Intel 64 and IA-32 Architectures Software Developers Manual Volume 1, Basic Architecture
6-10 Vol. 1
PROCEDURE CALLS, INTERRUPTS, AND EXCEPTIONS
• The processor switches to a new stack to execute the called procedure. Each
privilege level has its own stack. The segment selector and stack pointer for the
privilege level 3 stack are stored in the SS and ESP registers, respectively, and
are automatically saved when a call to a more privileged level occurs. The
segment selectors and stack pointers for the privilege level 2, 1, and 0 stacks are
stored in a system segment called the task state segment (TSS).
The use of a call gate and the TSS during a stack switch are transparent to the calling
procedure, except when a general-protection exception is raised.
6.3.6 CALL and RET Operation Between Privilege Levels
When making a call to a more privileged protection level, the processor does the
following (see Figure 6-4):
1. Performs an access rights check (privilege check).
2. Temporarily saves (internally) the current contents of the SS, ESP, CS, and EIP
registers.
Figure 6-4. Stack Switch on a Call to a Different Privilege Level
Param 1
Param 2
ESP Before Call
Stack for
Calling Procedure
ESP After Call
Stack for
Called Procedure
Calling SS
Calling ESP
Calling CS
Param 1
Param 2
Calling EIP
Stack Frame
Before Call
Stack Frame
After Call
Param 3
Param 3
ESP After Return
ESP Before Return
Calling SS
Calling ESP
Calling CS
Param 1
Param 2
Calling EIP
Param 3
Param 1
Param 2
Param 3
Note: On a return, parameters are
released on both stacks based on the
optional
n operand in the RET n instruction.