2-4 Vol. 3A
SYSTEM ARCHITECTURE OVERVIEW
Each segment descriptor has an associated segment selector. A segment selector provides the software that uses
it with an index into the GDT or LDT (the offset of its associated segment descriptor), a global/local flag (deter-
mines whether the selector points to the GDT or the LDT), and access rights information.
To access a byte in a segment, a segment selector and an offset must be supplied. The segment selector provides
access to the segment descriptor for the segment (in the GDT or LDT). From the segment descriptor, the processor
obtains the base address of the segment in the linear address space. The offset then provides the location of the
byte relative to the base address. This mechanism can be used to access any valid code, data, or stack segment,
provided the segment is accessible from the current privilege level (CPL) at which the processor is operating. The
CPL is defined as the protection level of the currently executing code segment.
See Figure 2-1. The solid arrows in the figure indicate a linear address, dashed lines indicate a segment selector,
and the dotted arrows indicate a physical address. For simplicity, many of the segment selectors are shown as
direct pointers to a segment. However, the actual path from a segment selector to its associated segment is always
through a GDT or LDT.
The linear address of the base of the GDT is contained in the GDT register (GDTR); the linear address of the LDT is
contained in the LDT register (LDTR).
2.1.1.1
Global and Local Descriptor Tables in IA-32e Mode
GDTR and LDTR registers are expanded to 64-bits wide in both IA-32e sub-modes (64-bit mode and compatibility
mode). For more information: see Section 3.5.2, “Segment Descriptor Tables in IA-32e Mode.”
Global and local descriptor tables are expanded in 64-bit mode to support 64-bit base addresses, (16-byte LDT
descriptors hold a 64-bit base address and various attributes). In compatibility mode, descriptors are not
expanded.
2.1.2
System Segments, Segment Descriptors, and Gates
Besides code, data, and stack segments that make up the execution environment of a program or procedure, the
architecture defines two system segments: the task-state segment (TSS) and the LDT. The GDT is not considered
a segment because it is not accessed by means of a segment selector and segment descriptor. TSSs and LDTs have
segment descriptors defined for them.
The architecture also defines a set of special descriptors called gates (call gates, interrupt gates, trap gates, and
task gates). These provide protected gateways to system procedures and handlers that may operate at a different
privilege level than application programs and most procedures. For example, a CALL to a call gate can provide
access to a procedure in a code segment that is at the same or a numerically lower privilege level (more privileged)
than the current code segment. To access a procedure through a call gate, the calling procedure
1
supplies the
selector for the call gate. The processor then performs an access rights check on the call gate, comparing the CPL
with the privilege level of the call gate and the destination code segment pointed to by the call gate.
If access to the destination code segment is allowed, the processor gets the segment selector for the destination
code segment and an offset into that code segment from the call gate. If the call requires a change in privilege
level, the processor also switches to the stack for the targeted privilege level. The segment selector for the new
stack is obtained from the TSS for the currently running task. Gates also facilitate transitions between 16-bit and
32-bit code segments, and vice versa.
2.1.2.1
Gates in IA-32e Mode
In IA-32e mode, the following descriptors are 16-byte descriptors (expanded to allow a 64-bit base): LDT descrip-
tors, 64-bit TSSs, call gates, interrupt gates, and trap gates.
Call gates facilitate transitions between 64-bit mode and compatibility mode. Task gates are not supported in IA-
32e mode. On privilege level changes, stack segment selectors are not read from the TSS. Instead, they are set to
NULL.
1. The word “procedure” is commonly used in this document as a general term for a logical unit or block of code (such as a program, pro-
cedure, function, or routine).