Each TLB entry controls three types of access:
- Process
-
Processes are protected from unauthorized access by assigning a unique process ID (PID) to each process. When system software starts a user-mode application, it loads the PID for that application into the PID register. As the application executes, memory addresses are translated using only TLB entries with a TID field in Translation Look-Aside Buffer High (TLBHI) that matches the PID. This enables system software to restrict accesses for an application to a specific area in virtual memory.
A TLB entry with TID=0x00 represents a process-independent translation. Pages that are accessed globally by all processes should be assigned a TID value of 0x00.
- Execution
- The processor executes instructions only if they are fetched
from a virtual page marked as executable (TLBLO[EX]=1). Clearing TLBLO[EX] to 0
prevents execution of instructions fetched from a page, instead causing an
instruction-storage interrupt (ISI) to occur. The ISI does not occur when the
instruction is fetched, but instead occurs when the instruction is executed.
This prevents speculatively fetched instructions that are later discarded
(rather than executed) from causing an ISI.
The zone-protection register can override execution protection.
- Read/Write
- Data is written only to virtual pages marked as writable
(TLBLO[WR]=1). Clearing TLBLO[WR] to 0 marks a page as read-only. An attempt to
write to a read-only page causes a data-storage interrupt (DSI) to occur.
The zone-protection register can override write protection.
TLB entries cannot be used to prevent programs from reading pages. In virtual mode, zone protection is used to read-protect pages. This is done by defining a no-access-allowed zone (ZPR[Zn] = 00) and using it to override the TLB-entry access protection. Only programs running in user mode can be prevented from reading a page. Privileged programs always have read access to a page.