5-16 Vol. 3A
PROTECTION
The privilege checking rules are different depending on whether the control transfer was initiated with a CALL or a
JMP instruction, as shown in Table 5-1.
The DPL field of the call-gate descriptor specifies the numerically highest privilege level from which a calling proce-
dure can access the call gate; that is, to access a call gate, the CPL of a calling procedure must be equal to or less
than the DPL of the call gate. For example, in Figure 5-15, call gate A has a DPL of 3. So calling procedures at all
CPLs (0 through 3) can access this call gate, which includes calling procedures in code segments A, B, and C. Call
gate B has a DPL of 2, so only calling procedures at a CPL or 0, 1, or 2 can access call gate B, which includes calling
procedures in code segments B and C. The dotted line shows that a calling procedure in code segment A cannot
access call gate B.
The RPL of the segment selector to a call gate must satisfy the same test as the CPL of the calling procedure; that
is, the RPL must be less than or equal to the DPL of the call gate. In the example in Figure 5-15, a calling procedure
in code segment C can access call gate B using gate selector B2 or B1, but it could not use gate selector B3 to
access call gate B.
If the privilege checks between the calling procedure and call gate are successful, the processor then checks the
DPL of the code-segment descriptor against the CPL of the calling procedure. Here, the privilege check rules vary
between CALL and JMP instructions. Only CALL instructions can use call gates to transfer program control to more
privileged (numerically lower privilege level) nonconforming code segments; that is, to nonconforming code
segments with a DPL less than the CPL. A JMP instruction can use a call gate only to transfer program control to a
nonconforming code segment with a DPL equal to the CPL. CALL and JMP instruction can both transfer program
control to a more privileged conforming code segment; that is, to a conforming code segment with a DPL less than
or equal to the CPL.
Figure 5-11. Privilege Check for Control Transfer with Call Gate
Table 5-1. Privilege Check Rules for Call Gates
Instruction
Privilege Check Rules
CALL
CPL ≤ call gate DPL; RPL ≤ call gate DPL
Destination conforming code segment DPL ≤ CPL
Destination nonconforming code segment DPL ≤ CPL
JMP
CPL ≤ call gate DPL; RPL ≤ call gate DPL
Destination conforming code segment DPL ≤ CPL
Destination nonconforming code segment DPL = CPL
CPL
RPL
DPL
DPL
Privilege
Check
Call Gate (Descriptor)
Destination Code-
CS Register
Call-Gate Selector
Segment Descriptor