What prevents a user-space program from switching to higher levels? [duplicate]

Question

This question already has answers here:

entering ring 0 from user mode (3 answers)

Closed 8 years ago.

Context:
according to this description user-space programms cannot perform all operations which are provided by the processors. The description in the link above says that there are different operation levels inside the cpu.

Question:
How is user-space code prevented from beeing executed in privileged levels by the cpu? Couldn't it be possible to switch into higher levels by using assembly language without using system-calls?

I am pretty sure it is not, but I do not understand why. Could anyone please point this out or point to some resources which deals with this topic?

Answer 1

When the cpu reaches an instruction which, due to the identity of the instruction to be executed, the memory address to be accessed, or some other condition, is not permitted at the current privilege level, a cpu exception is raised. This essentially saves the current cpu state (register contents, etc.) and transfers execution to a preset kernel address running at kernel privilege level, which can inspect the operation that was to be performed and decide how to proceed. In practice, it will generally end with the kernel killing the process if the operation to be performed is not permitted.

Answer 2

The cpu processes code stored in ram. The memory keeps flags. The memory has a special layout. There are so called descriptor tables, which translate physical memory into virtual one. First there is a descriptortest or segment test where the gdt is read. The gdt contains a value called descriptor privilege level. It contains the value of the ringlevel, which the calling process must meet. If it does not, no access is granted. Then comes the page directory test, which has a supervisor bit. This also must meet certain conditions. If it is zero only priviligeged prozesses may access this page table in the page directory. If the value is one, all processes may acces the pages in the current checked page directory entry. The last test is the page test. Its checks are like the previous checks. If a process passed all checks succesfully, access to the memory page is granted. Cpu Register c3 should be of interest here.