ABSTRACT
In protected mode, every code segment has an associated Descriptor Privilege Level stored in the descriptor table. Each code segment also has a separate attribute for I/O Privilege Level, also stored in the descriptor table. When an IN or OUT instruc tion is executed in protected mode, the processor compares the segment’s IOPL to the privilege level of the currently executing code segment (called CPL for current privi lege level). If CPL < IOPL, the segment has enough privilege, and the processor exe cutes the instruction. If CPL >= IOPL, the processor uses the IOPM as a second level of protection. The IOPM is a bit-mapped list of ports: a 1 bit means “access denied”, and a 0 bit means “access granted”, So if CPL >= IOPL and the IOPM bit for the spe cific port is clear, the instruction is executed. But if the IOPM bit for that port is set, the processor generates an exception.