Intel architecture ia-32 Manual Do Utilizador
4-2 Vol. 3A
PROTECTION
that is based on privilege levels can essentially be disabled while still in protected mode by
assigning a privilege level of 0 (most privileged) to all segment selectors and segment descrip-
tors. This action disables the privilege level protection barriers between segments, but other
protection checks such as limit checking and type checking are still carried out.
assigning a privilege level of 0 (most privileged) to all segment selectors and segment descrip-
tors. This action disables the privilege level protection barriers between segments, but other
protection checks such as limit checking and type checking are still carried out.
Page-level protection is automatically enabled when paging is enabled (by setting the PG flag
in register CR0). Here again there is no mode bit for turning off page-level protection once
paging is enabled. However, page-level protection can be disabled by performing the following
operations:
in register CR0). Here again there is no mode bit for turning off page-level protection once
paging is enabled. However, page-level protection can be disabled by performing the following
operations:
•
Clear the WP flag in control register CR0.
•
Set the read/write (R/W) and user/supervisor (U/S) flags for each page-directory and page-
table entry.
table entry.
This action makes each page a writable, user page, which in effect disables page-level
protection.
protection.
4.2
FIELDS AND FLAGS USED FOR SEGMENT-LEVEL AND
PAGE-LEVEL PROTECTION
PAGE-LEVEL PROTECTION
The processor’s protection mechanism uses the following fields and flags in the system data
structures to control access to segments and pages:
structures to control access to segments and pages:
•
Descriptor type (S) flag — (Bit 12 in the second doubleword of a segment descriptor.)
Determines if the segment descriptor is for a system segment or a code or data segment.
Determines if the segment descriptor is for a system segment or a code or data segment.
•
Type field — (Bits 8 through 11 in the second doubleword of a segment descriptor.)
Determines the type of code, data, or system segment.
Determines the type of code, data, or system segment.
•
Limit field — (Bits 0 through 15 of the first doubleword and bits 16 through 19 of the
second doubleword of a segment descriptor.) Determines the size of the segment, along
with the G flag and E flag (for data segments).
second doubleword of a segment descriptor.) Determines the size of the segment, along
with the G flag and E flag (for data segments).
•
G flag — (Bit 23 in the second doubleword of a segment descriptor.) Determines the size
of the segment, along with the limit field and E flag (for data segments).
of the segment, along with the limit field and E flag (for data segments).
•
E flag — (Bit 10 in the second doubleword of a data-segment descriptor.) Determines the
size of the segment, along with the limit field and G flag.
size of the segment, along with the limit field and G flag.
•
Descriptor privilege level (DPL) field — (Bits 13 and 14 in the second doubleword of a
segment descriptor.) Determines the privilege level of the segment.
segment descriptor.) Determines the privilege level of the segment.
•
Requested privilege level (RPL) field — (Bits 0 and 1 of any segment selector.) Specifies
the requested privilege level of a segment selector.
the requested privilege level of a segment selector.
•
Current privilege level (CPL) field — (Bits 0 and 1 of the CS segment register.) Indicates
the privilege level of the currently executing program or procedure. The term current
privilege level (CPL) refers to the setting of this field.
the privilege level of the currently executing program or procedure. The term current
privilege level (CPL) refers to the setting of this field.
•
User/supervisor (U/S) flag — (Bit 2 of a page-directory or page-table entry.) Determines
the type of page: user or supervisor.
the type of page: user or supervisor.