background image

5-10 Vol. 3A

PROTECTION

5.7 

PRIVILEGE LEVEL CHECKING WHEN LOADING THE SS REGISTER

Privilege level checking also occurs when the SS register is loaded with the segment selector for a stack segment. 
Here all privilege levels related to the stack segment must match the CPL; that is, the CPL, the RPL of the stack-
segment selector, and the DPL of the stack-segment descriptor must be the same. If the RPL and DPL are not equal 
to the CPL, a general-protection exception (#GP) is generated.

5.8 

PRIVILEGE LEVEL CHECKING WHEN TRANSFERRING PROGRAM CONTROL 

BETWEEN CODE SEGMENTS

To transfer program control from one code segment to another, the segment selector for the destination code 
segment must be loaded into the code-segment register (CS). As part of this loading process, the processor exam-
ines the segment descriptor for the destination code segment and performs various limit, type, and privilege 
checks. If these checks are successful, the CS register is loaded, program control is transferred to the new code 
segment, and program execution begins at the instruction pointed to by the EIP register. 
Program control transfers are carried out with the JMP, CALL, RET, SYSENTER, SYSEXIT, SYSCALL, SYSRET, INT n
and IRET instructions, as well as by the exception and interrupt mechanisms. Exceptions, interrupts, and the IRET 
instruction are special cases discussed in Chapter 6, “Interrupt and Exception Handling.” This chapter discusses 
only the JMP, CALL, RET, SYSENTER, SYSEXIT, SYSCALL, and SYSRET instructions.
A JMP or CALL instruction can reference another code segment in any of four ways:

The target operand contains the segment selector for the target code segment.

The target operand points to a call-gate descriptor, which contains the segment selector for the target code 
segment.

The target operand points to a TSS, which contains the segment selector for the target code segment. 

The target operand points to a task gate, which points to a TSS, which in turn contains the segment selector for 
the target code segment. 

The following sections describe first two types of references. See Section 7.3, “Task Switching,” for information on 
transferring program control through a task gate and/or TSS.
The SYSENTER and SYSEXIT instructions are special instructions for making fast calls to and returns from operating 
system or executive procedures. These instructions are discussed in Section 5.8.7, “Performing Fast Calls to 
System Procedures with the SYSENTER and SYSEXIT Instructions.”
The SYCALL and SYSRET instructions are special instructions for making fast calls to and returns from operating 
system or executive procedures in 64-bit mode. These instructions are discussed in Section 5.8.8, “Fast System 
Calls in 64-Bit Mode.”

5.8.1 

Direct Calls or Jumps to Code Segments

The near forms of the JMP, CALL, and RET instructions transfer program control within the current code segment, 
so privilege-level checks are not performed. The far forms of the JMP, CALL, and RET instructions transfer control 
to other code segments, so the processor does perform privilege-level checks. 
When transferring program control to another code segment without going through a call gate, the processor 
examines four kinds of privilege level and type information (see Figure 5-6):

The CPL. (Here, the CPL is the privilege level of the calling code segment; that is, the code segment that 
contains the procedure that is making the call or jump.)