4-40 Vol. 3A
PROTECTION
Page-level protection can be used to enhance segment-level protection. For example, if a large
read-write data segment is paged, the page-protection mechanism can be used to write-protect
individual pages.
NOTE:
* If CR0.WP = 1, access type is determined by the R/W flags of the page-directory and page-table entries.
IF CR0.WP = 0, supervisor privilege permits read-write access.
4.13 PAGE-LEVEL PROTECTION AND EXECUTE-DISABLE BIT
In addition to page-level protection offered by the U/S and R/W flags, enhanced PAE-enabled
paging structures (see Section 3.10.3, “Enhanced Paging Data Structures”) provide the execute-
disable bit. This bit offers additional protection for data pages.
An IA-32 processor with the execute disable bit capability can prevent data pages from being
used by malicious software to execute code. This capability is provided in:
• 32-bit protected mode with PAE enabled.
• IA-32e mode.
Table 4-3. Combined Page-Directory and Page-Table Protection
Page-Directory Entry Page-Table Entry Combined Effect
Privilege Access Type Privilege Access Type Privilege Access Type
User Read-Only User Read-Only User Read-Only
User Read-Only User Read-Write User Read-Only
User Read-Write User Read-Only User Read-Only
User Read-Write User Read-Write User Read/Write
User Read-Only Supervisor Read-Only Supervisor Read/Write*
User Read-Only Supervisor Read-Write Supervisor Read/Write*
User Read-Write Supervisor Read-Only Supervisor Read/Write*
User Read-Write Supervisor Read-Write Supervisor Read/Write
Supervisor Read-Only User Read-Only Supervisor Read/Write*
Supervisor Read-Only User Read-Write Supervisor Read/Write*
Supervisor Read-Write User Read-Only Supervisor Read/Write*
Supervisor Read-Write User Read-Write Supervisor Read/Write
Supervisor Read-Only Supervisor Read-Only Supervisor Read/Write*
Supervisor Read-Only Supervisor Read-Write Supervisor Read/Write*
Supervisor Read-Write Supervisor Read-Only Supervisor Read/Write*
Supervisor Read-Write Supervisor Read-Write Supervisor Read/Write
