Intel 80386 manual Privilege Level Transfers

Virtual 8086 Mode, refer to section 4.6.4 Protection and 110 Permission Bitmap.

The 110 privilege level (IOPL) also affects whether several other instructions can be executed or cause an exception 13 fault instead. These instructions are called "IOPL·sensitive" instructions and they are CLI and STI. (Note that the LOCK prefix is not 10PL· sensitive on the 80386.)

The 10PL also affects whether the IF (interrupts en· able flag) bit can be changed by loading a value into the EFLAGS register. When CPL os: 10PL, then the IF bit can be changed by loading a new value into the EFLAGS register. When CPL > 10PL, the IF bit cannot be changed by a new value POP'edinto (or otherwise loaded into) the EFLAGS register; the IF bit merely remains unchanged and no exception is generated.

Table 4-2. Pointer Test Instructions

Instruction Operands Function

if privilege rules allow. Set zero flag if successful.

4.4.3.4 PRIVILEGE VALIDATION

The 80386 provides several instructions to speed pointer testing and help maintain system integrity by verifying that the selector value refers to an appro· priate segment. Table 4-2 summarizes the selector validation procedures available for the 80386.

This pointer verification prevents the common prob- lem of an application at PL = 3 calling a operating systems routine at PL = 0 and passing the operat- ing system routine a "bad" pointer which corrupts a data structure belonging to the operating system. If the operating system routine uses the ARPL instruc- tion to ensure that the RPL of the selector has no greater privilege than that of the caller, then this problem can be avoided.

4.4.3.5 DESCRIPTOR ACCESS

There are basically two types of segment accesses: those involving code segments such as control transfers, and those involving data accesses. Deter· mining the ability of a task to access a segment in- volves the type of segment to be accessed, the in- struction used, the type of descriptor used and CPL, RPL, and DPL as described above.

Any time an instruction loads data segment registers (DS, ES, FS, GS) the 80386 makes protection vali- dation checks. Selectors loaded in the DS, ES, FS, GS registers must refer only to data segments or readable code segments. The data access rules are specified in section 4.2.2 Rules of Privilege. The only exception to those rules is readable conforming code segments which can be accessed at any privi- lege level.

Finally the privilege validation checks are performed. The CPL is compared to the EPL and if the EPL is more privileged than the CPL an exception 13 (gen- eral protection fault) is generated.

The rules regarding the stack segment are slightly different than those involving data segments. In- structions that load selectors into SS must refer to data segment descriptors for writeable data seg- ments. The DPL and RPL must equal the CPL. All other descriptor types or a privilege level violation will cause exception 13. A stack not present fault causes exception 12. Note that an exception 11 is used for a not-present code or data segment.

4.4.4 Privilege Level Transfers

Inter-segment control transfers occur when a selec- tor is loaded in the CS register. For a typical system most of these transfers are simply the result of a call