 English |
|
|
|
|
|
|
|
| 376 Datasheet, PDF (28/95 Pages) Intel Corporation – 376TM HIGH PERFORMANCE 32-BIT EMBEDDED PROCESSOR | |||
| |||
| ◁ |
376 EMBEDDED PROCESSOR
by control transfers through gate descriptors to a
code segment with a different privilege level Thus
an application program running at PLe3 may call an
operating system routine at PLe1 (via a gate) which
would cause the taskâs CPL to be set to 1 until the
operating system routine was finished
Selector Privilege (RPL)
The privilege level of a selector is specified by the
RPL field The selectorâs RPL is only used to estab-
lish a less trusted privilege level than the current
privilege level of the task for the use of a segment
This level is called the taskâs effective privilege level
(EPL) The EPL is defined as being the least privi-
leged (numerically larger) level of a taskâs CPL and a
selectorâs RPL The RPL is most commonly used to
verify that pointers passed to an operating system
procedure do not access data that is of higher privi-
lege than the procedure that originated the pointer
Since the originator of a selector can specify any
RPL value the Adjust RPL (ARPL) instruction is pro-
vided to force the RPL bits to the originatorâs CPL
I O Privilege
The I O privilege level (IOPL) lets the operating sys-
tem code executing at CPLe0 define the least privi-
leged level at which I O instructions can be used An
exception 13 (General Protection Violation) is gener-
ated if an I O instruction is attempted when the CPL
of the task is less privileged than the IOPL The
IOPL is stored in bits 13 and 14 of the EFLAGS reg-
ister The following instructions cause an exception
13 if the CPL is greater than IOPL IN INS OUT
OUTS STI CLI and LOCK prefix
Descriptor Access
There are basically two types of segment acces-
sess those involving code segments such as con-
trol transfers and those involving data accesses
Determining the ability of a task to access a seg-
ment involves the type of segment to be accessed
the instruction used the type of descriptor used and
CPL RPL and DPL as described above
Any time an instruction loads a data segment regis-
ter (DS ES FS GS) the 80376 makes protection
validation checks Selectors loaded in the DS ES
FS GS registers must refer only to data segment or
readable code segments
Finally the privilege validation checks are performed
The CPL is compared to the EPL and if the EPL is
more privileged than the CPL an exception 13 (gen-
eral protection fault) is generated
The rules regarding the stack segment are slightly
different than those involving data segments In-
structions that load selectors into SS must refer to
data segment descriptors for writeable data seg-
ments The DPL and RPL must equal the CPL of all
other descriptor types or a privilege level violation
will cause an exception 13 A stack not present fault
causes an exception 12
PRIVILEGE LEVEL TRANSFERS
Inter-segment control transfers occur when a selec-
tor is loaded in the CS register For a typical system
most of these transfers are simply the result of a call
or a jump to another routine There are five types of
control transfers which are summarized in Table 3 2
Many of these transfers result in a privilege level
transfer Changing privilege levels is done only by
control transfers using gates task switches and in-
terrupt or trap gates
Control transfers can only occur if the operation
which loaded the selector references the correct de-
scriptor type Any violation of these descriptor usage
rules will cause an exception 13
CALL GATES
Gates provide protected indirect CALLs One of the
major uses of gates is to provide a secure method of
privilege transfers within a task Since the operating
system defines all of the gates in a system it can
ensure that all gates only allow entry into a few trust-
ed procedures
28
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese