Vol. 3A 5-9
PROTECTION
E1 or E2, such that the RPL would be acceptable, it still could not access data segment E because its CPL is not
privileged enough.
4. The procedure in code segment D should be able to access data segment E because code segment D’s CPL is
numerically less than the DPL of data segment E. However, the RPL of segment selector E3 (which the code
segment D procedure is using to access data segment E) is numerically greater than the DPL of data segment
E, so access is not allowed. If the code segment D procedure were to use segment selector E1 or E2 to access
the data segment, access would be allowed.
As demonstrated in the previous examples, the addressable domain of a program or task varies as its CPL changes.
When the CPL is 0, data segments at all privilege levels are accessible; when the CPL is 1, only data segments at
privilege levels 1 through 3 are accessible; when the CPL is 3, only data segments at privilege level 3 are acces-
sible.
The RPL of a segment selector can always override the addressable domain of a program or task. When properly
used, RPLs can prevent problems caused by accidental (or intensional) use of segment selectors for privileged data
segments by less privileged programs or procedures.
It is important to note that the RPL of a segment selector for a data segment is under software control. For
example, an application program running at a CPL of 3 can set the RPL for a data- segment selector to 0. With the
RPL set to 0, only the CPL checks, not the RPL checks, will provide protection against deliberate, direct attempts to
violate privilege-level security for the data segment. To prevent these types of privilege-level-check violations, a
program or procedure can check access privileges whenever it receives a data-segment selector from another
procedure (see Section 5.10.4, “Checking Caller Access Privileges (ARPL Instruction)”).
5.6.1
Accessing Data in Code Segments
In some instances it may be desirable to access data structures that are contained in a code segment. The
following methods of accessing data in code segments are possible:
•
Load a data-segment register with a segment selector for a nonconforming, readable, code segment.
•
Load a data-segment register with a segment selector for a conforming, readable, code segment.
•
Use a code-segment override prefix (CS) to read a readable, code segment whose selector is already loaded in
the CS register.
The same rules for accessing data segments apply to method 1. Method 2 is always valid because the privilege
level of a conforming code segment is effectively the same as the CPL, regardless of its DPL. Method 3 is always
valid because the DPL of the code segment selected by the CS register is the same as the CPL.
Figure 5-5. Examples of Accessing Data Segments From Various Privilege Levels
Data
Lowest Privilege
Highest Privilege
Segment E
3
2
1
0
CPL=1
CPL=3
CPL=0
DPL=2
CPL=2
Segment Sel. E3
RPL=3
Segment Sel. E1
RPL=2
Segment Sel. E2
RPL=1
Code
Segment C
Code
Segment A
Code
Segment B
Code
Segment D