Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
X86 memory segmentation
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Practices == Logical addresses can be explicitly specified in [[x86 assembly language]], e.g. (AT&T syntax): {{codett|movl $42, %fs:(%eax) ; Equivalent to M[fs:eax]<-42) in|asm}} [[Register Transfer Language|RTL]] or in [[Intel syntax]]: <syntaxhighlight lang="nasm"> mov dword [fs:eax], 42 </syntaxhighlight> However, segment registers are usually used implicitly. * All CPU instructions are implicitly fetched from the ''[[code segment]]'' specified by the segment selector held in the CS register. * Most memory references come from the ''[[data segment]]'' specified by the segment selector held in the DS register. These may also come from the extra segment specified by the segment selector held in the ES register, if a segment-override prefix precedes the instruction that makes the memory reference. Most, but not all, instructions that use DS by default will accept an ES override prefix.{{fact|date=April 2025}} * Processor [[run-time stack|stack]] references, either implicitly (e.g. '''push''' and '''pop''' instructions) or explicitly ([[stack-based memory allocation|memory accesses using the (E)SP or (E)BP registers]]) use the ''stack segment'' specified by the segment selector held in the SS register. For explicit references, the segment can be overridden. * [[x86 string instructions|String instructions]] (e.g. '''stos''', '''movs'''), along with data segment, also use the ''extra segment'' specified by the segment selector held in the ES register. Segmentation cannot be turned off on x86-32 processors (this is true for 64-bit mode as well, but beyond the scope of discussion), so many 32-bit operating systems simulate a [[flat memory model]] by setting all segments' bases to 0 in order to make segmentation neutral to programs. For instance, the [[Linux kernel]] sets up only 4 general purpose segments: {| class="wikitable" |- ! Name !! Description !! Base !! Limit !! [[Descriptor Privilege Level|DPL]] |- | __KERNEL_CS || Kernel code segment || 0 || 4 GiB || 0 |- | __KERNEL_DS || Kernel data segment || 0 || 4 GiB || 0 |- | __USER_CS || User code segment || 0 || 4 GiB || 3 |- | __USER_DS || User data segment || 0 || 4 GiB || 3 |} Since the base is set to 0 in all cases and the limit 4 GiB, the segmentation unit does not affect the addresses the program issues before they arrive at the [[paging]] unit. (This, of course, refers to 80386 and later processors, as the earlier x86 processors do not have a paging unit.) Current Linux also uses GS to point to [[thread-local storage]]. Segments can be defined to be either code, data, or system segments. Additional permission bits are present to make segments read only, read/write, execute, etc. In protected mode, code may always modify all segment registers ''except'' CS (the [[code segment]] selector). This is because the current privilege level (CPL) of the processor is stored in the lower 2 bits of the CS register. The only ways to raise the processor privilege level (and reload CS) are through the '''lcall''' (far call) and [[INT (x86 instruction)|'''int''' (interrupt)]] instructions. Similarly, the only ways to lower the privilege level (and reload CS) are through '''lret''' (far return) and '''iret''' (interrupt return) instructions. In real mode, code may also modify the CS register by making a far jump (or using an undocumented <code>POP CS</code> instruction on the 8086 or 8088).<ref><code>POP CS</code> must be used with extreme care and has limited usefulness, because it immediately changes the effective address that will be computed from the instruction pointer to fetch the next instruction. Generally, a far jump is much more useful. The existence of <code>POP CS</code> is probably an accident, as it follows a pattern of PUSH and POP instruction opcodes for the four segment registers on the 8086 and 8088.</ref> Of course, in real mode, there are no privilege levels; all programs have absolute unchecked access to all of memory and all CPU instructions. For more information about segmentation, see the [[IA-32]] manuals freely available on the [[AMD]] or [[Intel]] websites.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)