IBM 10 SP1 EAL4 User Manual
calls. If the code segment is non-conforming (with conforming bit C set to zero in the segment descriptor),
then the processor first checks to ensure that CPL is equal to DPL. If CPL is equal to DPL, then the processor
performs the next check to see if the RPL value is less than or equal to the CPL. A general protection
exception occurs if either of the two checks fail. If the code segment is conforming (with conforming bit C
set to one in the segment descriptor), then the processor compares the target code-segment descriptor DPL
with the currently executing program CPL. If the DPL is less than or equal to the CPL, then access is
allowed. Otherwise, a general protection exception occurs. RPL is ignored for conforming segments.
then the processor first checks to ensure that CPL is equal to DPL. If CPL is equal to DPL, then the processor
performs the next check to see if the RPL value is less than or equal to the CPL. A general protection
exception occurs if either of the two checks fail. If the code segment is conforming (with conforming bit C
set to one in the segment descriptor), then the processor compares the target code-segment descriptor DPL
with the currently executing program CPL. If the DPL is less than or equal to the CPL, then access is
allowed. Otherwise, a general protection exception occurs. RPL is ignored for conforming segments.
5.5.2.5.5.4 Access control for control transfers through call gates
The AMD Opteron processor uses call gates for control transfers to higher privileged code segments. Call
gates are descriptors that contain pointers to code-segment descriptors and control access to those descriptors.
Operating systems can use call gates to establish secure entry points into system service routines. Before
loading the code register with the code segment selector located in the call gate, the processor performs the
following three privilege checks:
gates are descriptors that contain pointers to code-segment descriptors and control access to those descriptors.
Operating systems can use call gates to establish secure entry points into system service routines. Before
loading the code register with the code segment selector located in the call gate, the processor performs the
following three privilege checks:
1. Compare the CPL with the call-gate DPL from the call-gate descriptor. The CPL must be less than or
equal to the DPL.
2. Compare the RPL in the call-gate selector with the DPL. The RPL must be less than or equal to the
DPL.
3. A call or jump through a call gate to a conforming segment requires that the CPL be greater than or
equal to the DPL. Otherwise, a call or jump through a call gate requires that the CPL be equal to the
DPL.
DPL.
5.5.2.5.5.5 Access control through type check
After a segment descriptor is loaded into one of the segment registers, reads and writes into the segments are
restricted based on type checks, as follows:
restricted based on type checks, as follows:
•
Prohibit write operations into read-only data segment types.
•
Prohibit write operations into executable code segment types.
•
Prohibit read operations from code segments if the readable bit is cleared to 0.
5.5.2.5.6 Paging
The paging unit translates a linear address into a physical address. Linear addresses are grouped in fixed
length intervals called pages. To allow the kernel to specify the physical address and access rights of a page
instead of addresses and access rights of all the linear addresses in the page, continuous linear addresses
within a page are mapped to continuous physical addresses.
length intervals called pages. To allow the kernel to specify the physical address and access rights of a page
instead of addresses and access rights of all the linear addresses in the page, continuous linear addresses
within a page are mapped to continuous physical addresses.
119