This preview shows page 1. Sign up to view the full content.
Unformatted text preview: arameter count in the call gate that the calling procedure referenced when it made the original call multiplied by the size of the parameters.) 4. (If the return requires a privilege level change.) Loads the SS and ESP registers with the saved SS and ESP values and switches back to the calling procedure’s stack. The SS and ESP values for the called procedure’s stack are discarded. Any limit violations detected while loading the stack-segment selector or stack pointer cause a general-protection exception (#GP) to be generated. The new stack-segment descriptor is also checked for type and privilege violations. 5. (If the RET instruction includes a parameter count operand.) Adds the parameter count (in bytes obtained from the RET instruction) to the current ESP register value, to step past the parameters on the calling procedure’s stack. The resulting ESP value is not checked against the limit of the stack segment. If the ESP value is beyond the limit, that fact is not recognized until the next stack operation. 6. (If the return requires a privilege level change.) Checks the contents of the DS, ES, FS, and GS segment registers. If any of these registers refer to segments whose DPL is less than the new CPL (excluding conforming code segments), the segment register is loaded with a null segment selector. Refer to the description of the RET instruction in Chapter 3, Instruction Set Reference, of the Intel Architecture Software Developer’s Manual, Volume 2, for a detailed description of the privilege level checks and other protection checks that the processor performs on a far return. 4-24 PROTECTION 4.9. PRIVILEGED INSTRUCTIONS Some of the system instructions (called “privileged instructions” are protected from use by application programs. The privileged instructions control system functions (such as the loading of system registers). They can be executed only when the CPL is 0 (most privileged). If one of these instructions is executed when the CPL is not 0, a general-protection exception (#GP) is generated. The following system instructions are privileged instructions: • • • • • • • • • • • • • • • • LGDT—Load GDT register. LLDT—Load LDT register. LTR—Load task register. LIDT—Load IDT register. MOV (control registers)—Load and store control registers. LMSW—Load machine status word. CLTS—Clear task-switched flag in register CR0. MOV (debug registers)—Load and store debug registers. INVD—Invalidate cache, without writeback. WBINVD—Invalidate cache, with writeback. INVLPG—Invalidate TLB entry. HLT—Halt processor. RDMSR—Read Model-Specific Registers. WRMSR—Write Model-Specific Registers. RDPMC—Read Performance-Monitoring Counter. RDTSC—Read Time-Stamp Counter. Some of the privileged instructions are available only in the more recent families of Intel Architecture processors (refer to Section 18.7., “New Instructions In the Pentium® and Later Intel Architecture Processors”, in Chapter 18, Intel Architecture Compatibility). The PCE and TSD flags in register CR4 (bits 4 and 2, respectively) enable the RDPMC and RDTSC instructions, respectively, to be executed at any CPL. 4.10. POINTER VALIDATION
When operating in protected mode, the processor validates all pointers to enforce protection between segments and maintain isolation between privilege levels. Pointer validation consists of the following checks: 1. Checking access rights to determine if the segment type is compatible with its use. 2. Checking read/write rights 4-25 PROTECTION 3. Checking if the pointer offset exceeds the segment limit. 4. Checking if the supplier of the pointer is allowed to access the segment. 5. Checking the offset alignment. The processor automatically performs first, second, and third checks during instruction execution. Software must explicitly request the fourth check by issuing an ARPL instruction. The fifth check (offset alignment) is performed automatically at privilege level 3 if alignment checking is turned on. Offset alignment does not affect isolation of privilege levels. 4.10.1. Checking Access Rights (LAR Instruction)
When the processor accesses a segment using a far pointer, it performs an access rights check on the segment descriptor pointed to by the far pointer. This check is performed to determine if type and privilege level (DPL) of the segment descriptor are compatible with the operation to be performed. For example, when making a far call in protected mode, the segment-descriptor type must be for a conforming or nonconforming code segment, a call gate, a task gate, or a TSS. Then, if the call is to a nonconforming code segment, the DPL of the code segment must be equal to the CPL, and the RPL of the code segment’s segment selector must be less than or equal to the DPL. If type or privilege level are found to be incompatible, the appropriate exception is generated. To prevent type incompatibility exceptions from being generated, software can check the access rights of a segment descriptor using the LAR (lo...
View Full Document
This note was uploaded on 06/07/2013 for the course ECE 1234 taught by Professor Kwhon during the Spring '10 term at University of California, Berkeley.
- Spring '10