in ring3 cant reach data using a data segment which privilege levels is "higher" than 3. BUT if I?m using paging, is there any real use of this? (since I just dont map the forbidden memory when a process is executed)

[Pype.Clicker]

they may help when you have more than level 0 and level 3 (e.g. when you actually make use of level 1 and 2, which is not common among existing OS).

They may help when you want to have finer granularity (e.g. you want to give access to a small buffer or a few objects but no more)

They may help when you want to prevent a stack to overflow in a *really safe* manner (guarding page trick may fail to work when really huge areas are allocated on stack)

[Legend]

And never forget that segmentation was there before paging on the x86.
If you look at it without paging, you see why it is done this way, if you add paging, some things get obsolete, but they are still there for compatibility ..

[n00b]

Alright, thank you So, it?ll be enough to have One code segment(ring 0), One code segment(ring3) and just One data segment(ring3) for the entire OS (since memory protection is done with paging).

And one more thing. Suppose I?d like to change the cs register when I execute an application? How is this done? I know I can make it by a far jump but dont know how to make "dynamic far jumps" in assembler. Of course I can do something like this:
call 026h:yadayada
But how do I do this if 026h and yadayada are stored in e.g. eax and ebx? I cant use

call eax:ebx
;D

[Pype.Clicker]

you can use "call eax", but afaik "call ebx:eax" does not exist. You can however use "call <address of a far_pointer>" and store the "segment:offset" you'd like to jump to at that address ...

[n00b]

How can I use this in my multitasking? Suppose Im running an application, ring 3, and the PIT triggers an IRQ and Im returning the OS.. Then I?d like to continue running and return to where I was in the application (and it?s just an address).