User's Manual
Vol. 3 5-25
PROTECTION
Call gates allow a single code segment to have procedures that can be accessed at
different privilege levels. For example, an operating system located in a code
segment may have some services which are intended to be used by both the oper
-
ating system and application software (such as procedures for handling character
I/O). Call gates for these procedures can be set up that allow access at all privilege
levels (0 through 3). More privileged call gates (with DPLs of 0 or 1) can then be set
up for other operating system services that are intended to be used only by the oper
-
ating system (such as procedures that initialize device drivers).
5.8.5 Stack Switching
Whenever a call gate is used to transfer program control to a more privileged
nonconforming code segment (that is, when the DPL of the nonconforming destina-
tion code segment is less than the CPL), the processor automatically switches to the
stack for the destination code segment’s privilege level. This stack switching is
carried out to prevent more privileged procedures from crashing due to insufficient
stack space. It also prevents less privileged procedures from interfering (by accident
or intent) with more privileged procedures through a shared stack.
Figure 5-12. Example of Accessing Call Gates At Various Privilege Levels
Code
Segment A
Stack SwitchNo Stack
Switch Occurs Occurs
Lowest Privilege
Highest Privilege
3
2
1
0
Call
Gate A
Code
Segment B
Call
Gate B
Code
Segment C
Code
Segment D
Code
Segment E
Nonconforming
Code Segment
Conforming
Code Segment
Gate Selector A
RPL=3
Gate Selector B1
RPL=2
Gate Selector B2
RPL=1
CPL=3
CPL=2
CPL=1
DPL=3
DPL=2
DPL=0 DPL=0
Gate Selector B3
RPL=3