Misplaced Pages

Privilege level

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by Guy Harris (talk | contribs) at 06:17, 7 September 2010 (Make this a page just for x86. We already have CPU modes and ring (computer security) for the general concepts, and it was already 95% x86-specific.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 06:17, 7 September 2010 by Guy Harris (talk | contribs) (Make this a page just for x86. We already have CPU modes and ring (computer security) for the general concepts, and it was already 95% x86-specific.)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A privilege level in the x86 instruction set controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to level 0..n, so the privilege levels are "rings". Privilege levels appear in several places in the x86 architecture, including:

  • Segment descriptors contain a field called the descriptor privilege level (DPL). This is the numerically highest level that can access the resource.
  • Segment selectors contain a field called the requested privilege level (RPL). This allows a program to request a resource at a lower privilege level than it would otherwise use.
  • The Current Privilege Level (CPL) is the level the processor is currently operating at. It is stored in the lowest 2 bits of the code segment selector (CS).

The processor automatically evaluates the right of a procedure to access another segment by comparing the CPL to the numeric max of the RPL and DPL. If the CPL>MAX(RPL, DPL), then a general protection fault is generated. See memory segment for more details.

It is not necessary to use all four privilege levels. Existing software that was designed to use only one or two levels of privilege can simply ignore the other levels offered by the 80386 and later processors. A one-level system should use privilege level zero; a two-level system should use privilege levels zero and three.

See also

References

  • Intel 80386 Programmer's Reference
Stub icon

This computer hardware article is a stub. You can help Misplaced Pages by expanding it.

Categories: