Manualshelf

User's Manual

ManualsBrandsIntel ManualsComputer AccessoriesIntel Intel Computer Accessories 80286
141142143144145146147148149150
PROTECTION
The following
is
a description of the protection checks performed while transferring control (with the
CALL instruction) through a call gate:
Verifying that access to the call gate
is
allowed. One of the protection features provided by call
gates
is
the access checks made to determine if the call gate may be used (i.e., checking if the
privilege level of the calling program
is
adequate).
Determining the destination address and whether a privilege transition
is
required. This feature
makes privilege transitions transparent to the caller.
Performing the privilege transition, if required.
Verifying access to a call gate
is
the same for any call gate and
is
independent of whether a
JMP
or
CALL instruction
was
used. The rules of privilege used
to
determine whether a data segment may be
accessed are employed to check if a call gate may be jumped-to
or
called. Thus, privileged subroutines
can be hidden from untrusted programs
by
the absence of a call gate.
When an inter-segment CALL or
JMP
instruction selects a call gate, the gate's privilege and presence
will
be checked. The gate's DPL (in the access byte)
is
checked against the EPL (MAX (task CPL,
selector RPL)).
If
EPL
> CPL, the program
is
less privileged than the gate and therefore it may not
make a transition. In this case, a general protection fault occurs with an error code identifying the
gate. Otherwise, the gate
is
accessible from the program executing the call, and the control transfer
is
allowed to continue. After the privilege checks, the descriptor presence
is
checked.
If
the present bit
of the gate access rights byte
is
0 (Le., the target code segment
is
not present), not present fault occurs
with an error code identifying the gate.
The checks indicated
in
table
7-3
are applied to the contents of the call gate. Violating any of them
causes the exception shown. The
low
order
two
bits of the error code are zero for these exceptions.
7.5.1.2
INTRA-LEVEL TRANSFERS VIA CALL GATE
The transfer
is
Intra-level if the destination code segment
is
at the same privilege level
as
CPL. Either
the code segment
is
non-conforming with DPL = CPL, or it
is
conforming, with DPL
:$
CPL (see
section 11.2
for
this case). The 32-bit destination address
in
the gate
is
loaded into CS:IP.
Table 7-3. Call Gate Checks
Type
of
Check
Fault(1)
Error Code
Se!eC!0r
j"
,,(It NIIII
GP
0
Selector is within Descriptor Table Limit
GP
Selector
id
Descriptor is a Code Segment
GP
Code Segment id
Code Segment is
Present
NP
Code Segment id
Nonconforming Code Segment
DPL > CPL
GP
Code Segment id
NOTES:
(1)
GP = General Protection, NP = Not-Present Exception.
The offset portion
of
the JMP
or
CALL destination address which refers to a call gate is always ignored.
7-18