Protected mode

[9] At the time, 1 megabyte was considered a relatively large amount of memory,[10] so the designers of the IBM Personal Computer reserved the first 640 kilobytes for use by applications and the operating system and the remaining 384 kilobytes for the BIOS (Basic Input/Output System) and memory for add-on devices.

[11] The initial protected mode, released with the 286, was not widely used;[11] for example, it was used by Coherent (from 1982),[12] Microsoft Xenix (around 1984)[13] and Minix.

[4] Real mode functioned virtually identically to the 8086 and 8088, allowing the vast majority of existing software for those processors to run unmodified on the newer 286.

This enabled 24-bit addressing, which allowed the processor to access 224 bytes of memory, equivalent to 16 megabytes.

[9] With the release of the 386 in 1985,[7] many of the issues preventing widespread adoption of the previous protected mode were addressed.

[11] The 386 was released with an address bus size of 32 bits, which allows for 232 bytes of memory accessing, equivalent to 4 gigabytes.

[17] Protected mode is now used in virtually all modern operating systems which run on the x86 architecture, such as Microsoft Windows, Linux, and many others.

This allowed the BIOS to restore the CPU to a similar state and begin executing code before the reset.

[22] After performing those two steps, the PE bit must be set in the CR0 register and a far jump must be made to clear the prefetch input queue.

[23][24] With the release of the 386, protected mode could be exited by loading the segment registers with real mode values, disabling the A20 line and clearing the PE bit in the CR0 register, without the need to perform the initial setup steps required with the 286.

[3] These additions allow the operating system to function in a way that would be significantly more difficult or even impossible without proper hardware support.

The use of rings allows for system software to restrict tasks from accessing data, call gates or executing privileged instructions.

Virtual 8086 mode is designed to allow code previously written for the 8086 to run unmodified and concurrently with other tasks, without compromising security or system stability.

Programs that require segment manipulation, privileged instructions, direct hardware access, or use self-modifying code will generate an exception that must be served by the operating system.

[35] In addition, applications running in virtual 8086 mode generate a trap with the use of instructions that involve input/output (I/O), which can negatively impact performance.

An example of such a compromise can be seen with the release of Windows NT, which dropped backward compatibility for "ill-behaved" DOS applications.

For maintaining compatibility with 286 protected mode a new default flag (D-bit, for short) was added.

[41] Through the use of the rings, privileged call gates, and the Task State Segment (TSS), introduced with the 286, preemptive multitasking was made possible on the x86 architecture.

The TSS allows general-purpose registers, segment selector fields, and stacks to all be modified without affecting those of another task.

If a Windows 1.x or 2.x program is written properly and avoids segment arithmetic, it will run the same way in both real and protected modes.

An Intel 80386 microprocessor
Example of privilege ring usage in an operating system using all rings
Virtual segments of 80286
Common method of using paging to create a virtual address space
Paging (on Intel 80386) with page size of 4K