Manualshelf

Intel 64 and IA-32 Architectures Software Developers Manual Volume 1, Basic Architecture

ManualsBrandsIntel ManualsOtherIntel Pentium 4 Processor 2.80 GHz, 512K Cache, 533 MHz FSB
351352353354355356357358359360
Vol. 1 13-5
INPUT/OUTPUT
ilege level needed to perform I/O. In a typical protection ring model, access to the
I/O address space is restricted to privilege levels 0 and 1. Here, kernel and the device
drivers are allowed to perform I/O, while less privileged device drivers and applica-
tion programs are denied access to the I/O address space. Application programs
must then make calls to the operating system to perform I/O.
The following instructions can be executed only if the current privilege level (CPL) of
the program or task currently executing is less than or equal to the IOPL: IN, INS,
OUT, OUTS, CLI (clear interrupt-enable flag), and STI (set interrupt-enable flag).
These instructions are called I/O sensitive instructions, because they are sensitive
to the IOPL field. Any attempt by a less privileged program or task to use an I/O
sensitive instruction results in a general-protection exception (#GP) being signaled.
Because each task has its own copy of the EFLAGS register, each task can have a
different IOPL.
The I/O permission bit map in the TSS can be used to modify the effect of the IOPL
on I/O sensitive instructions, allowing access to some I/O ports by less privileged
programs or tasks (see Section 13.5.2, “I/O Permission Bit Map”).
A program or task can change its IOPL only with the POPF and IRET instructions;
however, such changes are privileged. No procedure may change the current IOPL
unless it is running at privilege level 0. An attempt by a less privileged procedure to
change the IOPL does not result in an exception; the IOPL simply remains
unchanged.
The POPF instruction also may be used to change the state of the IF flag (as can the
CLI and STI instructions); however, the POPF instruction in this case is also I/O sensi-
tive. A procedure may use the POPF instruction to change the setting of the IF flag
only if the CPL is less than or equal to the current IOPL. An attempt by a less privi-
leged procedure to change the IF flag does not result in an exception; the IF flag
simply remains unchanged.
13.5.2 I/O Permission Bit Map
The I/O permission bit map is a device for permitting limited access to I/O ports by
less privileged programs or tasks and for tasks operating in virtual-8086 mode. The
I/O permission bit map is located in the TSS (see Figure 13-2) for the currently
running task or program. The address of the first byte of the I/O permission bit map
is given in the I/O map base address field of the TSS. The size of the I/O permission
bit map and its location in the TSS are variable.