background image

Vol. 3A 5-9

PROTECTION

E1 or E2, such that the RPL would be acceptable, it still could not access data segment E because its CPL is not 
privileged enough.

4. The procedure in code segment D should be able to access data segment E because code segment D’s CPL is 

numerically less than the DPL of data segment E. However, the RPL of segment selector E3 (which the code 
segment D procedure is using to access data segment E) is numerically greater than the DPL of data segment 
E, so access is not allowed. If the code segment D procedure were to use segment selector E1 or E2 to access 
the data segment, access would be allowed.

As demonstrated in the previous examples, the addressable domain of a program or task varies as its CPL changes. 
When the CPL is 0, data segments at all privilege levels are accessible; when the CPL is 1, only data segments at 
privilege levels 1 through 3 are accessible; when the CPL is 3, only data segments at privilege level 3 are acces-
sible. 
The RPL of a segment selector can always override the addressable domain of a program or task. When properly 
used, RPLs can prevent problems caused by accidental (or intensional) use of segment selectors for privileged data 
segments by less privileged programs or procedures.
It is important to note that the RPL of a segment selector for a data segment is under software control. For 
example, an application program running at a CPL of 3 can set the RPL for a data- segment selector to 0. With the 
RPL set to 0, only the CPL checks, not the RPL checks, will provide protection against deliberate, direct attempts to 
violate privilege-level security for the data segment. To prevent these types of privilege-level-check violations, a 
program or procedure can check access privileges whenever it receives a data-segment selector from another 
procedure (see Section 5.10.4, “Checking Caller Access Privileges (ARPL Instruction)”).

5.6.1 

Accessing Data in Code Segments

In some instances it may be desirable to access data structures that are contained in a code segment. The 
following methods of accessing data in code segments are possible:

Load a data-segment register with a segment selector for a nonconforming, readable, code segment.

Load a data-segment register with a segment selector for a conforming, readable, code segment.

Use a code-segment override prefix (CS) to read a readable, code segment whose selector is already loaded in 
the CS register.

The same rules for accessing data segments apply to method 1. Method 2 is always valid because the privilege 
level of a conforming code segment is effectively the same as the CPL, regardless of its DPL. Method 3 is always 
valid because the DPL of the code segment selected by the CS register is the same as the CPL.

Figure 5-5.  Examples of Accessing Data Segments From Various Privilege Levels

Data

Lowest Privilege

Highest Privilege

Segment E

3

2

1

0

CPL=1

CPL=3

CPL=0

DPL=2

CPL=2

Segment Sel. E3

RPL=3

Segment Sel. E1

RPL=2

Segment Sel. E2

RPL=1

Code

Segment C

Code

Segment A

Code

Segment B

Code

Segment D