Task State Segment - I/O Port Permissions

I/O Port Permissions

The TSS contains a 16-bit pointer to I/O port permissions bitmap for the current task. This bitmap, usually set up by the operating system when a task is started, specifies individual ports to which the program should have access. The I/O bitmap is a bit array of port access permissions; if the program has permission to access a port, a "0" is stored at the corresponding bit index, and if the program does not have permission, a "1" is stored there. The feature operates as follows: when a program issues an x86 I/O port instruction such as IN or OUT (see x86 instruction listings), the hardware will do an I/O privilege level (IOPL) check to see if the program has access to all I/O ports. If the CPL of the program is numerically greater than the IOPL (the program is less-privileged than what the IOPL specifies), the program does not have I/O port access to all ports. The hardware will then check the I/O permissions bitmap in the TSS to see if that program can access the specific port in the IN or OUT instruction. If the bit in the I/O port permissions bitmap is clear, the program is allowed access to this port, and the instruction is allowed to execute. If the bit is set, the program does not have access and the processor generates a general protection fault. This feature allows operating systems to grant selective port access to user programs.