When segment and page level protection is enabled, segment check is done first followed by page level check. Page level check occurs in parallel with the address resolution process and thus no performance overhead is incurred. Segment based violations generate a general protection fault (#GP). Page based violations generate a page fault exception (#PF). Also segment protection cannot be overridden by page protection settings. For example, setting page writable will not make a code segment writable.
Paging is optional. Even paging is enable, it's effect can be nullified by clearing the WP (write protection) flag in CR0, plus setting the R/W and U/S flag in PDE and PTE. This makes all memory pages writable and assign all of them to user privilege level.
There are 2 different types of check in paging mode:
- User/Supervisor mode check (bit 2)
- Page type checks (facilitated by R/W bit 1)
When CPL of program is 0, 1 or 2, the mode is supervisor (U/S clear). When CPL is 3, the mode is user.
Code execution in supervisor mode can access every page of memory (with the exception of user level read-only page, if the WP set in CR0).
Code execution in user mode are limited to reading other user-level pages where the R/W flag is clear (i.e. RO). User level code can read and write to other user-level pages where the R/W flag is set.
Though segmentation is mandatory, the effect can be nullify by implementing a flat memory model. GDT will contains 5 entries - 1 null descriptor, and 2 sets of code/data segments. One set with DPL of 0 and another set of 3. Each segment covers the entire linear address space (4G)
