Vol. 3 5-13
PROTECTION
As demonstrated in the previous examples, the addressable domain of a program or
task varies as its CPL changes. When the CPL is 0, data segments at all privilege
levels are accessible; when the CPL is 1, only data segments at privilege levels 1
through 3 are accessible; when the CPL is 3, only data segments at privilege level 3
are accessible.
The RPL of a segment selector can always override the addressable domain of a
program or task. When properly used, RPLs can prevent problems caused by acci-
dental (or intensional) use of segment selectors for privileged data segments by less
privileged programs or procedures.
It is important to note that the RPL of a segment selector for a data segment is under
software control. For example, an application program running at a CPL of 3 can set
the RPL for a data- segment selector to 0. With the RPL set to 0, only the CPL checks,
not the RPL checks, will provide protection against deliberate, direct attempts to
violate privilege-level security for the data segment. To prevent these types of privi
-
lege-level-check violations, a program or procedure can check access privileges
whenever it receives a data-segment selector from another procedure (see Section
5.10.4, “Checking Caller Access Privileges (ARPL Instruction)”).
5.6.1 Accessing Data in Code Segments
In some instances it may be desirable to access data structures that are contained in
a code segment. The following methods of accessing data in code segments are
possible:
Figure 5-5. Examples of Accessing Data Segments From Various Privilege Levels
Data
Lowest Privilege
Highest Privilege
Segment E
3
2
1
0
CPL=1
CPL=3
CPL=0
DPL=2
CPL=2
Segment Sel. E3
RPL=3
Segment Sel. E1
RPL=2
Segment Sel. E2
RPL=1
Code
Segment C
Code
Segment A
Code
Segment B
Code
Segment D