Presentation on theme: "Types of Code Segments Conforming Code Segment"— Presentation transcript:
1Types of Code Segments Conforming Code Segment There are two types of code segments:Conforming Code SegmentNonconforming Code Segment
2Conforming Code Segment An executable segment whose descriptor has the conforming bit setIt permits sharing of procedures that may be called from various privilege levels but shouldexecute at the privilege level of the calling procedure.Example: math librariesWhen control is transferred to a conforming segment, the CPL does not change
3Nonconforming Code Segment Most code segments are not conformingFor nonconforming segments, control can be transferred without a gate only to executable segments at the same level of privilegeTo transfer control to higher privilege levels(not numerical)-for e.g. application want to use system service- CALL instruction need to be used with call-gate descriptorsJMP instruction never transfer control to a nonconforming segment whose DPL ≠ CPL.
4Privilege Check for Control Transfer without Gate
5Gate DescriptorsTo provide protection for control transfers among executable segments at different privilege levels, the uses gate descriptors.There are four kinds of gate descriptors:Call gates for far jmp & callTrap gates for exceptionsInterrupt gates for interruptsTask gates for task switching
6Call gates A call gate descriptor may reside in GDT or LDT A call gate has two primary functions:1. To define an entry point of a procedure2. To specify the privilege level of entry pointWhen h/w recognizes that the destination selector refers to a gate descriptor the operation of the instruction is expanded by the contents of the call gate.
7Call gatesThe selector and offset fields of a gate form a pointer to the entry point of a procedureFormat of Call Gate
8Privilege Check for Control Transfer with Gate The far pointer (48-bit logical address of two components: a 16-bit segment selector and a 32-bit offset) operand of the control transfer instruction does not point to the segment and offset of the target instruction; rather the selector part of the pointer selects a gate, and the offset is not used.
10Privilege Check for Control Transfer with Gate Four different privilege levels are used to check the validity of a control transfer via a call gate:1. CPL2. RPL of the selector used to specify the call gate.3. DPL of the gate descriptor.4. DPL of the descriptor of the target segment
11Privilege Check for Control Transfer with Gate Gates can be used for control transfers to numerically smaller privilege levels or to the same privilege levelFor a JMP instruction to a nonconforming segment, the privilege rules that must be satisfied are :MAX (CPL,RPL) ≤ gate DPL (numerically)target segment DPL = CPL (numerically)
12Privilege Check for Control Transfer with Gate For a CALL instruction, the privilege rules that must be satisfied are :MAX (CPL,RPL) ≤ gate DPL (numerically)target segment DPL ≤ CPL (numerically)