Questions: Memory Protection and Access Control Hardware
5 questions to test your understanding
Score: 0 / 5
Question 1 Multiple Choice
A user-mode program attempts to write directly to its own page table entries in order to grant itself write access to a kernel page. What happens?
AThe write succeeds because the program is modifying its own address space
BThe write succeeds but the kernel detects it and reverts the change
CThe MMU triggers a protection fault because page table entries reside in kernel-only memory
DThe write is queued and executed after a context switch to kernel mode
Page table entries live in memory pages marked as kernel-only. Any attempt by a user-mode program to write to them triggers a protection fault immediately — the MMU checks privilege levels before allowing the access. The program cannot escalate its own privileges this way because the very mechanism it would need to modify (the page tables) is protected by the hardware it cannot bypass.
Question 2 Multiple Choice
A buffer overflow attack injects shellcode into a program's stack buffer. On a system enforcing W^X, what prevents the shellcode from executing?
AThe OS scans newly written stack pages for shellcode patterns before execution
BStack pages are marked write but not execute, so the CPU raises a fault if execution is attempted
CStack memory is physically separated from code memory by the MMU
DThe compiler inserts canary values that detect the overflow before execution reaches the shellcode
W^X (write XOR execute) means any page can be writable or executable, but not both simultaneously. Stack pages are writable (to hold function frames) but not executable. When the processor attempts to fetch an instruction from a stack address, the MMU checks the execute bit, finds it unset, and raises a protection fault — regardless of what was written there. Stack canaries (option D) detect overflows but do not prevent code injection; W^X prevents execution of injected code.
Question 3 True / False
A user process cannot access kernel memory even if it knows the exact virtual address of a kernel data structure.
TTrue
FFalse
Answer: True
Every page table entry carries a privilege bit specifying whether user-mode access is permitted. Kernel pages are flagged as supervisor-only. When a user-mode thread references a kernel virtual address, the MMU checks the privilege level, finds the page requires supervisor mode, and raises a protection fault — knowledge of the address is irrelevant. This hardware guarantee is what makes the OS/user boundary meaningful and unbypassable from user space.
Question 4 True / False
Memory protection relies on the operating system checking access permissions in software after each memory reference.
TTrue
FFalse
Answer: False
Memory protection is entirely hardware-enforced by the MMU, which checks protection bits and privilege levels on every single memory access before any data is returned. There is no software check involved in the fast path — the hardware acts first and unconditionally. If the OS had to intervene in software for every access, the performance overhead would be prohibitive and the protection could potentially be bypassed. Hardware enforcement means there is no opt-out from user space.
Question 5 Short Answer
Why can't a user-mode program disable memory protection or modify its own page table entries to gain unauthorized access?
Think about your answer, then reveal below.
Model answer: Page table entries reside in memory pages marked as kernel-only. A user-mode program trying to write to those pages triggers a protection fault before the write completes. Similarly, disabling the MMU or changing privilege levels requires privileged instructions that only kernel mode can execute. Because the tools needed to bypass protection are themselves protected by the same mechanism, the scheme is self-reinforcing — a user program cannot escape its own cage from within.
This self-reinforcing property is the architectural elegance of hardware memory protection. The page tables that govern access are themselves governed by access control. The instructions that could disable protection are gated by privilege levels. The only legitimate path to elevated operations is through system calls that the OS controls — which is exactly the intended boundary.