5-6 Vol. 3A
PROTECTION
— No instruction may write into a data segment if it is not writable.
— No instruction may read an executable segment unless the readable flag is set.
•
When an instruction operand contains a segment selector — Certain instructions can access segments
or gates of only a particular type, for example:
— A far CALL or far JMP instruction can only access a segment descriptor for a conforming code segment,
nonconforming code segment, call gate, task gate, or TSS.
— The LLDT instruction must reference a segment descriptor for an LDT.
— The LTR instruction must reference a segment descriptor for a TSS.
— The LAR instruction must reference a segment or gate descriptor for an LDT, TSS, call gate, task gate, code
segment, or data segment.
— The LSL instruction must reference a segment descriptor for a LDT, TSS, code segment, or data segment.
— IDT entries must be interrupt, trap, or task gates.
•
During certain internal operations — For example:
— On a far call or far jump (executed with a far CALL or far JMP instruction), the processor determines the
type of control transfer to be carried out (call or jump to another code segment, a call or jump through a
gate, or a task switch) by checking the type field in the segment (or gate) descriptor pointed to by the
segment (or gate) selector given as an operand in the CALL or JMP instruction. If the descriptor type is for
a code segment or call gate, a call or jump to another code segment is indicated; if the descriptor type is for
a TSS or task gate, a task switch is indicated.
— On a call or jump through a call gate (or on an interrupt- or exception-handler call through a trap or
interrupt gate), the processor automatically checks that the segment descriptor being pointed to by the
gate is for a code segment.
— On a call or jump to a new task through a task gate (or on an interrupt- or exception-handler call to a new
task through a task gate), the processor automatically checks that the segment descriptor being pointed to
by the task gate is for a TSS.
— On a call or jump to a new task by a direct reference to a TSS, the processor automatically checks that the
segment descriptor being pointed to by the CALL or JMP instruction is for a TSS.
— On return from a nested task (initiated by an IRET instruction), the processor checks that the previous task
link field in the current TSS points to a TSS.
5.4.1
Null Segment Selector Checking
Attempting to load a null segment selector (see Section 3.4.2, “Segment Selectors”) into the CS or SS segment
register generates a general-protection exception (#GP). A null segment selector can be loaded into the DS, ES,
FS, or GS register, but any attempt to access a segment through one of these registers when it is loaded with a null
segment selector results in a #GP exception being generated. Loading unused data-segment registers with a null
segment selector is a useful method of detecting accesses to unused segment registers and/or preventing
unwanted accesses to data segments.
5.4.1.1
NULL Segment Checking in 64-bit Mode
In 64-bit mode, the processor does not perform runtime checking on NULL segment selectors. The processor does
not cause a #GP fault when an attempt is made to access memory where the referenced segment register has a
NULL segment selector.
5.5 PRIVILEGE
LEVELS
The processor’s segment-protection mechanism recognizes 4 privilege levels, numbered from 0 to 3. The greater
numbers mean lesser privileges. Figure 5-3 shows how these levels of privilege can be interpreted as rings of
protection.