| Revision as of 08:58, 29 October 2011 editPawan.gholap (talk | contribs)59 editsNo edit summary← Previous edit | Revision as of 15:30, 30 October 2011 edit undoGauravKeskar (talk | contribs)17 edits Changed the heading "Operation" to "History" and expanded the topic. Some changes in structure and content placement.Next edit → | ||
| Line 1: | Line 1: | ||
| ] | ] | ||
| A '''privilege level''' in the ] ] controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to level 0..n, so the privilege levels are "]". |
A '''privilege level''' in the ] ] controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to level 0..n, so the privilege levels are "]". | ||
| ⚫ | It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply ignore the other levels offered by the 80386 and later processors. A one-level system should use privilege level zero; a two-level system should use privilege levels zero and three. Here level zero is called the Supervisor mode while level three is User mode. All versions of Windows below ] use only the two-level system <ref>Russinovich, Mark E.; David A. Solomon (2005). Microsoft Windows Internals (4 ed.). Microsoft Press. pp. 16. ISBN 9780735619173</ref>. | ||
| ⚫ | * The '''Current Privilege Level (CPL)''' is the level the processor is currently operating at. |
||
| ==History== | |||
| The basic idea of using privilege levels is to ensure the safety and integrity of the most sensitive data and to prevent easy access to such data. | |||
| The Intel 80286 was the first micro-controller to incorporate measures of data protection and security. It did so by implementing the dual concepts of Protected Mode and Privilege Levels. | |||
| The protected mode could be entered by setting the Protection Enable bit of the Machine Status Word<ref>{{cite web|title=The Intel 80286 Datasheet|url=http://datasheets.chipdb.org/Intel/x86/286/datashts/intel-80286.pdf}}</ref> and concerns itself with the data itself. The privilege level is a designation associated with tasks and defines whether a given tack can perform predefined actions - the actions themselves being set by other tasks. It is important to note here that the whole concept of tasks with their associated privilege levels only exist in the protected mode. Outside of the protected mode, there is no meaning to the concept of a privilege level. For example, the 80296 in the real mode, is nothing but a pipelined version of the 8086. | |||
| Today, the concept of protection and privilege modes have branched out. While protection is generally dealt with under the umbrella topics of abstraction and encapsulation, privilege modes are now classified as ]. | |||
| ⚫ | All operations on the 80286 occur by means of tasks. A task is initiated by accessing the Task State Segment, which defines the privilege level of the task to be run. This privilege level is the '''Current Privilege Level'''. Once the CPL is assigned for a task, it cannot be altered for the duration of its execution. | ||
| ⚫ | Once the task begins execution, it may at - various points of time - require to access other blocks of information. This access will be allowed only if the CPL of task satisfies the requirements of the DPL of the concerned block. The requirements are as mentioned above. | ||
| Privilege levels appear in several places in the x86 architecture, including: | |||
| ⚫ | * The '''Current Privilege Level (CPL)''' is the level the processor is currently operating at. It is stored in the lowest 2 bits of the ] selector (CS). | ||
| * Every ] has a privilege level called '''Descriptor Privilege Level (DPL)'''. Segment descriptors contain a field corresponding to the descriptor privilege level (DPL). This is the numerically highest level that can access the resource. Thus, if the current privilege level (CPL) is 0 then the task can access all the privilege descriptors and if the current privilege level (CPL) is 3 then only the level 3 descriptors can be accessed. | * Every ] has a privilege level called '''Descriptor Privilege Level (DPL)'''. Segment descriptors contain a field corresponding to the descriptor privilege level (DPL). This is the numerically highest level that can access the resource. Thus, if the current privilege level (CPL) is 0 then the task can access all the privilege descriptors and if the current privilege level (CPL) is 3 then only the level 3 descriptors can be accessed. | ||
| * ]s contain a field called the Requested Privilege Level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use. This is called as the '''Effective Privilege Level'''. RPL may weaken the privilege level of a task. | * ]s contain a field called the Requested Privilege Level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use. This is called as the '''Effective Privilege Level'''. RPL may weaken the privilege level of a task. | ||
| Today, the ringed privilege system is extremely widespread. It can be found on a large number of computer systems along with other micro-controllers such as the ARM SAM7X series. | |||
| ==Privilege Checks== | ==Privilege Checks== | ||
| The privilege levels allow the processor to control access to descriptors and hence to the corresponding memory segments. These privilege checks provide data protection and prevent any unauthorized access to data or code. | The privilege levels allow the processor to control access to descriptors and hence to the corresponding memory segments. These privilege checks provide data protection and prevent any unauthorized access to data or code. | ||
| Line 14: | Line 34: | ||
| * A ] can be loaded into stack only if DPL=CPL. | * A ] can be loaded into stack only if DPL=CPL. | ||
| * Transferring control to code other than its own comes under control transfer access. A CALL or JMP instruction allows us to transfer control to other code segments with DPL of equal or greater privilege than CPL. An executable ] has DPL<CPL, i.e CPL=2 can execute code segment with DPL=0. However CPL=1 is not allowed to invoke code segment with DPL=3. | * Transferring control to code other than its own comes under control transfer access. A CALL or JMP instruction allows us to transfer control to other code segments with DPL of equal or greater privilege than CPL. An executable ] has DPL<CPL, i.e CPL=2 can execute code segment with DPL=0. However CPL=1 is not allowed to invoke code segment with DPL=3. | ||
| ⚫ | It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply ignore the other levels offered by the 80386 and later processors. A one-level system should use privilege level zero; a two-level system should use privilege levels zero and three. | ||
| ==Operation== | |||
| ⚫ | All operations on the |
||
| ⚫ | Once the task begins execution, it may at - various points of time - require to access other blocks of information. This access will be allowed only if the CPL of task satisfies the requirements of the DPL of the concerned block. The requirements are as mentioned above. | ||
| ==Changing Privilege Level== | ==Changing Privilege Level== | ||
| Line 31: | Line 43: | ||
| * ] | * ] | ||
| == |
==References== | ||
| {{reflist}} | |||
| * Intel 80386 Programmer's Reference | * Intel 80386 Programmer's Reference | ||
| * A. K. Ray, K. M. Bhurchandi, "Advanced Microprocessors and Peripherals", Second Edition, Tata McGraw-Hill, 2009 | * A. K. Ray, K. M. Bhurchandi, "Advanced Microprocessors and Peripherals", Second Edition, Tata McGraw-Hill, 2009 | ||
Revision as of 15:30, 30 October 2011
A privilege level in the x86 instruction set controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to level 0..n, so the privilege levels are "rings".
It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply ignore the other levels offered by the 80386 and later processors. A one-level system should use privilege level zero; a two-level system should use privilege levels zero and three. Here level zero is called the Supervisor mode while level three is User mode. All versions of Windows below Windows XP use only the two-level system .
History
The basic idea of using privilege levels is to ensure the safety and integrity of the most sensitive data and to prevent easy access to such data.
The Intel 80286 was the first micro-controller to incorporate measures of data protection and security. It did so by implementing the dual concepts of Protected Mode and Privilege Levels.
The protected mode could be entered by setting the Protection Enable bit of the Machine Status Word and concerns itself with the data itself. The privilege level is a designation associated with tasks and defines whether a given tack can perform predefined actions - the actions themselves being set by other tasks. It is important to note here that the whole concept of tasks with their associated privilege levels only exist in the protected mode. Outside of the protected mode, there is no meaning to the concept of a privilege level. For example, the 80296 in the real mode, is nothing but a pipelined version of the 8086.
Today, the concept of protection and privilege modes have branched out. While protection is generally dealt with under the umbrella topics of abstraction and encapsulation, privilege modes are now classified as Rings.
All operations on the 80286 occur by means of tasks. A task is initiated by accessing the Task State Segment, which defines the privilege level of the task to be run. This privilege level is the Current Privilege Level. Once the CPL is assigned for a task, it cannot be altered for the duration of its execution.
Once the task begins execution, it may at - various points of time - require to access other blocks of information. This access will be allowed only if the CPL of task satisfies the requirements of the DPL of the concerned block. The requirements are as mentioned above.
Privilege levels appear in several places in the x86 architecture, including:
- The Current Privilege Level (CPL) is the level the processor is currently operating at. It is stored in the lowest 2 bits of the code segment selector (CS).
- Every segment descriptor has a privilege level called Descriptor Privilege Level (DPL). Segment descriptors contain a field corresponding to the descriptor privilege level (DPL). This is the numerically highest level that can access the resource. Thus, if the current privilege level (CPL) is 0 then the task can access all the privilege descriptors and if the current privilege level (CPL) is 3 then only the level 3 descriptors can be accessed.
- Segment selectors contain a field called the Requested Privilege Level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use. This is called as the Effective Privilege Level. RPL may weaken the privilege level of a task.
Today, the ringed privilege system is extremely widespread. It can be found on a large number of computer systems along with other micro-controllers such as the ARM SAM7X series.
Privilege Checks
The privilege levels allow the processor to control access to descriptors and hence to the corresponding memory segments. These privilege checks provide data protection and prevent any unauthorized access to data or code.
- The processor automatically evaluates the right of a procedure to access another segment by comparing the CPL to the numeric max of the RPL and DPL. If the CPL>MAX(RPL, DPL), then a general protection fault is generated. See memory segment for more details.
- The I/O based privileged instructions are executed only if CPL<=IOPL in EFLAGS register. To secure this bit, the POPF/POPFD instructions which load values into the EFLAGS register shall not touch the IOPL bit or IF bit if CPL>0.
- Data segment access comes under referring to other data than its own. In this case a selector is loaded into a DS, ES, FS and GS if and only if max(RPL,CPL)<=DPL.
- A segment descriptor can be loaded into stack only if DPL=CPL.
- Transferring control to code other than its own comes under control transfer access. A CALL or JMP instruction allows us to transfer control to other code segments with DPL of equal or greater privilege than CPL. An executable code segment has DPL<CPL, i.e CPL=2 can execute code segment with DPL=0. However CPL=1 is not allowed to invoke code segment with DPL=3.
Changing Privilege Level
A task may need to change its privilege level during control transfers such as those encountered due to CALL or JUMP instructions. The privilege level can be altered by using confirming code segment or by call gates. A confirming code segment confirms with privilege level calling segment (specified by the 'Confirming' bit in code segment descriptor). For example, if there is control transfer from segment A to confirming segment B then, the privilege level of B would be the privilege level of A.
See also
References
- Russinovich, Mark E.; David A. Solomon (2005). Microsoft Windows Internals (4 ed.). Microsoft Press. pp. 16. ISBN 9780735619173
- "The Intel 80286 Datasheet" (PDF).
- Intel 80386 Programmer's Reference
- A. K. Ray, K. M. Bhurchandi, "Advanced Microprocessors and Peripherals", Second Edition, Tata McGraw-Hill, 2009
 | This computer hardware article is a stub. You can help Misplaced Pages by expanding it. |