Chapter 3/ Hardware Briefing
value into GDTR, and the SGDT reads (stores) the value in GDTR. The LGDT instruc¬
tion is "privileged" and can only be executed by the operating system (we'll
discuss privileged instructions later on in more detail).
So far, I've been a bit vague about how the segment selector "refers" to the
segment descriptor. Now that the general process of logical-to-linear address
resolution has been spelled out, I'll take the time to be more specific.
The segment selector is a 16-bit value broken up into three fields (see Figure
3.11). The highest 13 bits (bits 15 through 3) are an index into the GDT, such
that a GDT can store at most 8,192 segment descriptors [0 (2'�� — 1)]. The
bottom two bits define the request privilege level (RPL) of the selector. There
are four possible binary values (00, 01, 10, and 11), where 0 has the high¬
est level of privilege and 3 has the lowest. We will see how RPL is used to
implement memory protection shortly.
16-bit Segment Selector
Bit 15
Bit 3
Bit 2
Bits 1,0
13-bit index into GDT, S, 192 possible entries
1 = specifies a descriptor in an LDT
t
i
0 = specifics a descriptor in a GDT
Requested privilege level (RPL)
(00 = most privilege, 11 = least privilege
Figure 3,11
Now let's take a close look at the anatomy of a segment descriptor to see just
what sort of information it stores. As you can see from Figure 3.12, there are
a bunch of fields in this 64-bit structure. For what we'll be doing in this book,
there are four elements of particular interest: the base address field (which
we've met already), type field, S flag, and DPL field.
The descriptor privilege level (DPL) defines the privilege level of the seg¬
ment being referenced. As with the RPL, the values range from 0 to 3, with 0
representing the highest degree of privilege. Privilege level is often described
in terms of three concentric rings that define four zones of privilege (Ring
0, Ring 1, Ring 2, and Ring 3). A segment with a DPL of 0 is referred to as
existing inside of Ring 0. Typically, the operating system kernel will execute
in Ring 0, the innermost ring, and user applications will execute in Ring 3,
the outermost ring.