Intel 253668-032US Benutzerhandbuch
Vol. 3 5-11
PROTECTION
example, if the DPL of a data segment is 1, only programs running at a CPL of
0 or 1 can access the segment.
0 or 1 can access the segment.
— Nonconforming code segment (without using a call gate) — The DPL
indicates the privilege level that a program or task must be at to access the
segment. For example, if the DPL of a nonconforming code segment is 0, only
programs running at a CPL of 0 can access the segment.
segment. For example, if the DPL of a nonconforming code segment is 0, only
programs running at a CPL of 0 can access the segment.
— Call gate — The DPL indicates the numerically highest privilege level that the
currently executing program or task can be at and still be able to access the
call gate. (This is the same access rule as for a data segment.)
call gate. (This is the same access rule as for a data segment.)
— Conforming code segment and nonconforming code segment
accessed through a call gate — The DPL indicates the numerically lowest
privilege level that a program or task can have to be allowed to access the
segment. For example, if the DPL of a conforming code segment is 2,
programs running at a CPL of 0 or 1 cannot access the segment.
privilege level that a program or task can have to be allowed to access the
segment. For example, if the DPL of a conforming code segment is 2,
programs running at a CPL of 0 or 1 cannot access the segment.
— TSS — The DPL indicates the numerically highest privilege level that the
currently executing program or task can be at and still be able to access the
TSS. (This is the same access rule as for a data segment.)
TSS. (This is the same access rule as for a data segment.)
•
Requested privilege level (RPL) — The RPL is an override privilege level that
is assigned to segment selectors. It is stored in bits 0 and 1 of the segment
selector. The processor checks the RPL along with the CPL to determine if access
to a segment is allowed. Even if the program or task requesting access to a
segment has sufficient privilege to access the segment, access is denied if the
RPL is not of sufficient privilege level. That is, if the RPL of a segment selector is
numerically greater than the CPL, the RPL overrides the CPL, and vice versa. The
RPL can be used to insure that privileged code does not access a segment on
behalf of an application program unless the program itself has access privileges
for that segment. See Section 5.10.4, “Checking Caller Access Privileges (ARPL
Instruction),” for a detailed description of the purpose and typical use of the RPL.
is assigned to segment selectors. It is stored in bits 0 and 1 of the segment
selector. The processor checks the RPL along with the CPL to determine if access
to a segment is allowed. Even if the program or task requesting access to a
segment has sufficient privilege to access the segment, access is denied if the
RPL is not of sufficient privilege level. That is, if the RPL of a segment selector is
numerically greater than the CPL, the RPL overrides the CPL, and vice versa. The
RPL can be used to insure that privileged code does not access a segment on
behalf of an application program unless the program itself has access privileges
for that segment. See Section 5.10.4, “Checking Caller Access Privileges (ARPL
Instruction),” for a detailed description of the purpose and typical use of the RPL.
Privilege levels are checked when the segment selector of a segment descriptor is
loaded into a segment register. The checks used for data access differ from those
used for transfers of program control among code segments; therefore, the two
kinds of accesses are considered separately in the following sections.
loaded into a segment register. The checks used for data access differ from those
used for transfers of program control among code segments; therefore, the two
kinds of accesses are considered separately in the following sections.
5.6
PRIVILEGE LEVEL CHECKING WHEN ACCESSING DATA
SEGMENTS
To access operands in a data segment, the segment selector for the data segment
must be loaded into the data-segment registers (DS, ES, FS, or GS) or into the stack-
segment register (SS). (Segment registers can be loaded with the MOV, POP, LDS,
LES, LFS, LGS, and LSS instructions.) Before the processor loads a segment selector
into a segment register, it performs a privilege check (see Figure 5-4) by comparing
the privilege levels of the currently running program or task (the CPL), the RPL of the
segment selector, and the DPL of the segment’s segment descriptor. The processor
must be loaded into the data-segment registers (DS, ES, FS, or GS) or into the stack-
segment register (SS). (Segment registers can be loaded with the MOV, POP, LDS,
LES, LFS, LGS, and LSS instructions.) Before the processor loads a segment selector
into a segment register, it performs a privilege check (see Figure 5-4) by comparing
the privilege levels of the currently running program or task (the CPL), the RPL of the
segment selector, and the DPL of the segment’s segment descriptor. The processor