| Revision as of 18:17, 24 November 2006 editErgy (talk | contribs)71 edits link to "Ring (computer security)"← Previous edit | Revision as of 00:44, 24 September 2007 edit undoTabletop (talk | contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers177,774 editsm Spell privlege => privilegeNext edit → | ||
| Line 1: | Line 1: | ||
| The concept of '''privilege level''' refers to protecting resources on a ]. Different execution threads can have different privilege levels that grant access to resources such as memory regions, I/O ports, and special instructions. On the ] architecture, there are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least |
The concept of '''privilege level''' refers to protecting resources on a ]. Different execution threads can have different privilege levels that grant access to resources such as memory regions, I/O ports, and special instructions. On the ] architecture, there are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. On ], any resource available to level n is also available to level 0..n, hence it is called a "]". Several terms are used in ] including the following: | ||
| *Descriptors contain a field called the descriptor privilege level (DPL). This is the numerically highest level that can access the resource. | * Descriptors contain a field called the descriptor privilege level (DPL). This is the numerically highest level that can access the resource. | ||
| *Selectors contain a field called the requested privilege level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use. | * Selectors contain a field called the requested privilege level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use. | ||
| *The Current Privilege Level (CPL) is the level the processor is currently operating at. It is stored in the lowest 2 bits of the ] selector (CS). | * The Current Privilege Level (CPL) is the level the processor is currently operating at. It is stored in the lowest 2 bits of the ] selector (CS). | ||
| The processor automatically evaluates the right of a procedure to access another segment by comparing the CPL to the numeric max of the RPL and DPL. If the CPL>MAX(RPL, DPL), then a ] is generated. See ] for more details. | The processor automatically evaluates the right of a procedure to access another segment by comparing the CPL to the numeric max of the RPL and DPL. If the CPL>MAX(RPL, DPL), then a ] is generated. See ] for more details. | ||
| It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply | It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply | ||
| ignore the other levels offered by the 80386. A one-level system should use privilege level zero; a two-level system should use privilege levels zero | ignore the other levels offered by the 80386. A one-level system should use privilege level zero; a two-level system should use privilege levels zero | ||
| and three. | and three. | ||
| ==See also== | == See also == | ||
| *] | * ] | ||
| *] | * ] | ||
| ==References== | == References == | ||
| *Intel 80386 Programmer's Reference | * Intel 80386 Programmer's Reference | ||
| ] | ] | ||
Revision as of 00:44, 24 September 2007
The concept of privilege level refers to protecting resources on a CPU. Different execution threads can have different privilege levels that grant access to resources such as memory regions, I/O ports, and special instructions. On the x86 architecture, there are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. On x86, any resource available to level n is also available to level 0..n, hence it is called a "ring model". Several terms are used in x86 including the following:
- Descriptors contain a field called the descriptor privilege level (DPL). This is the numerically highest level that can access the resource.
- Selectors contain a field called the requested privilege level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use.
- The Current Privilege Level (CPL) is the level the processor is currently operating at. It is stored in the lowest 2 bits of the code segment selector (CS).
The processor automatically evaluates the right of a procedure to access another segment by comparing the CPL to the numeric max of the RPL and DPL. If the CPL>MAX(RPL, DPL), then a general protection fault is generated. See memory segment for more details.
It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply ignore the other levels offered by the 80386. A one-level system should use privilege level zero; a two-level system should use privilege levels zero and three.
See also
References
- Intel 80386 Programmer's Reference