background image

Vol. 1 6-7

PROCEDURE CALLS, INTERRUPTS, AND EXCEPTIONS

In this example, the highest privilege level 0 (at the center of the diagram) is used for segments that contain the 
most critical code modules in the system, usually the kernel of an operating system. The outer rings (with progres-
sively lower privileges) are used for segments that contain code modules for less critical software. 
Code modules in lower privilege segments can only access modules operating at higher privilege segments by 
means of a tightly controlled and protected interface called a gate. Attempts to access higher privilege segments 
without going through a protection gate and without having sufficient access rights causes a general-protection 
exception (#GP) to be generated.
If an operating system or executive uses this multilevel protection mechanism, a call to a procedure that is in a 
more privileged protection level than the calling procedure is handled in a similar manner as a far call (see Section 
6.3.2, “Far CALL and RET Operation”). The differences are as follows:

The segment selector provided in the CALL instruction references a special data structure called a call gate 
descriptor. Among other things, the call gate descriptor provides the following:
— access rights information
— the segment selector for the code segment of the called procedure
— an offset into the code segment (that is, the instruction pointer for the called procedure)

The processor switches to a new stack to execute the called procedure. Each privilege level has its own stack. 
The segment selector and stack pointer for the privilege level 3 stack are stored in the SS and ESP registers, 
respectively, and are automatically saved when a call to a more privileged level occurs. The segment selectors 
and stack pointers for the privilege level 2, 1, and 0 stacks are stored in a system segment called the task state 
segment (TSS). 

The use of a call gate and the TSS during a stack switch are transparent to the calling procedure, except when a 
general-protection exception is raised.

6.3.6 

CALL and RET Operation Between Privilege Levels

When making a call to a more privileged protection level, the processor does the following (see Figure 6-4):
1. Performs an access rights check (privilege check).
2. Temporarily saves (internally) the current contents of the SS, ESP, CS, and EIP registers.