Protected Address Spaces

Portions of the logical address space are set aside for protected address spaces (sometimes called user address spaces or ring 3). This protected address space is a portion of the logical address space that has carefully controlled interaction with the server operating system. All protected address spaces use virtual memory. For general information about virtual memory, see Virtual Memory.

A key benefit is that you can use protected address spaces to take advantage of virtual memory or to run untried or troublesome applications. Because any modules loaded into a protected address space can't corrupt the operating system or cause server abends, the protected address space provides a safe place to run applications.

The operating system address space (ring 0) is sometimes called the OS address space or the kernel address space. The memory protection marshalling layer, in conjunction with the memory protection subsystem, prevents modules in a protected address space from having direct access to anything outside the address space. In particular, the memory protection marshalling layer serves as the interface between the protected address spaces and the server operating system. These layers prevent NLM programs in protected spaces from making calls or passing parameters to the operating system that would corrupt or fault the core operating system.

You can load modules into a protected address space, unload modules from a space, delete a space, or kill a space. See Using Protected Address Spaces and Loading Protected Address Spaces.


Protected Address Spaces and Logical Memory Addressing

Each protected address space has its own set of page translations to provide logical memory addressing. The memory management subsystem ensures that the page translations of each protected address space refers to a different set of physical memory addresses.

Only one set of translations is visible in the memory management subsystem at a time. When there is more than one protected address space, the memory management subsystem loads one set of page translations for a specified time and then replaces it with another.


Example showing how the Memory Management System has page translations for each protected address space with address spaces 1, 2 and 3 shown

Replacing visible page translations is part of a context switch. Context switches take place when the NetWare kernel changes from running one thread to running another thread.


Modules Not Allowed in Protected Address Spaces

The following NLM programs and executables cannot be loaded into a protected space:



Previous | Next