This preview shows page 1. Sign up to view the full content.
Unformatted text preview: he processor loads a segment selector into a segment register, it performs a privilege check (refer to Figure 4-3) by comparing the privilege levels of the currently running program or task (the CPL), the RPL of the segment selector, and the DPL of the segment’s segment descriptor. The processor loads the segment selector into the segment register if the DPL is numerically greater than or equal to both the CPL and the RPL. Otherwise, a generalprotection fault is generated and the segment register is not loaded. CS Register CPL Segment Selector For Data Segment RPL Data-Segment Descriptor DPL Privilege Check Figure 4-3. Privilege Check for Data Access Figure 4-4 shows four procedures (located in codes segments A, B, C, and D), each running at different privilege levels and each attempting to access the same data segment. • • The procedure in code segment A is able to access data segment E using segment selector E1, because the CPL of code segment A and the RPL of segment selector E1 are equal to the DPL of data segment E. The procedure in code segment B is able to access data segment E using segment selector E2, because the CPL of code segment A and the RPL of segment selector E2 are both numerically lower than (more privileged) than the DPL of data segment E. A code segment B procedure can also access data segment E using segment selector E1. The procedure in code segment C is not able to access data segment E using segment selector E3 (dotted line), because the CPL of code segment C and the RPL of segment selector E3 are both numerically greater than (less privileged) than the DPL of data segment E. Even if a code segment C procedure were to use segment selector E1 or E2, such that the RPL would be acceptable, it still could not access data segment E because its CPL is not privileged enough. The procedure in code segment D should be able to access data segment E because code segment D’s CPL is numerically less than the DPL of data segment E. However, the RPL of segment selector E3 (which the code segment D procedure is using to access data segment E) is numerically greater than the DPL of data segment E, so access is not • • 4-10 PROTECTION allowed. If the code segment D procedure were to use segment selector E1 or E2 to access the data segment, access would be allowed. 3 Code Segment C CPL=3 Lowest Privilege Code Segment A CPL=2 Segment Sel. E3 RPL=3 Segment Sel. E1 RPL=2 Data Segment E DPL=2 2 1 Code Segment B CPL=1 Segment Sel. E2 RPL=1 0 Code Segment D CPL=0 Highest Privilege Figure 4-4. Examples of Accessing Data Segments From Various Privilege Levels As demonstrated in the previous examples, the addressable domain of a program or task varies as its CPL changes. When the CPL is 0, data segments at all privilege levels are accessible; when the CPL is 1, only data segments at privilege levels 1 through 3 are accessible; when the CPL is 3, only data segments at privilege level 3 are accessible. The RPL of a segment selector can always override the addressable domain of a program or task. When properly used, RPLs can prevent problems caused by accidental (or intensional) use of segment selectors for privileged data segments by less privileged programs or procedures. It is important to note that the RPL of a segment selector for a data segment is under software control. For example, an application program running at a CPL of 3 can set the RPL for a datasegment selector to 0. With the RPL set to 0, only the CPL checks, not the RPL checks, will provide protection against deliberate, direct attempts to violate privilege-level security for the data segment. To prevent these types of privilege-level-check violations, a program or procedure can check access privileges whenever it receives a data-segment selector from another procedure (refer to Section 4.10.4., “Checking Caller Access Privileges (ARPL Instruction)”). 4-11 PROTECTION 4.6.1. Accessing Data in Code Segments In some instances it may be desirable to access data structures that are contained in a code segment. The following methods of accessing data in code segments are possible: • • • Load a data-segment register with a segment selector for a nonconforming, readable, code segment. Load a data-segment register with a segment selector for a conforming, readable, code segment. Use a code-segment override prefix (CS) to read a readable, code segment whose selector is already loaded in the CS register. The same rules for accessing data segments apply to method 1. Method 2 is always valid because the privilege level of a conforming code segment is effectively the same as the CPL, regardless of its DPL. Method 3 is always valid because the DPL of the code segment selected by the CS register is the same as the CPL. 4.7. PRIVILEGE LEVEL CHECKING WHEN LOADING THE SS REGISTER Privilege level checking also occurs when the SS register is loaded with the segment selector for a stack segment. Here all privilege levels related to the stack segment must match the CPL; that is, the CPL, the RPL of the stack-segment selector, and the DPL of t...
View Full Document
This note was uploaded on 06/07/2013 for the course ECE 1234 taught by Professor Kwhon during the Spring '10 term at University of California, Berkeley.
- Spring '10