Intel 64 and IA-32 Architectures Software Developers Manual Volume 3A, System Programming Guide, Part 1

ManualsBrandsIntel ManualsOtherIntel Pentium 4 Processor 2.80 GHz, 512K Cache, 533 MHz FSB

141

142

143

144

145

146

147

148

149

150

4-12 Vol. 3A

PROTECTION

4.6 PRIVILEGE LEVEL CHECKING WHEN ACCESSING DATA

SEGMENTS

To access operands in a data segment, the segment selector for the data segment

must be loaded into the data-segment registers (DS, ES, FS, or GS) or into the stack-

segment register (SS). (Segment registers can be loaded with the MOV, POP, LDS,

LES, LFS, LGS, and LSS instructions.) Before the processor loads a segment selector

into a segment register, it performs a privilege check (see Figure 4-4) by comparing

the privilege levels of the currently running program or task (the CPL), the RPL of the

segment selector, and the DPL of the segment’s segment descriptor. The processor

loads the segment selector into the segment register if the DPL is numerically greater

than or equal to both the CPL and the RPL. Otherwise, a general-protection fault is

generated and the segment register is not loaded.

Figure 4-5 shows four procedures (located in codes segments A, B, C, and D), each

running at different privilege levels and each attempting to access the same data

segment.

1. The procedure in code segment A is able to access data segment E using

segment selector E1, because the CPL of code segment A and the RPL of

segment selector E1 are equal to the DPL of data segment E.

2. The procedure in code segment B is able to access data segment E using segment

selector E2, because the CPL of code segment B and the RPL of segment selector

E2 are both numerically lower than (more privileged) than the DPL of data

segment E. A code segment B procedure can also access data segment E using

segment selector E1.

3. The procedure in code segment C is not able to access data segment E using

segment selector E3 (dotted line), because the CPL of code segment C and the

RPL of segment selector E3 are both numerically greater than (less privileged)

Figure 4-4. Privilege Check for Data Access

CPL

RPL

DPL

Privilege

Check

Data-Segment Descriptor

CS Register

Segment Selector

For Data Segment