Figure 5-32: Access control through paging
5.5.2.1.2.1Paging in the SLES kernel
The SLES kernel is based on Linux version 2.6.16, and implements
5.5.2.1.2.2Access control for control transfers through call gates
Call gates act as an interface layer between code segments at different privilege levels. They define entry points in more privileged code, to which control can be transferred. Intel processors use these call gates, which control CPU transitions from one level of privilege to other. Call gates are descriptors that contain pointers to
Operating systems can use call gates to establish secure entry points into system service routines. Before loading the code register with the code segment selector located in the call gate, the processor performs the following three privilege checks:
1.Compare the CPL with the
2.Compare the RPL in the
3.Call or jump, through a call gate, to a conforming segment requires that the CPL must be greater than or equal to the DPL. A call or jump through a call gate requires that the CPL must be equal to the DPL.
90