Privilege level of 80386 and 80486
The 80386 has four levels of protection which support a multitasking operating system. These serve to isolate and protect user programs from each other and from the operating system. The privilege levels manage the use of I/O instructions, privileged instructions, and segment and segment descriptors. Level 0 is the most trusted level, while level 3 is the least trusted level.
Intel lists the following rules for the access of data and instruction levels of a task:
- Data stored in a segment with privilege level P can be accessed only by code executing at a privilege level that is at least as privileged as P.
- A code segment or procedure with privilege level P can only by called by a task executing at the same or a less privileged level than P.
At any point in time, a task can be operating at any of the four privilege levels. This is called the task’s Current Privilege Level (CPL). A task’s privilege level may only be changed by a control transfer through a gate descriptor to a code segment with a different privilege level.
The lower two bits of selectors contain the Requested Privilege Level (RPL). When a change of selector is made, the CPL of the task and the RPL of the new selector are compared. If the RPL is more privileged than the CPL, the CPL determines the level at which the task will continue. If the CPL is more privileged than the RPL, the RPL value will determine the level for the task. Therefore, the lowest privilege level is selected at the time of the change. The purpose of this function is to ensure that pointers passed to an operating system procedure are not of a higher privilege than the procedure that originated the pointer.