This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Stack Switch on a Call to a Different Privilege Level 6-10 Vol. 1 PROCEDURE CALLS, INTERRUPTS, AND EXCEPTIONS 3. Loads the segment selector and stack pointer for the new stack (that is, the stack for the privilege level being called) from the TSS into the SS and ESP registers and switches to the new stack. 4. Pushes the temporarily saved SS and ESP values for the calling procedure's stack onto the new stack. 5. Copies the parameters from the calling procedure's stack to the new stack. A value in the call gate descriptor determines how many parameters to copy to the new stack. 6. Pushes the temporarily saved CS and EIP values for the calling procedure to the new stack. 7. Loads the segment selector for the new code segment and the new instruction pointer from the call gate into the CS and EIP registers, respectively. 8. Begins execution of the called procedure at the new privilege level. When executing a return from the privileged procedure, the processor performs these actions: 1. Performs a privilege check. 2. Restores the CS and EIP registers to their values prior to the call. 3. If the RET instruction has an optional n argument, increments the stack pointer by the number of bytes specified with the n operand to release parameters from the stack. If the call gate descriptor specifies that one or more parameters be copied from one stack to the other, a RET n instruction must be used to release the parameters from both stacks. Here, the n operand specifies the number of bytes occupied on each stack by the parameters. On a return, the processor increments ESP by n for each stack to step over (effectively remove) these parameters from the stacks. 4. Restores the SS and ESP registers to their values prior to the call, which causes a switch back to the stack of the calling procedure. 5. If the RET instruction has an optional n argument, increments the stack pointer by the number of bytes specified with the n operand to release parameters from the stack (see explanation in step 3). 6. Resumes execution of the calling procedure. See Chapter 4, "Protection," in the Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 3A, for detailed information on calls to privileged levels and the call gate descriptor. 6.3.7 Branch Functions in 64-Bit Mode The 64-bit extensions expand branching mechanisms to accommodate branches in 64-bit linear-address space. These are: Near-branch semantics are redefined in 64-bit mode Vol. 1 6-11 PROCEDURE CALLS, INTERRUPTS, AND EXCEPTIONS In 64-bit mode and compatibility mode, 64-bit call-gate descriptors for far calls are available In 64-bit mode, the operand size for all near branches (CALL, RET, JCC, JCXZ, JMP, and LOOP) is forced to 64 bits. These instructions update the 64-bit RIP without the need for a REX operand-size prefix. The following aspects of near branches are controlled by the effective operand size: Truncation of the size of the instruction pointer Size of a stack pop or push, due to a CALL or RET S...
View Full Document
- Winter '11