Vol. 3 5-9
PROTECTION
instruction. If the descriptor type is for a code segment or call gate, a call or
jump to another code segment is indicated; if the descriptor type is for a TSS
or task gate, a task switch is indicated.
— On a call or jump through a call gate (or on an interrupt- or exception-handler
call through a trap or interrupt gate), the processor automatically checks that
the segment descriptor being pointed to by the gate is for a code segment.
— On a call or jump to a new task through a task gate (or on an interrupt- or
exception-handler call to a new task through a task gate), the processor
automatically checks that the segment descriptor being pointed to by the
task gate is for a TSS.
— On a call or jump to a new task by a direct reference to a TSS, the processor
automatically checks that the segment descriptor being pointed to by the
CALL or JMP instruction is for a TSS.
— On return from a nested task (initiated by an IRET instruction), the processor
checks that the previous task link field in the current TSS points to a TSS.
5.4.1 Null Segment Selector Checking
Attempting to load a null segment selector (see Section 3.4.2, “Segment Selectors”)
into the CS or SS segment register generates a general-protection exception (#GP).
A null segment selector can be loaded into the DS, ES, FS, or GS register, but any
attempt to access a segment through one of these registers when it is loaded with a
null segment selector results in a #GP exception being generated. Loading unused
data-segment registers with a null segment selector is a useful method of detecting
accesses to unused segment registers and/or preventing unwanted accesses to data
segments.
5.4.1.1 NULL Segment Checking in 64-bit Mode
In 64-bit mode, the processor does not perform runtime checking on NULL segment
selectors. The processor does not cause a #GP fault when an attempt is made to
access memory where the referenced segment register has a NULL segment selector.
5.5 PRIVILEGE LEVELS
The processor’s segment-protection mechanism recognizes 4 privilege levels,
numbered from 0 to 3. The greater numbers mean lesser privileges.
Figure 5-3
shows how these levels of privilege can be interpreted as rings of protection.
The center (reserved for the most privileged code, data, and stacks) is used for the
segments containing the critical software, usually the kernel of an operating system.
Outer rings are used for less critical software. (Systems that use only 2 of the 4
possible privilege levels should use levels 0 and 3.)