User-Supervisor flag: This flag contains the privilege level that is required for accessing the page or page table. The User-Supervisor flag is either 0, which indicates that the page can be accessed only in kernel mode, or 1, which indicates that it can always be accessed.

Figure 5-32: Access control through paging

5.5.2.1.2.1Paging in the SLES kernel

The SLES kernel is based on Linux version 2.6.16, and implements three-level paging to support 64-bit architectures. The linear address is divided into the page global directory, the page middle directory, the page table, and the offset. On the TOE configuration of the SLES kernel running on System x systems, the page middle directory field is eliminated when it is set to zero.

5.5.2.1.2.2Access control for control transfers through call gates

Call gates act as an interface layer between code segments at different privilege levels. They define entry points in more privileged code, to which control can be transferred. Intel processors use these call gates, which control CPU transitions from one level of privilege to other. Call gates are descriptors that contain pointers to code-segment descriptors and control access to those descriptors.

Operating systems can use call gates to establish secure entry points into system service routines. Before loading the code register with the code segment selector located in the call gate, the processor performs the following three privilege checks:

1.Compare the CPL with the call-gate DPL from the call-gate descriptor. The CPL must be less than or equal to the DPL.

2.Compare the RPL in the call-gate selector with the DPL. The RPL must be less than or equal to the DPL.

3.Call or jump, through a call gate, to a conforming segment requires that the CPL must be greater than or equal to the DPL. A call or jump through a call gate requires that the CPL must be equal to the DPL.

90

Page 102
Image 102
IBM 10 SP1 EAL4 manual Access control through paging