Editing X86 memory segmentation (section)

== Protected mode ==
{{refimprove section|date=August 2015}}

[[Image:Protected mode segments.svg|thumb|300px|left|Three segments in [[protected mode]] memory (click on image to enlarge), with the '''local descriptor table'''.]]

=== 80286 protected mode ===
The [[Intel 80286|80286]]'s [[protected mode]] extends the processor's address space to 2<sup>24</sup> bytes (16 megabytes), but not by adjusting the shift value used to calculate a segment address from the value in a segment register.  Instead, each 16-bit segment register now contains an index into a table of [[segment descriptors]] containing 24-bit base addresses to which offsets are added. To support old software, the processor starts up in "real mode", a mode in which it uses the segmented addressing model of the 8086.  There is a small difference though: the resulting physical address is no longer truncated to 20&nbsp;bits, so [[real mode]] pointers (but not 8086 pointers) can now refer to addresses from 100000<sub>16</sub> through 10FFEF<sub>16</sub>.  This nearly 64-kilobyte region of memory was known as the [[High Memory Area]] (HMA), and later versions of [[DOS]] could use it to increase the available "conventional" memory (i.e. within the first [[Megabyte|MB]]), by moving parts of DOS from conventional memory into the HMA.  With the addition of the HMA, the total address space is approximately 1.06&nbsp;MB.  Though the 80286 does not truncate real-mode addresses to 20&nbsp;bits, a system containing an 80286 can do so with hardware external to the processor, by gating off the 21st address line, the [[A20 line]].  The IBM&nbsp;PC&nbsp;AT provided the hardware to do this (for backward compatibility with software for the original [[IBM&nbsp;PC]] and [[IBM PC/XT|PC/XT]] models), and so all subsequent "[[IBM PC/AT|AT]]-class" PC clones did as well.

286 protected mode was seldom used as it would have excluded the large body of users with 8086/88 machines. Moreover, it still necessitated dividing memory into 64k segments like was done in real mode. This limitation can be worked around on 32-bit CPUs which permit the use of memory pointers greater than 64k in size, however as the Segment Limit field is only 24-bit long, the maximum segment size that can be created is 16MB (although paging can be used to allocate more memory, no individual segment may exceed 16MB). This method was commonly used on Windows 3.x applications to produce a flat memory space, although as the OS itself was still 16-bit, API calls could not be made with 32-bit instructions. Thus, it was still necessary to place all code that performs API calls in 64k segments.

Once 286 protected mode is invoked, it could not normally be exited except by performing a hardware reset. Machines following the rising [[IBM PC/AT]] standard could feign a reset to the CPU via the standardised keyboard controller, but this was significantly sluggish. Windows 3.x worked around both of these problems by intentionally triggering a [[triple fault]] in the interrupt-handling mechanisms of the CPU, which would cause the IBM AT-compatible hardware to reset the CPU, nearly instantly, thus causing it to
drop back into real mode.<ref>{{Cite web|url=http://blogs.msdn.com/b/larryosterman/archive/2005/02/08/369243.aspx|title = DevBlogs}}</ref>

=== Detailed segmentation unit workflow ===
A logical address consists of a 16-bit segment selector (supplying 13+1 address bits) and a 16-bit offset. The segment selector must be located in one of the segment registers. That selector consists of a 2-bit Requested [[Privilege level|Privilege Level]] (RPL), a 1-bit Table Indicator (TI), and a 13-bit index.

When attempting address translation of a given logical address, the processor reads the 64-bit [[segment descriptor]] structure from either the [[Global Descriptor Table]] when TI=0 or the [[Local Descriptor Table]] when TI=1. It then performs the privilege check:
: max(CPL, RPL) ≤ DPL
where CPL is the current privilege level (found in the lower 2&nbsp;bits of the CS register), RPL is the requested privilege level from the segment selector, and DPL is the descriptor privilege level of the segment (found in the descriptor).  All privilege levels are integers in the range 0–3, where the lowest number corresponds to the highest privilege.

If the inequality is false, the processor generates a [[general protection fault|general protection (GP) fault]].  Otherwise, address translation continues.  The processor then takes the 16-bit offset and compares it against the segment limit specified in the segment descriptor.  If it is larger, a GP fault is generated.  Otherwise, the processor adds the 24-bit segment base, specified in descriptor, to the offset, creating a linear physical address.

The privilege check is done only when the segment register is loaded, because [[segment descriptor]]s are cached in hidden parts of the segment registers.{{Citation needed|date=July 2011|reason=Is this true on the 80286, or only on the 80386 and above?}}<ref name=Arch>"Intel 64 and IA-32 Architectures Software Developer's Manual", Volume 3, "System Programming Guide", published in 2011, Page "Vol. 3A 3-11", the book is written: "''Every segment register has a “visible” part and a “hidden” part. (The hidden part is sometimes referred to as a “descriptor cache” or a “shadow register.”) When a segment selector is loaded into the visible part of a segment register, the processor also loads the hidden part of the segment register with the base address, segment limit, and access control information from the segment descriptor pointed to by the segment selector. The information cached in the segment register (visible and hidden) allows the processor to translate addresses without taking extra bus cycles to read the base address and limit from the segment descriptor.''"</ref>

=== 80386 protected mode ===
In the [[Intel 80386]] and later, protected mode retains the segmentation mechanism of 80286 protected mode, but a [[paging]] unit has been added as a second layer of address translation between the segmentation unit and the physical bus.  Also, importantly, address offsets are 32-bit (instead of 16-bit), and the segment base in each segment descriptor is also 32-bit (instead of 24-bit).  The general operation of the segmentation unit is otherwise unchanged.  The paging unit may be enabled or disabled; if disabled, operation is the same as on the 80286.  If the paging unit is enabled, addresses in a segment are now virtual addresses, rather than physical addresses as they were on the 80286.  That is, the segment starting address, the offset, and the final 32-bit address the segmentation unit derived by adding the two are all virtual (or logical) addresses when the paging unit is enabled.  When the segmentation unit generates and validates these 32-bit virtual addresses, the enabled paging unit finally translates these virtual addresses into physical addresses.  The physical addresses are 32-bit on the [[Intel 80386|386]], but can be larger on newer processors which support [[Physical Address Extension]].

As mentioned above, the 80386 also introduced two new general-purpose data segment registers, FS and GS, to the original set of four segment registers (CS, DS, ES, and SS).

A 386 CPU can be put back into real mode by clearing a bit in the CR0 control register, however this is a privileged operation in order to enforce security and robustness. By way of comparison, a 286 could only be returned to real mode by forcing a processor reset, e.g. by a [[triple fault]] or using external hardware.