|
| Home |
|
|
Privilege LevelsTo provide a higher degree of control for protection, protected mode defines privilege levels: Descriptor Privilege Levels (DPL), Current Privilege Levels (CPL), and Input/Output Privilege Levels (IOPL). Four different levels (0 to 3) are defined. A higher numerical value implies a lower privilege level. The DPL has already been introduced, it is stored in each segment's descriptor. The CPL is the privilege level at which the CPU is currently running (also frequently referred to as the Ring in which a program is running). It corresponds to the DPL of the code segment being executed. The low 2 bits of the CS register hold the CPL. In the flat memory model, the application will usually not reload segment registers and is consequently not concerned with segment level protection. However, the CPL also controls access to some privileged instructions. Some instructions can only be executed at CPL 0. Also, the CPL affects how page-level protection functions. The IOPL defines the minimum CPL required to directly access I/O ports and to execute I/O Sensitive Instructions (IN, INS, OUT, OUTS, CLI, STI). In addition, the POPFD instruction behaves differently, depending on CPL and IOPL. The IOPL is maintained by the CPU in the EFLAGS register. RTTarget-32 can run programs at CPL 0 or 3. IOPL is always initialized to 3, allowing the program to use I/O ports and I/O sensitive instructions without restrictions at any CPL.
|
