After further studying, I find that the mechanism of code and data segments' privilege arrangement under the (real &) protected mode a bit of puzzling:

1) for code segment, it is common for low level privilege code to call the higher privilege level code(in Confirming Code Segment). And the addition of GATE mechanism in protected mode to solve the non-Confirming Code Segment calling problem also let the lower level call the higher level.

2) yet for data segment, it is common for higher level to 'see' the lower level data, as if for security arrangement in daily life.

I wonder why IA32 machine adopt such kind of inverse mechanism specifically for code and data segment? There must ly some implicit justifications.

I am very grantful for anyone who is generous to share his/her ideas.
Posted on 2010-01-26 04:30:48 by JackCrital2005
Should I put this post in another sub-forum of this Messageboard? It seems I put it in the wrong place.
Posted on 2010-01-27 17:27:59 by JackCrital2005

1. Less-privileged code should have means of calling more-privileged code, thus conforming code segments and gates are implemented.

2. More-privileged code should have means to access parameters passed from less-privileged code, thus CPL/RPL/DPL access rules are established and stack switch is implemented.

This is it, in a nutshell.
Posted on 2010-01-28 12:11:34 by baldr