Filter
Top Products
80386
4.4 PROTECTION
4.4.1
Protection
Concepts
CPU
ENFORCED
SOFTWARE
INTERFACES
HIGH
SPEED
OPERATING
SYSTEM
INTERFACE
APPLICATIONS
231630-63
Figure 4-14. Four-Level Hierachical
Protection
The 80386 has four levels of protection which are
optimized to support the needs of a mUlti-tasking
op-
erating system to isolate and protect user programs
from each other and the operating system. The
privi-
lege levels
control the use of privileged instructions,
I/O
instructions, and access to segments and seg-
ment descriptors. Unlike traditional microprocessor-
based systems where this protection
is
achieved
only through the use of complex external hardware
and
software the 80386 provides the protection as
part of its integrated Memory Management Unit. The
80386 offers
an
additional type of protection
on
a
page basis, when paging
is
enabled (See section
4.5.3 Page
Level Protection).
The
four-level hierarchical privilege system
is
illus-
trated
in
Figure 4-14. It
is
an
extension of the user /
supervisor privilege mode commonly used by
mini-
computers and,
in
fact, the user/supervisor mode
is
fully supported by the 80386 paging mechanism.
The privilege
levels
(PL)
are numbered 0 through
3.
Level 0
is
the most privileged or trusted level.
4.4.2 Rules
of
Privilege
The 80386 controls access to both data and proce-
dures between levels of a task, according to the fol-
lowing rules.
o Data stored
in
a segment with privilege level p can
be
accessed only
by
code executing at a privilege
level at least
as
privileged as
p.
• A code segment/procedure with privilege level p
can only be called
by
a task executing at the same
or a lesser privilege
level than p.
45
4.4.3 Privilege Levels
4.4_3.1
TASK PRIVILEGE
At any point in time, a task
on
the 80386 always
executes at one of the four privilege
levels. The Cur-
rent Privilege Level
(CPL)
specifies the task's privi-
lege level.
A task's
CPL
may only be changed
by
control transfers through gate descriptors to a code
segment with a different privilege
level. (See section
4.4.4 Privilege
Level Transfers) Thus,
an
applica-
tion program running at
PL
= 3 may call
an
operat-
ing system routine
at
PL
= 1 (via a gate) which
would cause the task's
CPL
to
be
set to 1 until the
operating system routine was finished.
4.4.3.2 SELECTOR PRIVILEGE (RPL)
The privilege
level of a selector
is
specified
by
the
RPL
field. The
RPL
is
the two least significant bits of
the selector. The selector's RPL
is
only used to es-
tablish
a less trusted privilege level than the current
privilege
level for the use of a segment. This level
is
called the task's effective privilege level (EPL). The
EPL
is
defined
as
being the least privileged (i.e. nu-
merically
larger) level of a task's
CPL
and a selec-
tor's RPL. Thus, if selector's
RPL
= 0 then the CPL
always specifies the privilege level for making
an
ac-
cess using the selector.
On
the other hand if RPL =
3 then a selector can only access segments at level
3 regardless of the task's
CPL.
The RPL
is
most
commonly used to verify that pointers passed to
an
operating system procedure do not access data that
is
of higher privilege than the procedure that origi-
nated the pointer. Since the originator of a selector
can specify any RPL value, the Adjust RPL (ARPL)
instruction is provided to force the
RPL
bits to the
originator's
CPL.
4.4.3_3
I/O
PRIVILEGE AND
1/0
PERMISSION
BITMAP
The
110
privilege level (IOPL, a 2-bit field
in
the
EFLAG register) defines the
least privileged level at
which
I/O
instructions can be unconditionally per-
formed.
110
instructions can
be
unconditionally per-
formed when
CPL
s:
10PL.
(The
I/O
instructions are
IN,
OUT, INS, OUTS,
REP
INS,
and
REP
OUTS.)
When
CPL
>
10PL,
and the current task
is
associat-
ed
with a 286
TSS,
attempted 1/0 instructions cause
an
exception
13
fault. When
CPL
> 10PL, and the
current task
is
associated with a 386 TSS, the
I/O
Permission Bitmap (part of a 386 TSS)
is
consulted
on whether
I/O
to the port
is
allowed, or
an
excep-
tion
13
fault
is
to be generated instead. For diagrams
of the
1/0
Permission Bitmap, refer to Figures 4-15a
and 4-15b. For further information on how the
110
Permission Bitmap
is
used in Protected Mode or in