M80C286 データシートの表示(PDF) - Intel
部品番号
コンポーネント説明
メーカー
M80C286 Datasheet PDF : 60 Pages
| |||
M80C286
271103 – 17
Figure 19 Privilege Levels
Level 0 is the most privileged level Privilege levels
provide protection within a task (Tasks are isolated
by providing private LDT’s for each task ) Operating
system routines interrupt handlers and other sys-
tem software can be included and protected within
the virtual address space of each task using the four
levels of privilege Each task in the system has a
separate stack for each of its privilege levels
Tasks descriptors and selectors have a privilege
level attribute that determines whether the descrip-
tor may be used Task privilege effects the use of
instructions and descriptors Descriptor and selector
privilege only effect access to the descriptor
TASK PRIVILEGE
A task always executes at one of the four privilege
levels The task privilege level at any specific instant
is called the Current Privilege Level (CPL) and is de-
fined by the lower two bits of the CS register CPL
cannot change during execution in a single code
segment A task’s CPL may only be changed by con-
trol transfers through gate descriptors to a new code
segment (See Control Transfer) Tasks begin exe-
cuting at the CPL value specified by the code seg-
ment selector within TSS when the task is initiated
via a task switch operation (See Figure 20) A task
executing at Level 0 can access all data segments
defined in the GDT and the task’s LDT and is con-
sidered the most trusted level A task executing a
Level 3 has the most restricted access to data and is
considered the least trusted level
DESCRIPTOR PRIVILEGE
Descriptor privilege is specified by the Descriptor
Privilege Level (DPL) field of the descriptor access
byte DPL specifies the least trusted task privilege
level (CPL) at which a task may access the descrip-
tor Descriptors with DPL e 0 are the most protect-
ed Only tasks executing at privilege level 0
(CPL e 0) may access them Descriptors with DPL
e 3 are the least protected (i e have the least re-
stricted access) since tasks can access them when
CPL e 0 1 2 or 3 This rule applies to all descrip-
tors except LDT descriptors
SELECTOR PRIVILEGE
Selector privilege is specified by the Requested Priv-
ilege Level (RPL) field in the least significant two bits
of a selector Selector RPL may establish a less
trusted privilege level than the current privilege level
for the use of a selector This level is called the
task’s effective privilege level (EPL) RPL can only
reduce the scope of a task’s access to data with this
selector A task’s effective privilege is the numeric
maximum of RPL and CPL A selector with RPL e 0
imposes no additional restriction on its use while a
selector with RPL e 3 can only refer to segments at
privilege Level 3 regardless of the task’s CPL RPL
is generally used to verify that pointer parameters
passed to a more trusted procedure are not allowed
to use data at a more privileged level than the caller
(refer to pointer testing instructions)
Descriptor Access and Privilege
Validation
Determining the ability of a task to access a seg-
ment involves the type of segment to be accessed
the instruction used the type of descriptor used and
CPL RPL and DPL The two basic types of segment
accesses are control transfer (selectors loaded into
CS) and data (selectors loaded into DS ES or SS)
DATA SEGMENT ACCESS
Instructions that load selectors into DS and ES must
refer to a data segment descriptor or readable code
segment descriptor The CPL of the task and the
RPL of the selector must be the same as or more
privileged (numerically equal to or lower than) than
the descriptor DPL In general a task can only ac-
cess data segments at the same or less privileged
levels than the CPL or RPL (whichever is numerically
higher) to prevent a program from accessing data it
cannot be trusted to use
An exception to the rule is a readable conforming
code segment This type of code segment can be
read from any privilege level
If the privilege checks fail (e g DPL is numerically
less than the maximum of CPL and RPL) or an incor-
rect type of descriptor is referenced (e g gate de-
16
Share Link: 