Intel 64 and IA-32 Architectures Software Developers Manual Volume 2B, Instruction Set Reference, N-Z
4-254 Vol. 2B
INSTRUCTION SET REFERENCE, N-Z
The mechanics of an inter-privilege-level far return are similar to an intersegment
return, except that the processor examines the privilege levels and access rights of
the code and stack segments being returned to determine if the control transfer is
allowed to be made. The DS, ES, FS, and GS segment registers are cleared by the
RET instruction during an inter-privilege-level return if they refer to segments that
are not allowed to be accessed at the new privilege level. Since a stack switch also
occurs on an inter-privilege level return, the ESP and SS registers are loaded from
the stack.
If parameters are passed to the called procedure during an inter-privilege level call,
the optional source operand must be used with the RET instruction to release the
parameters on the return. Here, the parameters are released both from the called
procedure’s stack and the calling procedure’s stack (that is, the stack being returned
to).
In 64-bit mode, the default operation size of this instruction is the stack size, i.e. 64
bits.
Operation
(* Near return *)
IF instruction
= Near return
THEN;
IF OperandSize
= 32
THEN
IF top 4 bytes of stack not within stack limits
THEN #SS(0); FI;
EIP ← Pop();
ELSE
IF OperandSize = 64
THEN
IF top 8 bytes of stack not within stack limits
THEN #SS(0); FI;
RIP ← Pop();
ELSE (* OperandSize
= 16 *)
IF top 2 bytes of stack not within stack limits
THEN #SS(0); FI;
tempEIP ← Pop();
tempEIP ← tempEIP AND 0000FFFFH;
IF tempEIP not within code segment limits
THEN #GP(0); FI;
EIP ← tempEIP;
FI;
FI;