In protected mode, the processor in the "class" is not only reflected in the access code and data, is also reflected in the instructions.
One reason is graded instruction, execute some instructions have serious impact on the computer, they are only to be executed at privilege level 0, it is called privileged instructions (Privilege Instruction). For example hlt instruction, it can let the computer shut down, the processor trust only the operating system, so it had to be placed at 0 privilege level. There are similar lgdt, lidt, ltr, popf etc. These instructions affect the normal operation of the computer plays no small matter, the only operating system to execute them personally was assured.
On the other hand reflected in the I / O read and write control. IO read and write privileges are determined by the flag register eflags IOPL IO bit in the TSS and the bitmap are used to specify the minimum privilege level of an IO operation. IO related instructions can only be executed when the current privilege level greater than or equal IOPL, they are called IO sensitive instruction (I / O Sensitive Instruction), these instructions are executed if the current privilege level is less than IOPL throws exception processor. Such instructions have in, out, cli, sti. So you know, not just the operating system can be IO port access, the user process is also possible, but the operating system does not allow a user process to do so.
Usually we are taught the idea that the user process can not access the hardware directly, the operating system must want to help, only superior operating system have the ability to access peripherals. Responsibilities of the operating system is to manage computer resources, including software and hardware resources, does not allow direct manipulation user process peripherals, a management strategy which is just the operating system, because this is for the protection of the computer, who can guarantee users program all of them are so good and reliable it, in case the user program illegal use of the hardware, the damage but it is difficult to estimate, the protection of computer security is the responsibility of the operating system, the program should not let untrusted computer may have damage.
We long ago introduced eflags register it, and now to see the next IOPL bit eflags register, as
In eflags first register is 12 ~ 13 IOPL (I / O Privilege Level), i.e. privileged IO, which in addition to the limitations of the current task instruction IO sensitive lowest privilege level, the task is also used to decide whether to permit operation of all IO port of, yes, all of the IO port, all of the switches open the IOPL bit IO ports (port access is provided to separate the IO bitmap embodiment, a description will be). Each task (kernel processes or user processes) have their own eflags registers, so each mission has its own IOPL, which represents all IO instructions in order to execute the task at the lowest privilege level, which is the lowest CPL processor , only the current privilege level is greater than the task equal to IO IOPL allowed to execute all instructions, i.e., the value of CPL <= IOPL.
CPL is 0:00 processor is almighty, so the lower privilege level 0 IO processor is not subject to restrictions. IOPL how to set it? Under section say.