Discussion:
CPL, DPL and RPL
(too old to reply)
MQ
2006-10-06 11:33:06 UTC
Permalink
Ok, im trying to get my head around the use of CPL, DPL and RPL in
protected mode privilege checks. The concept of the CPL and DPL make
sense to me. Obviously you need to have a privilege state for the
currently executing program, and each segment needs to be marked with a
privilege level so that access checks can occur by comparing CPL and
DPL. I still can't really see the point of RPLs in privilege checks.

For example, when attempting to access a data segment, if you specify
an RPL lower than the CPL it will always be overriden by the CPL
anyway. And what purpose is there to making RPL > CPL?? Let's say
that we are running at CPL=2 and we attempt to access a data segment
with DPL=2. You could make RPL=2 or 3, but what difference would it
make what RPL you used? You would get the same access to the segment,
right?

For transfer of execution to code segments, RPL seems to be redundant
in all cases. Only the CPL seems to be useful. RPLs in this case just
seem to be a nuisance that you have to make the same as the CPL...

Finally, when far pointers are passed to a privileged routine from a
non-privileged routine (eg call to ring 0 from ring 3), the RPL of the
far pointer needs to be checked and adjusted to the same value as the
calling codes CPL with ARPL instruction if you want to be sure the RPL
is secure. Again, this seems so pointless and painful. Why provide an
RPL if you don't (and you shouldn't) trust it's value anyway.

Perhaps there is some reason for RPLs but I cannot see it. Any help
appreciated.

cheers
MQ
unknown
2006-10-06 14:42:49 UTC
Permalink
RPL is requested privileage level. It means that you use the PL value
to obtain control to the DPL. RPL is something abstract....... When
you assign a value to CS you first start using the RPL. Your CPL is
the value in your current CS. The DPL is something which determine
which level can access the segment.
Post by MQ
Ok, im trying to get my head around the use of CPL, DPL and RPL in
protected mode privilege checks. The concept of the CPL and DPL make
sense to me. Obviously you need to have a privilege state for the
currently executing program, and each segment needs to be marked with a
privilege level so that access checks can occur by comparing CPL and
DPL. I still can't really see the point of RPLs in privilege checks.
For example, when attempting to access a data segment, if you specify
an RPL lower than the CPL it will always be overriden by the CPL
anyway. And what purpose is there to making RPL > CPL?? Let's say
that we are running at CPL=2 and we attempt to access a data segment
with DPL=2. You could make RPL=2 or 3, but what difference would it
make what RPL you used? You would get the same access to the segment,
right?
You cannot assign a lower RPL than the DPL.
Post by MQ
For transfer of execution to code segments, RPL seems to be redundant
in all cases. Only the CPL seems to be useful. RPLs in this case just
seem to be a nuisance that you have to make the same as the CPL...
RPL is the value you attempt to assign to. DPL determine which
level can access to the segment. The CPL is the PL in your CS.

mov ax,0x0080 <---0x0080 is your RPL
mov cs,ax <--- when it checks out then the RPL becomes your CPL.
Post by MQ
Finally, when far pointers are passed to a privileged routine from a
non-privileged routine (eg call to ring 0 from ring 3), the RPL of the
far pointer needs to be checked and adjusted to the same value as the
calling codes CPL with ARPL instruction if you want to be sure the RPL
is secure. Again, this seems so pointless and painful. Why provide an
RPL if you don't (and you shouldn't) trust it's value anyway.
Sometimes the user application require the KERNEL to write data
for example the buffer for data io stuff.
Post by MQ
Perhaps there is some reason for RPLs but I cannot see it. Any help
appreciated.
cheers
MQ
MQ
2006-10-07 02:06:12 UTC
Permalink
From reading the Intel manual, it seems that RPL is only really useful
in the case when a segment selector is passed to a high-privilege
procedure from a low-privilege procedure. The use of the ARPL
instruction makes sure that the low-privileged application cannot
access priviliged data. Besides this case, is the RPL really of any
use? Indeed, it seems to be ignored or not make sense in all other
cases

MQ.
Herbert Kleebauer
2006-10-07 18:26:09 UTC
Permalink
Post by MQ
From reading the Intel manual, it seems that RPL is only really useful
in the case when a segment selector is passed to a high-privilege
procedure from a low-privilege procedure. The use of the ARPL
instruction makes sure that the low-privileged application cannot
access priviliged data. Besides this case, is the RPL really of any
use? Indeed, it seems to be ignored or not make sense in all other
cases
It's a very long time ago when I read this chapters of
the manual (and there are still some question marks on
that pages). But suppose, you are executing code with
a CPL=3 and call code in a conforming segment with
a DPL=2, then this code is still executed with a CPL=3
(because it is a conforming segment). If this code now
calls a routine in a non-conforming segment with a DPL=1
then this code is executed with a CPL=1. The RET instruction
at the end of this routine must go back to the conforming
segment (with a DPL=2) and execute this code with a CPL=3.
This information is available for the CPU only in the RPL
of return address on the stack.

Loading...