Chapter 3/ Hardware Briefing

To implement privilege-level checks, three different privilege indicators are

used: CPL, RPL, and DPL. The current privilege level (CPL) is essentially

the RPL value of the selectors currently stored in the CS and SS registers of an

executing process. The CPL of a program is normally the privilege level of

the current code segment. The CPL can change when a far jump or far call is

executed.

Privilege-level checks are invoked when the segment selector associated with

a segment descriptor is loaded into one of the processor's segment register.

This happens when a program attempts to access data in another code seg¬

ment or to transfer program control by making an intersegment jump. If the

processor identifies a privilege-level violation, a general-protection exception

(#GP) occurs.

To access data in another data segment, the selector for the data segment

must be loaded into a stack-segment register (SS) or data-segment register

(e.g., DS, ES, FS, or GS). For program control to jump to another code segment,

a segment selector for the destination code segment must be loaded into the

code-segment register (CS). The CS register cannot be modified explicitly, it

can only be changed implicitly via instructions like JMP, CALL, RET, INT, IRET,

SYSENTER, and SYSEXIT.

When accessing data in another segment, the processor checks to make sure

that the DPL is greater than or equal to both the RPL and the CPL. If this is

the case, the processor will load the data-segment register with the segment