background image

Vol. 3A 5-13

PROTECTION

prevents an application program from accessing nonconforming code segments while at the privilege level (DPL) of 
a conforming code segment and thus prevents it from accessing more privileged data.
Most code segments are nonconforming. For these segments, program control can be transferred only to code 
segments at the same level of privilege, unless the transfer is carried out through a call gate, as described in the 
following sections.

5.8.2 Gate 

Descriptors

To provide controlled access to code segments with different privilege levels, the processor provides special set of 
descriptors called gate descriptors. There are four kinds of gate descriptors:

Call gates

Trap gates

Interrupt gates

Task gates

Task gates are used for task switching and are discussed in Chapter 7, “Task Management”. Trap and interrupt 
gates are special kinds of call gates used for calling exception and interrupt handlers. The are described in Chapter 
6, “Interrupt and Exception Handling.” This 
chapter is concerned only with call gates. 

5.8.3 Call 

Gates

Call gates facilitate controlled transfers of program control between different privilege levels. They are typically 
used only in operating systems or executives that use the privilege-level protection mechanism. Call gates are also 
useful for transferring program control between 16-bit and 32-bit code segments, as described in Section 21.4, 
“Transferring Control Among Mixed-Size Code Segments.”
Figure 5-8 shows the format of a call-gate descriptor. A call-gate descriptor may reside in the GDT or in an LDT, but 
not in the interrupt descriptor table (IDT). It performs six functions:

It specifies the code segment to be accessed.

It defines an entry point for a procedure in the specified code segment.

It specifies the privilege level required for a caller trying to access the procedure.

If a stack switch occurs, it specifies the number of optional parameters to be copied between stacks.

It defines the size of values to be pushed onto the target stack: 16-bit gates force 16-bit pushes and 32-bit 
gates force 32-bit pushes.

It specifies whether the call-gate descriptor is valid. 

The segment selector field in a call gate specifies the code segment to be accessed. The offset field specifies the 
entry point in the code segment. This entry point is generally to the first instruction of a specific procedure. The 
DPL field indicates the privilege level of the call gate, which in turn is the privilege level required to access the 

Figure 5-8.  Call-Gate Descriptor

31

16 15

13

14

12 11

8 7

0

P

Offset in Segment 31:16

D
P

L

Type

0

4

31

16 15

0

Segment Selector

Offset in Segment 15:00

0

Param.

0

0

1

1

P

DPL

Gate Valid

Descriptor Privilege Level

Count

4

5

6

0   0   0