What are protected by the protected mode of CPU?

uriza · **Joined:** Mon Jan 11, 2010 7:12 pm **Posts:** 3

i has been confused by the problem as in the title.i found the intel datasheet say "the Intel 64 and IA-32 architectures provide a protection mechanism that operates at both the segment level and the page level".
Does it mean the protected mode only provides protection for memory acess, and it provides no protection for CPU acess?
if CPU has no confine for its intructions acess,does that mean i can use some special CPU instructions such as,LGDT,LIDT,IN,OUT ,in user mode?

Brendan · **Posted:** Mon Mar 08, 2010 9:46 pm

Hi,

uriza wrote:

i has been confused by the problem as in the title.i found the intel datasheet say "the Intel 64 and IA-32 architectures provide a protection mechanism that operates at both the segment level and the page level".
Does it mean the protected mode only provides protection for memory acess, and it provides no protection for CPU acess?
if CPU has no confine for its intructions acess,does that mean i can use some special CPU instructions such as,LGDT,LIDT,IN,OUT ,in user mode?

From memory...

User mode code can never:

use LGDT, LIDT, LLDT or LTR
access MSRs
use Intel VT or AMD-V instructions (hypervisor stuff)
read or write to control registers (CR0, CR3, CR4, etc)

Depending on different things, a kernel can prevent user mode code from:

using certain GDT and LDT entries (including call gates and TSSs)
using certain software interrupts
using certain I/O ports
using the HLT instruction
executing, writing to or reading from certain pages
modifying "special" flags in the EFLAGS register (e.g. interrupt enable/disable)
using RDTSC and RDTSCP
accessing the debug registers (DR0 to DR7)
using FPU/MMX
using SSE

Unfortunately, it's not possible to prevent user mode code from:

using SGDT, SLDT, SIDT or STR
using CPUID

There's probably some things that I missed, but that should cover most things...

Cheers,

Brendan

uriza · **Joined:** Mon Jan 11, 2010 7:12 pm **Posts:** 3

Thanks a lot! =D>

Brendan wrote:

Hi,

From memory...

User mode code can never:

use LGDT, LIDT, LLDT or LTR
access MSRs
use Intel VT or AMD-V instructions (hypervisor stuff)
read or write to control registers (CR0, CR3, CR4, etc)

I think that may be right.
But I'm not sure who have confined user mode code code to do that?
the os kernel or CPU internal mechanism or both?
if only os kernel works, dose that mean some special written programs can bypass the confine of kernel to acess special CPU intructions?

nedbrek · **Joined:** Tue Dec 15, 2009 6:36 pm **Posts:** 44

uriza wrote:

But I'm not sure who have confined user mode code code to do that?
the os kernel or CPU internal mechanism or both?
if only os kernel works, dose that mean some special written programs can bypass the confine of kernel to acess special CPU intructions?

Things which "user mode code can never do" are constrained by the CPU. It will give an exception (usually #GP) if ring 3 code tries to do it.

If you need a user mode program to execute those instructions, you can try setting up VX mode (I avoid even reading that section of the manual, as it is probably very ugly).

Also, you should be able to: detect the exception in your GP interrupt handler, emulate the effects, and return to the user program.

uriza · **Joined:** Mon Jan 11, 2010 7:12 pm **Posts:** 3

nedbrek wrote:

Things which "user mode code can never do" are constrained by the CPU. It will give an exception (usually #GP) if ring 3 code tries to do it.

Thanks !!

I think I get it.

OSDev.org

What are protected by the protected mode of CPU?

Who is online