Program control transfer to privileged code segments through call gate descriptors, which in turn contain information to the location of target code segments, is called an inter-privilege call. The call gate descriptor is specified in the far form of the call/jmp instruction. The processor performs various privilege level checking before loading new data to the CS and EIP registers. General rules include checking following fields:
- CPL of current code segment.
- RPL of the requestor (segment selector of the far form call/jmp instruction)
- DPL of the call gate descriptor.
- DPL of target code segment descriptor.
CPL, RPL and DPL of target code segment are checked for privilege level switch. In addition, the DPL of the call gate descriptor acts as a guardian to control who has the access right of the target code segment according to the requestor’s privilege level. For instance, system software components that are designed to be accessed by both the system software itself and application programs (e.g., device I/O interfaces) could be executed through call gates that allow access at all privilege levels (DPL 0~3). Services that are designed to be used by system software internally (e.g., device initialization procedures) should only be accessed through more privileged call gates (DPL 0 or 1).
Stack switch occurs automatically if CPL differs from target code segment DPL. CPL changes to destination DPL accordingly. Stack pointers should be defined for each the task in its TSS structure for each privilege level it uses. Stack unwind is performed by the processor automatically after a far return instruction.
沒有留言:
張貼留言