Filter
Top Products
inter
80386
Virtual
8086
Mode, refer to section 4.6.4 Protection
and
110
Permission Bitmap.
The
110
privilege level (IOPL) also affects whether
several other instructions can
be
executed or cause
an
exception 13 fault instead. These instructions are
called "IOPL·sensitive" instructions and they are
CLI
and
STI.
(Note that the LOCK prefix is not 10PL·
sensitive
on
the 80386.)
The 10PL also affects whether the
IF
(interrupts en·
able
flag) bit can
be
changed by loading a value into
the
EFLAGS register. When
CPL
os:
10PL,
then the
IF
bit can
be
changed
by
loading a new value into
the
EFLAGS register. When CPL >
10PL,
the
IF
bit
cannot
be
changed
by
a new value POP'ed into (or
otherwise
loaded into) the EFLAGS register; the
IF
bit merely remains unchanged and no exception
is
generated.
Table 4-2. Pointer
Test
Instructions
Instruction
Operands
Function
ARPL Selector,
Adjust Requested Privi-
Register
lege Level: adjusts the
RPL of the selector to the
numeric maximum of
current
selector RPL value
and the RPL value
in
the
register.
Set zero flag if
selector RPL was
changed.
VERR
Selector VERify for Read: sets the
zero
flag if the segment
referred to
by
the selector
can be read.
VERW
Selector VERify for Write: sets the
zero
flag if the segment
referred to
by
the selector
can be written.
LSL
Register,
Load
Segment Limit: reads
Selector the segment limit into the
register if privilege
rules
and descriptor type allow.
Set
zero flag if successful.
LAR
Register,
Load Access Rights: reads
Selector the descriptor access
rights byte into the register
if privilege
rules allow. Set
zero flag if successful.
46
4.4.3.4 PRIVILEGE VALIDATION
The
80386
provides several instructions to speed
pointer testing and
help maintain system integrity by
verifying that the
selector value refers to
an
appro·
priate segment.
Table 4-2 summarizes the selector
validation procedures available for the 80386.
This pointer verification prevents the common prob-
lem
of
an
application at
PL
= 3 calling a operating
systems routine at
PL
= 0 and passing the operat-
ing
system routine a
"bad"
pointer which corrupts a
data structure
belonging to the operating system. If
the operating system routine uses the ARPL instruc-
tion to ensure that the
RPL
of the selector has
no
greater privilege than that of the caller, then this
problem can
be
avoided.
4.4.3.5
DESCRIPTOR ACCESS
There are basically two types of segment accesses:
those
involving code segments such
as
control
transfers, and those involving data accesses. Deter·
mining the
ability of a task to access a segment in-
volves
the type of segment to be accessed, the in-
struction used, the type of descriptor used and
CPL,
RPL,
and
DPL
as described above.
Any
time
an
instruction loads data segment registers
(DS,
ES,
FS,
GS)
the
80386
makes protection vali-
dation checks. Selectors loaded
in
the
DS,
ES,
FS,
GS
registers must refer only to data segments or
readable code segments. The data access rules are
specified
in
section 4.2.2 Rules
of
Privilege. The
only exception to those rules
is
readable conforming
code segments which can
be
accessed at any privi-
lege level.
Finally
the privilege validation checks are performed.
The
CPL
is
compared to the
EPL
and if the
EPL
is
more privileged than the
CPL
an
exception 13 (gen-
eral
protection fault)
is
generated.
The
rules regarding the stack segment are slightly
different than those involving data segments.
In-
structions that load selectors into
SS
must refer to
data segment descriptors for
writeable data seg-
ments. The DPL and RPL must equal the
CPL.
All
other descriptor types or a privilege level violation
will
cause exception 13. A stack not present fault
causes exception 12. Note that
an
exception
11
is
used for a not-present code or data segment.
4.4.4 Privilege Level Transfers
Inter-segment control transfers occur when a selec-
tor
is
loaded
in
the
CS
register. For a typical system
most of these transfers are
simply the result of a call