But C assumes a plain memory layout, so Linux somewhen started to overlay the code and data segments 1:1, extending them to the full size of the virtual address range and use paging (introduced with 386) to implement virtual memory instead. This 1:1 mapping defeats the protections from the first paragraph. And now we got to implement a lot of security features the hard way.
In the AMD64 extensions, support for segmented protected mode got removed at all, and the 1:1 mapping is forcibly assumed.
Don't get me wrong - this isn't some "back on the old times stuff was better" - but i really feel this path in computing should have been pursued more.
Itanium had security segments; they are probably described in the book IA-64 Linux Kernel: Design and Implementation.
One of the Itanium designers founded Secure64 Software.
They sold Itanium DNS appliances and the OS used the security segments.
The linked page describes some of the security features of Itanium; I'm not sure how many of them are found on other platforms.
BTW you mean “was introduced to the x86 architecture with the 286...”
At the time memory segmentation was a standard way to deal with memory addressing limitations, and a more powerful mechanism than bank switching, if you could afford the circuitry.
Segment-specific memory protection was a core feature of the Multics design in the early 60s. Multics’ design was more sophisticated than the 286 as it supported different security rings on a per-segment basis, a simpler version of which I believe appeared with the 386. I believe Multics was the first to use this approach, but my memory might be faulty in this regard.
The 60s was a fruitful decade for architecture experimentation with a real Cambrian explosion of designs. Things settled down more in the 70s as people started to converge on fixing the byte length on 8 bits, 2’s compliment arithmetic and the like.
Memory protection itself certainly preceded the 286 by almost 20 years (I used to use a PDP-10 that ran an operating system using memory protection since the mid 60s).
The article on which we are commenting talks about memory segmentation (which is what Protected Mode used to implement protection) thus my point that this was not an invention of Intel's (and in fact the 286 was not intel's first implementation of the idea, that was the 432).
I don't intend to have an argument; it's just you made the assertion that Intel's failure in this regard was the Road Not Taken while I'm merely pointing out that there is plenty of experience (pro and con) of memory segmentation before and after the 286 and 386.
You are reading twice as much into my lines than what i said. I find this awful. At this point i regret writing my comment - not because its factually wrong or bad, but because im suddenly in the defensive because you are not putting much effort into understanding what i intended to express.
Efficient Virtual Memory for Big Memory Servers, 2013, https://research.cs.wisc.edu/multifacet/papers/isca13_direct...
Implementation of Direct Segments on a RISC-V Processor, 2018, https://carrv.github.io/2018/papers/CARRV_2018_paper_4.pdf