5-24 Vol. 3A

PROTECTION

•

LTR — Load task register.

•

LIDT — Load IDT register.

•

MOV (control registers) — Load and store control registers.

•

LMSW — Load machine status word.

•

CLTS — Clear task-switched flag in register CR0.

•

MOV (debug registers) — Load and store debug registers.

•

INVD — Invalidate cache, without writeback.

•

WBINVD — Invalidate cache, with writeback.

•

INVLPG —Invalidate TLB entry.

•

HLT— Halt processor.

•

RDMSR — Read Model-Specific Registers.

•

WRMSR —Write Model-Specific Registers.

•

RDPMC — Read Performance-Monitoring Counter.

•

RDTSC — Read Time-Stamp Counter.

Some of the privileged instructions are available only in the more recent families of Intel 64 and IA-32 processors 
(see Section 22.13, “New Instructions In the Pentium and Later IA-32 Processors”).
The PCE and TSD flags in register CR4 (bits 4 and 2, respectively) enable the RDPMC and RDTSC instructions, 
respectively, to be executed at any CPL.

5.10 POINTER 

VALIDATION

When operating in protected mode, the processor validates all pointers to enforce protection between segments 
and maintain isolation between privilege levels. Pointer validation consists of the following checks:
1. Checking access rights to determine if the segment type is compatible with its use.
2. Checking read/write rights.
3. Checking if the pointer offset exceeds the segment limit.
4. Checking if the supplier of the pointer is allowed to access the segment.
5. Checking the offset alignment.
The processor automatically performs first, second, and third checks during instruction execution. Software must 
explicitly request the fourth check by issuing an ARPL instruction. The fifth check (offset alignment) is performed 
automatically at privilege level 3 if alignment checking is turned on. Offset alignment does not affect isolation of 
privilege levels.

5.10.1 

Checking Access Rights (LAR Instruction)

When the processor accesses a segment using a far pointer, it performs an access rights check on the segment 
descriptor pointed to by the far pointer. This check is performed to determine if type and privilege level (DPL) of the 
segment descriptor are compatible with the operation to be performed. For example, when making a far call in 
protected mode, the segment-descriptor type must be for a conforming or nonconforming code segment, a call 
gate, a task gate, or a TSS. Then, if the call is to a nonconforming code segment, the DPL of the code segment must 
be equal to the CPL, and the RPL of the code segment’s segment selector must be less than or equal to the DPL. If 
type or privilege level are found to be incompatible, the appropriate exception is generated.
To prevent type incompatibility exceptions from being generated, software can check the access rights of a 
segment descriptor using the LAR (load access rights) instruction. The LAR instruction specifies the segment 
selector for the segment descriptor whose access rights are to be checked and a destination register. The instruc-
tion then performs the following operations:
1. Check that the segment selector is not null.