background image

6-8 Vol. 1

PROCEDURE CALLS, INTERRUPTS, AND EXCEPTIONS

3. Loads the segment selector and stack pointer for the new stack (that is, the stack for the privilege level being 

called) from the TSS into the SS and ESP registers and switches to the new stack.

4. Pushes the temporarily saved SS and ESP values for the calling procedure’s stack onto the new stack.
5. Copies the parameters from the calling procedure’s stack to the new stack. A value in the call gate descriptor 

determines how many parameters to copy to the new stack.

6. Pushes the temporarily saved CS and EIP values for the calling procedure to the new stack.
7. Loads the segment selector for the new code segment and the new instruction pointer from the call gate into 

the CS and EIP registers, respectively.

8. Begins execution of the called procedure at the new privilege level.
When executing a return from the privileged procedure, the processor performs these actions:
1. Performs a privilege check.
2. Restores the CS and EIP registers to their values prior to the call.
3. If the RET instruction has an optional n argument, increments the stack pointer by the number of bytes 

specified with the n operand to release parameters from the stack. If the call gate descriptor specifies that one 
or more parameters be copied from one stack to the other, a RET n instruction must be used to release the 
parameters from both stacks. Here, the n operand specifies the number of bytes occupied on each stack by the 
parameters. On a return, the processor increments ESP by n for each stack to step over (effectively remove) 
these parameters from the stacks.

4. Restores the SS and ESP registers to their values prior to the call, which causes a switch back to the stack of 

the calling procedure.

5. If the RET instruction has an optional n argument, increments the stack pointer by the number of bytes 

specified with the n operand to release parameters from the stack (see explanation in step 3).

6. Resumes execution of the calling procedure.

Figure 6-4.  Stack Switch on a Call to a Different Privilege Level

Param 1
Param 2

ESP Before Call

Stack for

Calling Procedure

ESP After Call

Stack for

Called Procedure

Calling SS

Calling ESP

Calling CS

Param 1
Param 2

Calling EIP

Stack Frame
Before Call

Stack Frame
After Call

Param 3

Param 3

ESP After Return

ESP Before Return

Calling SS

Calling ESP

Calling CS

Param 1
Param 2

Calling EIP

Param 3

Param 1
Param 2
Param 3

Note: On a return, parameters are

released on both stacks based on the
optional operand in the RET n instruction.