background image

Vol. 3A 5-25

PROTECTION

2. Checks that the segment selector points to a segment descriptor that is within the descriptor table limit (GDT 

or LDT).

3. Checks that the segment descriptor is a code, data, LDT, call gate, task gate, or TSS segment-descriptor type.
4. If the segment is not a conforming code segment, checks if the segment descriptor is visible at the CPL (that 

is, if the CPL and the RPL of the segment selector are less than or equal to the DPL).

5. If the privilege level and type checks pass, loads the second doubleword of the segment descriptor into the 

destination register (masked by the value 00FXFF00H, where X indicates that the corresponding 4 bits are 
undefined) and sets the ZF flag in the EFLAGS register. If the segment selector is not visible at the current 
privilege level or is an invalid type for the LAR instruction, the instruction does not modify the destination 
register and clears the ZF flag.

Once loaded in the destination register, software can preform additional checks on the access rights information.

5.10.2 

Checking Read/Write Rights (VERR and VERW Instructions)

When the processor accesses any code or data segment it checks the read/write privileges assigned to the 
segment to verify that the intended read or write operation is allowed. Software can check read/write rights using 
the VERR (verify for reading) and VERW (verify for writing) instructions. Both these instructions specify the 
segment selector for the segment being checked. The instructions then perform the following operations:
1. Check that the segment selector is not null.
2. Checks that the segment selector points to a segment descriptor that is within the descriptor table limit (GDT 

or LDT).

3. Checks that the segment descriptor is a code or data-segment descriptor type.
4. If the segment is not a conforming code segment, checks if the segment descriptor is visible at the CPL (that 

is, if the CPL and the RPL of the segment selector are less than or equal to the DPL).

5. Checks that the segment is readable (for the VERR instruction) or writable (for the VERW) instruction.
The VERR instruction sets the ZF flag in the EFLAGS register if the segment is visible at the CPL and readable; the 
VERW sets the ZF flag if the segment is visible and writable. (Code segments are never writable.) The ZF flag is 
cleared if any of these checks fail.

5.10.3 

Checking That the Pointer Offset Is Within Limits (LSL Instruction)

When the processor accesses any segment it performs a limit check to insure that the offset is within the limit of 
the segment. Software can perform this limit check using the LSL (load segment limit) instruction. Like the LAR 
instruction, the LSL instruction specifies the segment selector for the segment descriptor whose limit is to be 
checked and a destination register. The instruction then performs the following operations:
1. Check that the segment selector is not null.
2. Checks that the segment selector points to a segment descriptor that is within the descriptor table limit (GDT 

or LDT).

3. Checks that the segment descriptor is a code, data, LDT, or TSS segment-descriptor type.
4. If the segment is not a conforming code segment, checks if the segment descriptor is visible at the CPL (that 

is, if the CPL and the RPL of the segment selector less than or equal to the DPL).

5. If the privilege level and type checks pass, loads the unscrambled limit (the limit scaled according to the setting 

of the G flag in the segment descriptor) into the destination register and sets the ZF flag in the EFLAGS register. 
If the segment selector is not visible at the current privilege level or is an invalid type for the LSL instruction, 
the instruction does not modify the destination register and clears the ZF flag.

Once loaded in the destination register, software can compare the segment limit with the offset of a pointer.