Translation: 4.8 privileged-level checks during transfer control between code segments

4.8 privilege level checking when transferring program control between code segments (privileged-level checks during control transfer between code segments)
To transfer control from a code segment to another code segment, you must load the selection child of the target code segment into the code segment register (CS ). During the loading process, the processor checks the descriptor of the target code segment and performs various boundary, type, and privilege checks. If these checks are passed, CS will be successfully loaded, program control will be transferred to the new code segment, and the program will start to execute the commands indicated by the EIP register.
The Control Transfer of a program can be implemented using JMP, call, sysenter, sysexit, int N, and iret commands, or the exception and interruption mechanisms. Exception, interrupt, and iret commands will be discussed as special circumstances in chapter 5, "interrupt and Exception Handling ". This chapter only discusses JMP, call, RET, sysenter, and sysexit commands.
The JMP and call commands can reference another code segment in any of the following four methods.
1. The target operand contains the selection child of the target code segment.
2. The target operand points to a call gate descriptor that contains the sub-selection of the target code segment.
3. The target operand points to a TSS that contains the child of the target code segment.
4. The target operand points to a task gate, which points to another (in turn does not know how to translate) TSS containing the child of the target code segment Selection
The following sections describe the first two reference methods. For details about how to use the task gate and/or TSS to implement control transfer, see section 6.3, "task switching ".
The sysenter and sysexit commands are dedicated commands that are quickly called and returned from the operating system or executable program (the sysenter and sysexit instructions are special instructions for making fast callto and returns from operating system or executive procedures I don't know how to express it ). These commands are described in section 4.8.7 "using sysenter and sysexit commands for quick system calling.

4.8.1 direct CILS or jumps to code segments (direct call or jump to the code segment)
The JMP, call, and RET commands are transferred in close proximity within the current code segment, so no privileged checks are performed. Remote JMP, call, and RET commands transfer control from one code segment to another, so the processor needs to perform privileged checks.
When a transfer between code segments is not controlled by a call gate, the processor checks the information of four privileged levels and types (see Figure 4-6)
1. Cpl. (here, CPL is the privileged level of the caller code segment, that is, the code segment that contains the call or jump command ).

2. DPL (-_-!) that contains the descriptor of the target code segment of the called program (-_-!).
3. Select the sub-RPL for the target code segment
4. The consistent code flag of the target code segment descriptor determines whether the code segment is consistent (C flag is set) or inconsistent (C flag is cleared ). For more information about this identifier, see section 3.4.5.1 "code and data segment descriptor type ".
The CPU check CPL, RPL, and DPL rules should be determined based on the location of the C flag. The following sections will explain in detail.

4.8.1.1 accessing nonconforming code segments (access inconsistent code segments)
When you access a non-consistent code segment, the caller's CPL must be equal to the DPL of the target code segment; otherwise, the processor will generate a general protection error. For example, see Figure 4-7.
1. Code segment C is a non-consistent code segment. Programs in code snippet A can call programs in code snippet C (use to select Sub-C1) because they are at the same privileged level (CPL of code snippet A is equal to DPL of code snippet C)
2. Programs in Section B cannot call programs in section C (select child C2 or C1) because these two segments are at different levels of privilege.

Has a limited effect on ??). The RPL must be greater than or equal to the CPL Number of the caller program to successfully control the transfer. Therefore, in the example in Figure 4-7, RPL with sub-C1 and C2 can be set to 0, 1, or 2, but not 3.
When the selector of an inconsistent code segment is loaded into the CS register, the privileged field is not changed, that is, it also maintains the original CPL (that is, the caller program privilege level ). This is true even if the sub-selection of this segment is different from that of CPL.

4.8.1.2 accessing conforming code segments (consistent access code segment)
When a consistent code segment is accessed, the caller's CPL number can be greater than or equal to (lower than the privileged level) the DPL of the target code segment; A general protection error occurs only when CPL is smaller than DPL. (If the target code segment is a consistent code segment, the RPL of the selected sub-segment will not be checked ).
In Example 4-7, code segment D is the same code segment. Therefore, the caller programs in code snippet A and B can access code snippet D (Select Sub-D1 or D2 respectively) because their CPL is greater than or equal to the DPL of the same code segment. For consistent code segments, DPL represents the minimum privilege level (CPL) number that the caller can successfully call this program.
(Note that the selection of sub-D1 and D2 is the same except their respective RPL. However, because RPL is not checked when you access a consistent code segment, the selection of the two segments is actually interchangeable .)
Cpl does not change when the program control is transferred to a consistent code segment, even if the DPL of the target code segment is smaller than Cpl. This is the only difference between CPL and DPL of the current Code segment. At the same time, because CPL does not change, there will be no stack switching.
Consistent code segments are usually used in code modules such as math libraries and Exception Handling. They support applications but do not need to access protected system devices. These modules are part of the operating system or executable software, but they can be executed at a higher level of privilege. When you jump to a consistent code segment, the CPL of the caller program prevents the application from accessing inconsistent code segments at the privileged level of the same code segment. This prevents the application from accessing data at a high-privilege level.
Most code segments are inconsistent. For these segments, program control can only be transferred to code segments of the same privilege level, unless the conversion is implemented through the call gate, which will be described in the following sections.