User's Manual
Vol. 3 5-39
PROTECTION
The example in Figure 5-15 demonstrates how the ARPL instruction is intended to be
used. When the operating-system receives segment selector D2 from the application
program, it uses the ARPL instruction to compare the RPL of the segment selector
with the privilege level of the application program (represented by the code-segment
selector pushed onto the stack). If the RPL is less than application program’s privi
-
lege level, the ARPL instruction changes the RPL of the segment selector to match the
privilege level of the application program (segment selector D1). Using this instruc
-
tion thus prevents a procedure running at a numerically higher privilege level from
accessing numerically lower privilege-level (more privileged) segments by lowering
the RPL of a segment selector.
Note that the privilege level of the application program can be determined by reading
the RPL field of the segment selector for the application-program’s code segment.
This segment selector is stored on the stack as part of the call to the operating
system. The operating system can copy the segment selector from the stack into a
register for use as an operand for the ARPL instruction.
5.10.5 Checking Alignment
When the CPL is 3, alignment of memory references can be checked by setting the
AM flag in the CR0 register and the AC flag in the EFLAGS register. Unaligned memory
references generate alignment exceptions (#AC). The processor does not generate
alignment exceptions when operating at privilege level 0, 1, or 2. See
Table 6-7 for a
description of the alignment requirements when alignment checking is enabled.
5.11 PAGE-LEVEL PROTECTION
Page-level protection can be used alone or applied to segments. When page-level
protection is used with the flat memory model, it allows supervisor code and data
(the operating system or executive) to be protected from user code and data (appli
-
cation programs). It also allows pages containing code to be write protected. When
the segment- and page-level protection are combined, page-level read/write protec
-
tion allows more protection granularity within segments.
With page-level protection (as with segment-level protection) each memory refer-
ence is checked to verify that protection checks are satisfied. All checks are made
before the memory cycle is started, and any violation prevents the cycle from
starting and results in a page-fault exception being generated. Because checks are
performed in parallel with address translation, there is no performance penalty.
The processor performs two page-level protection checks:
• Restriction of addressable domain (supervisor and user modes).
• Page type (read only or read/write).
Violations of either of these checks results in a page-fault exception being generated.
See
Chapter 6, “Interrupt 14—Page-Fault Exception (#PF),” for an explanation of the