Is their anyway to find out what asm instructions are available in ring 0 ,1,2,and 3.
Understand that in ring 3 you cann't use asm out/in port write/read commands directly... you can only indirectly issue these thru a syscall or something.
I am curious of what other asm commands are limited in each ring. And if their is away to easily find out what asm commands are available under a linux or windows os in user land.
The only thing I know is ring 0 has access to all the commands/machine instructions.
But does anybody know for ring 1 ,2 ,3?
instruction privilege levels ?
Re: instruction privilege levels ?
I would have expected the Intel manuals to document this, don't they document it Intel the way you require?
-- Edited for tone and clarity
-- Edited for tone and clarity
Re: instruction privilege levels ?
The IO permission are controlled on the task state for ring3. If that is set to allow, you can use IO read/write directly, otherwise a #GPF is generated and you can decide to do it or reject it in the kernel.
See the manual for details.
See the manual for details.
Re: instruction privilege levels ?
Yes, lot's of people know.Sam111 wrote:But does anybody know for ring 1 ,2 ,3?
You should know.
If you don't know, you should know how to find out.
If you don't know how to find out then you have a serious problem.
If a trainstation is where trains stop, what is a workstation ?
-
Combuster
- Member
- Posts: 9301
- Joined: Wed Oct 18, 2006 3:45 am
- Libera.chat IRC: [com]buster
- Location: On the balcony, where I can actually keep 1½m distance
- Contact:
Re: instruction privilege levels ?
Obviously you didn't even read the pages on "OUT" or "IN" in the instruction reference to know how wrong you are. My OS does the majority of port accesses in ring 3.Understand that in ring 3 you cann't use asm out/in port write/read commands
Tell me, how should we deal with hopeless cases like you?
Re: instruction privilege levels ?
At least the OP never seems to write any code. We have that to be grateful for....
If a trainstation is where trains stop, what is a workstation ?
Re: instruction privilege levels ?
Well , yes the intel manuals contain this to some extent.
For M-Z http://www.intel.com/content/www/us/en/ ... anual.html
All the manuals say is if the
if CPL > DPL
#GP (throws a general protection fault) ...etc etc this is what out , outs , in , ins instructions says in the manual...
But it doesn't say what CPL or RPL or DPL allows these commands necessarily to run or not run. For example CPL=2 , DPL=3 would be ok as well as CPL=1 point being is what privilege level is an instruction in.
For example take out instruction I know every instruction is valid in DPL=0 (ring 0 )
but could the out instruction be in DPL=1 (ring 1) if so then both ring 0 and ring 1 would have these privileges to use this instruction.
They Doesn't really tell you what instructions have what privileges if they can be used in ring 0 ,1,2,or3. They only give you the condition that it may thru a GP if your CPL > DPL never specify actually what ring class a particular instruction belongs to.
I am assuming the only time an instruction could fail to execute because of security issues is because it either accessed memory outside of its gdt entry or is an input/output port asm command.
Though I am unsure if my last sentence contains all the conditions and am still looking for a more satisfactory answer.
Please not I am on a 32bit intel machine not an amd or 64bit machine so please don't tell me how it works for those machines only want info on the 32bit ones
For M-Z http://www.intel.com/content/www/us/en/ ... anual.html
All the manuals say is if the
if CPL > DPL
#GP (throws a general protection fault) ...etc etc this is what out , outs , in , ins instructions says in the manual...
But it doesn't say what CPL or RPL or DPL allows these commands necessarily to run or not run. For example CPL=2 , DPL=3 would be ok as well as CPL=1 point being is what privilege level is an instruction in.
For example take out instruction I know every instruction is valid in DPL=0 (ring 0 )
but could the out instruction be in DPL=1 (ring 1) if so then both ring 0 and ring 1 would have these privileges to use this instruction.
They Doesn't really tell you what instructions have what privileges if they can be used in ring 0 ,1,2,or3. They only give you the condition that it may thru a GP if your CPL > DPL never specify actually what ring class a particular instruction belongs to.
I am assuming the only time an instruction could fail to execute because of security issues is because it either accessed memory outside of its gdt entry or is an input/output port asm command.
Though I am unsure if my last sentence contains all the conditions and am still looking for a more satisfactory answer.
Please not I am on a 32bit intel machine not an amd or 64bit machine so please don't tell me how it works for those machines only want info on the 32bit ones
Re: instruction privilege levels ?
Well , I found a list in the intel manual
Under privilege and protection page 216 of book volume 3A
lgdt , ltr ,mov cr0 ,...etc etc their is about 15 listed
And for the most part they are just the obvious commands that should be protected since you wouldn't want somebody in user land to issue LGDT or LIDT that would make protected mode very hackable.
Anyway I was kind of wondering why in,out,outs,ins are not mentioned their since these also cause a GP. Correct me if I am wrong?
So in the intel list are their any commands that are in ring 1 or 2 by default ?
Seems like all the privilege commands are in ring 0 and if your not their you cann't use these.
Curious if their was command that are by default in ring 1 or 2 (Or is it just ring 0 , (ring 1,2,3) in terms of instructions)
To put it another way their is really only 2 rings for instructions those that are privileged and those that aren't.
And the ones that are you must be in ring 0 to use.
But correct me if I am wrong.
Still worried though because I don't get where out/in instructions come in they are not on the intel list but in the other book they say if CPL or RPL > DPL then GP for out,in,ins,outs commands.
So I guess I don't understand how you set a different ring level for those instructions or if it is even possible ?
Under privilege and protection page 216 of book volume 3A
lgdt , ltr ,mov cr0 ,...etc etc their is about 15 listed
And for the most part they are just the obvious commands that should be protected since you wouldn't want somebody in user land to issue LGDT or LIDT that would make protected mode very hackable.
Anyway I was kind of wondering why in,out,outs,ins are not mentioned their since these also cause a GP. Correct me if I am wrong?
So in the intel list are their any commands that are in ring 1 or 2 by default ?
Seems like all the privilege commands are in ring 0 and if your not their you cann't use these.
Curious if their was command that are by default in ring 1 or 2 (Or is it just ring 0 , (ring 1,2,3) in terms of instructions)
To put it another way their is really only 2 rings for instructions those that are privileged and those that aren't.
And the ones that are you must be in ring 0 to use.
But correct me if I am wrong.
Still worried though because I don't get where out/in instructions come in they are not on the intel list but in the other book they say if CPL or RPL > DPL then GP for out,in,ins,outs commands.
So I guess I don't understand how you set a different ring level for those instructions or if it is even possible ?
Re: instruction privilege levels ?
You where told above that the TSS handles IO permissions. So, here's info on that:
http://wiki.osdev.org/TSS
http://en.wikipedia.org/wiki/Task_State ... ermissions
http://wiki.osdev.org/TSS
http://en.wikipedia.org/wiki/Task_State ... ermissions
Re: instruction privilege levels ?
Thank you between osdev and intel manuals I finally figured out where this problem is
not only GDT controls access but you have the IOPL bit in the cr0 register as well as the TSS IOPL field when switching context in a multithreaded OS. (like windows and linux)
My flaw in my logic was not factoring in ---> if "RPL" or CPL > DPL #GP
Curious, is their any other instructions that can cause security voliations other then accessing memory out of the GDT entry permission or
IOPL in/out instruction voliations cause by the cr0 bit or TSS segment?
When I say voliations I mean security not other stuff that can occur like divide by zero.
Only errors caused by not having enough permission to use an instruction.
Would I be correct in saying IOPL , and the 15 commands on the page 216 of book volume 3A would be the only ones not allowed in ring 3 unless you enable IOPL in the TSS?
Question 2)
Is their any instructions that have privilages in ring 1 or 2 that are not in ring 3 ?
Or is it just ring 0 has all permissions and ring 1,2,3 have the same permissions just considering instructions being able to use. Obviously the ring levels are all different by the memory they have access to... but I am only concerned about useable asm instructions in the rings.
From what I have found and read I cann't find any thing else.
Does anybody know for sure?
I am sorry I don't know how to word this basically I know all instructions can possible have security voliations due to memory and other stuff but I am only concerned with what asm instructions are forbidden in each of the different rings 1,2,3 that you could use in ring 0.
I know only of IOPL port commands and the 15 commands on the intel manual 3A. Just want confirmation if that is all.
I am asking only for 32bit machines not 16bit or 64bit machine..... Now that I think about "I am not fully sure but would seem to me you could use even some of the 15 privilage instructions like lldt if you placed LDT in ring 1,2,3 "
So maybe this question was poorly worded an I didn't have enough info at the time. (but then of course an TSS describtor can not be in an LDT).
not only GDT controls access but you have the IOPL bit in the cr0 register as well as the TSS IOPL field when switching context in a multithreaded OS. (like windows and linux)
My flaw in my logic was not factoring in ---> if "RPL" or CPL > DPL #GP
Curious, is their any other instructions that can cause security voliations other then accessing memory out of the GDT entry permission or
IOPL in/out instruction voliations cause by the cr0 bit or TSS segment?
When I say voliations I mean security not other stuff that can occur like divide by zero.
Only errors caused by not having enough permission to use an instruction.
Would I be correct in saying IOPL , and the 15 commands on the page 216 of book volume 3A would be the only ones not allowed in ring 3 unless you enable IOPL in the TSS?
Question 2)
Is their any instructions that have privilages in ring 1 or 2 that are not in ring 3 ?
Or is it just ring 0 has all permissions and ring 1,2,3 have the same permissions just considering instructions being able to use. Obviously the ring levels are all different by the memory they have access to... but I am only concerned about useable asm instructions in the rings.
From what I have found and read I cann't find any thing else.
Does anybody know for sure?
I am sorry I don't know how to word this basically I know all instructions can possible have security voliations due to memory and other stuff but I am only concerned with what asm instructions are forbidden in each of the different rings 1,2,3 that you could use in ring 0.
I know only of IOPL port commands and the 15 commands on the intel manual 3A. Just want confirmation if that is all.
I am asking only for 32bit machines not 16bit or 64bit machine..... Now that I think about "I am not fully sure but would seem to me you could use even some of the 15 privilage instructions like lldt if you placed LDT in ring 1,2,3 "
So maybe this question was poorly worded an I didn't have enough info at the time. (but then of course an TSS describtor can not be in an LDT).
If you understand all of the theory and the limits of the theory the rest is down hill from their.