Intel 64 and IA-32 Architectures Software Developers Manual Volume 3A, System Programming Guide, Part 1
Vol. 3A 4-13
PROTECTION
than the DPL of data segment E. Even if a code segment C procedure were to use
segment selector E1 or E2, such that the RPL would be acceptable, it still could
not access data segment E because its CPL is not privileged enough.
4. The procedure in code segment D should be able to access data segment E
because code segment D’s CPL is numerically less than the DPL of data segment
E. However, the RPL of segment selector E3 (which the code segment D
procedure is using to access data segment E) is numerically greater than the DPL
of data segment E, so access is not allowed. If the code segment D procedure
were to use segment selector E1 or E2 to access the data segment, access would
be allowed.
As demonstrated in the previous examples, the addressable domain of a program or
task varies as its CPL changes. When the CPL is 0, data segments at all privilege
levels are accessible; when the CPL is 1, only data segments at privilege levels 1
through 3 are accessible; when the CPL is 3, only data segments at privilege level 3
are accessible.
The RPL of a segment selector can always override the addressable domain of a
program or task. When properly used, RPLs can prevent problems caused by acci-
dental (or intensional) use of segment selectors for privileged data segments by less
privileged programs or procedures.
It is important to note that the RPL of a segment selector for a data segment is under
software control. For example, an application program running at a CPL of 3 can set
the RPL for a data- segment selector to 0. With the RPL set to 0, only the CPL checks,
not the RPL checks, will provide protection against deliberate, direct attempts to
Figure 4-5. Examples of Accessing Data Segments From Various Privilege Levels
Data
Lowest Privilege
Highest Privilege
Segment E
3
2
1
0
CPL=1
CPL=3
CPL=0
DPL=2
CPL=2
Segment Sel. E3
RPL=3
Segment Sel. E1
RPL=2
Segment Sel. E2
RPL=1
Code
Segment C
Code
Segment A
Code
Segment B
Code
Segment D