Intel IA-32 User Manual
Page 132
4-2 Vol. 3A
PROTECTION
that is based on privilege levels can essentially be disabled while still in protected mode by
assigning a privilege level of 0 (most privileged) to all segment selectors and segment descrip-
tors. This action disables the privilege level protection barriers between segments, but other
protection checks such as limit checking and type checking are still carried out.
Page-level protection is automatically enabled when paging is enabled (by setting the PG flag
in register CR0). Here again there is no mode bit for turning off page-level protection once
paging is enabled. However, page-level protection can be disabled by performing the following
operations:
•
Clear the WP flag in control register CR0.
•
Set the read/write (R/W) and user/supervisor (U/S) flags for each page-directory and page-
table entry.
This action makes each page a writable, user page, which in effect disables page-level
protection.
4.2
FIELDS AND FLAGS USED FOR SEGMENT-LEVEL AND
PAGE-LEVEL PROTECTION
The processor’s protection mechanism uses the following fields and flags in the system data
structures to control access to segments and pages:
•
Descriptor type (S) flag — (Bit 12 in the second doubleword of a segment descriptor.)
Determines if the segment descriptor is for a system segment or a code or data segment.
•
Type field — (Bits 8 through 11 in the second doubleword of a segment descriptor.)
Determines the type of code, data, or system segment.
•
Limit field — (Bits 0 through 15 of the first doubleword and bits 16 through 19 of the
second doubleword of a segment descriptor.) Determines the size of the segment, along
with the G flag and E flag (for data segments).
•
G flag — (Bit 23 in the second doubleword of a segment descriptor.) Determines the size
of the segment, along with the limit field and E flag (for data segments).
•
E flag — (Bit 10 in the second doubleword of a data-segment descriptor.) Determines the
size of the segment, along with the limit field and G flag.
•
Descriptor privilege level (DPL) field — (Bits 13 and 14 in the second doubleword of a
segment descriptor.) Determines the privilege level of the segment.
•
Requested privilege level (RPL) field — (Bits 0 and 1 of any segment selector.) Specifies
the requested privilege level of a segment selector.
•
Current privilege level (CPL) field — (Bits 0 and 1 of the CS segment register.) Indicates
the privilege level of the currently executing program or procedure. The term current
privilege level (CPL) refers to the setting of this field.
•
User/supervisor (U/S) flag — (Bit 2 of a page-directory or page-table entry.) Determines
the type of page: user or supervisor.