Vol. 3A 5-7
PROTECTION
The center (reserved for the most privileged code, data, and stacks) is used for the segments containing the critical
software, usually the kernel of an operating system. Outer rings are used for less critical software. (Systems that
use only 2 of the 4 possible privilege levels should use levels 0 and 3.)
The processor uses privilege levels to prevent a program or task operating at a lesser privilege level from accessing
a segment with a greater privilege, except under controlled situations. When the processor detects a privilege level
violation, it generates a general-protection exception (#GP).
To carry out privilege-level checks between code segments and data segments, the processor recognizes the
following three types of privilege levels:
•
Current privilege level (CPL) — The CPL is the privilege level of the currently executing program or task. It
is stored in bits 0 and 1 of the CS and SS segment registers. Normally, the CPL is equal to the privilege level of
the code segment from which instructions are being fetched. The processor changes the CPL when program
control is transferred to a code segment with a different privilege level. The CPL is treated slightly differently
when accessing conforming code segments. Conforming code segments can be accessed from any privilege
level that is equal to or numerically greater (less privileged) than the DPL of the conforming code segment.
Also, the CPL is not changed when the processor accesses a conforming code segment that has a different
privilege level than the CPL.
•
Descriptor privilege level (DPL) — The DPL is the privilege level of a segment or gate. It is stored in the DPL
field of the segment or gate descriptor for the segment or gate. When the currently executing code segment
attempts to access a segment or gate, the DPL of the segment or gate is compared to the CPL and RPL of the
segment or gate selector (as described later in this section). The DPL is interpreted differently, depending on
the type of segment or gate being accessed:
— Data segment — The DPL indicates the numerically highest privilege level that a program or task can have
to be allowed to access the segment. For example, if the DPL of a data segment is 1, only programs running
at a CPL of 0 or 1 can access the segment.
— Nonconforming code segment (without using a call gate) — The DPL indicates the privilege level that
a program or task must be at to access the segment. For example, if the DPL of a nonconforming code
segment is 0, only programs running at a CPL of 0 can access the segment.
— Call gate — The DPL indicates the numerically highest privilege level that the currently executing program
or task can be at and still be able to access the call gate. (This is the same access rule as for a data
segment.)
— Conforming code segment and nonconforming code segment accessed through a call gate — The
DPL indicates the numerically lowest privilege level that a program or task can have to be allowed to access
the segment. For example, if the DPL of a conforming code segment is 2, programs running at a CPL of 0 or
1 cannot access the segment.
Figure 5-3. Protection Rings
Level 0
Level 1
Level 2
Level 3
Protection Rings
Operating
Operating System
Services
System
Kernel
Applications