Processor Programming (Continued)
3.8 HALT AND SHUTDOWN
The halt instruction (HLT) stops program execution and
generates the Halt bus cycle on the PCI bus. The GXLV
processor core then drives out a Stop Grant bus cycle and
enters a low-power Suspend mode if the SUSP_HLT bit in
CCR2 (Index C2h[3]) is set. SMI#, NMI, INTR with inter-
rupts enabled (IF bit in EFLAGS = 1), or RESET forces
the CPU out of the halt state. If the halt state is inter-
rupted, the saved code segment and instruction pointer
specify the instruction following the HLT.
The Descriptor Privilege Level (DPL) is the privilege
level defined for a segment in the segment descriptor. The
DPL field specifies the minimum privilege level needed to
access the memory segment pointed to by the descriptor.
The Current Privilege Level (CPL) is defined as the cur-
rent task’s privilege level. The CPL of an executing task is
stored in the hidden portion of the code segment register
and essentially is the DPL for the current code segment.
The Requested Privilege Level (RPL) specifies a selec-
tor’s privilege level. RPL is used to distinguish between
the privilege level of a routine actually accessing memory
(the CPL), and the privilege level of the original requester
(the RPL) of the memory access. The lesser of the RPL
and CPL is called the Effective Privilege Level (EPL). There-
fore, if RPL = 0 in a segment selector, the EPL is always
determined by the CPL. If RPL = 3, the EPL is always 3
regardless of the CPL. If the level requested by RPL is
less than the CPL, the RPL level is accepted and the EPL
is changed to the RPL value. If the level requested by RPL
is greater than CPL, the CPL overrides the requested RPL
and EPL becomes the CPL value.
Shutdown occurs when a severe error is detected that
prevents further processing. The most common severe
error is the triple fault, a fault event while handling a dou-
ble fault. Setting the IDT limit to zero or the GDT limit to
zero will cause a triple fault when in protected mode.
A RESET brings the processor out of shutdown. An NMI
will work if the IDT limit is large enough, at least 000Fh, to
contain the NMI interrupt vector and if the stack has
enough room. The stack must be large enough to contain
the vector and flag information (the stack pointer must be
greater than 0005h).
3.9 PROTECTION
For a memory access to succeed, the EPL must be at
least as privileged as the Descriptor Privilege Level (EPL
≤ DPL). If the EPL is less privileged than the DPL (EPL >
DPL), a general protection fault is generated. For exam-
ple, if a segment has a DPL = 2, an instruction accessing
the segment only succeeds if executed with an EPL ≤ 2.
Segment protection and page protection are safeguards
built into the GXLV processor’s protected-mode architec-
ture that deny unauthorized or incorrect access to
selected memory addresses. These safeguards allow
multitasking programs to be isolated from each other and
from the operating system. This section concentrates on
segment protection.
3.9.2 I/O Privilege Levels
The I/O Privilege Level (IOPL) allows the operating sys-
tem executing at CPL = 0 to define the least privileged
level at which IOPL-sensitive instructions can uncondition-
ally be used. The IOPL-sensitive instructions include CLI,
IN, OUT, INS, OUTS, REP INS, REP OUTS, and STI.
Modification of the IF bit in the EFLAGS register is also
sensitive to the I/O privilege level.
Selectors and descriptors are the key elements in the seg-
ment protection mechanism. The segment base address,
size, and privilege level are established by a segment
descriptor. Privilege levels control the use of privileged
instructions, I/O instructions and access to segments and
segment descriptors. Selectors are used to locate seg-
ment descriptors.
The IOPL is stored in the EFLAGS register (bits [31:12]).
An I/O permission bit map is available as defined by the
32-bit Task State Segment (TSS). Since each task can
have its own TSS, access to individual I/O ports can be
granted through separate I/O permission bit maps.
Segment accesses are divided into two basic types, those
involving code segments (e.g., control transfers) and
those involving data accesses. The ability of a task to
access a segment depends on the:
•
•
•
•
Segment type
Instruction requesting access
Type of descriptor used to define the segment
Associated privilege levels (described next)
If CPL ≤ IOPL, IOPL-sensitive operations can be per-
formed. If CPL > IOPL, a general protection fault is gener-
ated if the current task is associated with a 16-bit TSS. If
the current task is associated with a 32-bit TSS and CPL
> IOPL, the CPU consults the I/O permission bitmap in the
TSS to determine on a port-by-port basis whether or not I/O
instructions (IN, OUT, INS, OUTS, REP INS, REP OUTS)
are permitted. The remaining IOPL-sensitive operations
generate a general protection fault.
Data stored in a segment can be accessed only by code
executing at the same or a more privileged level. A code
segment or procedure can only be called by a task exe-
cuting at the same or a less privileged level.
3.9.1 Privilege Levels
The values for privilege levels range between 0 and 3.
Level 0 is the highest privilege level (most privileged), and
level 3 is the lowest privilege level (least privileged). The
privilege level in real mode is zero.
Revision 1.1
91
www.national.com
NSC [ National Semiconductor ]
