calls. If the code segment is non-conforming (with conforming bit C set to zero in the segment descriptor), then the processor first checks to ensure that CPL is equal to DPL. If CPL is equal to DPL, then the processor performs the next check to see if the RPL value is less than or equal to the CPL. A general protection exception occurs if either of the two checks fail. If the code segment is conforming (with conforming bit C set to one in the segment descriptor), then the processor compares the target code-segment descriptor DPL with the currently executing program CPL. If the DPL is less than or equal to the CPL, then access is allowed. Otherwise, a general protection exception occurs. RPL is ignored for conforming segments.

5.5.2.5.5.4Access control for control transfers through call gates

The AMD Opteron processor uses call gates for control transfers to higher privileged code segments. Call gates are descriptors that contain pointers to code-segment descriptors and control access to those descriptors. Operating systems can use call gates to establish secure entry points into system service routines. Before loading the code register with the code segment selector located in the call gate, the processor performs the following three privilege checks:

1.Compare the CPL with the call-gate DPL from the call-gate descriptor. The CPL must be less than or equal to the DPL.

2.Compare the RPL in the call-gate selector with the DPL. The RPL must be less than or equal to the DPL.

3.A call or jump through a call gate to a conforming segment requires that the CPL be greater than or equal to the DPL. Otherwise, a call or jump through a call gate requires that the CPL be equal to the DPL.

5.5.2.5.5.5Access control through type check

After a segment descriptor is loaded into one of the segment registers, reads and writes into the segments are restricted based on type checks, as follows:

Prohibit write operations into read-only data segment types.

Prohibit write operations into executable code segment types.

Prohibit read operations from code segments if the readable bit is cleared to 0.

5.5.2.5.6Paging

The paging unit translates a linear address into a physical address. Linear addresses are grouped in fixed length intervals called pages. To allow the kernel to specify the physical address and access rights of a page instead of addresses and access rights of all the linear addresses in the page, continuous linear addresses within a page are mapped to continuous physical addresses.

119

Page 130 Page 132
Page 131
Image 131
IBM 10 SP1 EAL4 manual Access control through type check
Page 130 Page 132
Top Page Image Contents