beautypg.com

4 accessing a code segment through a call gate – Intel IA-32 User Manual

Page 150

background image

4-20 Vol. 3A

PROTECTION

Target code segments referenced by a 64-bit call gate must be 64-bit code segments
(CS.L = 1, CS.D = 0). If not, the reference generates a general-protection exception, #GP
(CS selector).

Only 64-bit mode call gates can be referenced in IA-32e mode (64-bit mode and compati-
bility mode). The legacy 32-bit mode call gate type (0CH) is redefined in IA-32e mode as
a 64-bit call-gate type; no 32-bit call-gate type exists in IA-32e mode.

If a far call references a 16-bit call gate type (04H) in IA-32 mode, a general-protection
exception (#GP) is generated.

When a call references a 64-bit mode call gate, actions taken are identical to those taken in 32-bit
mode, with the following exceptions:

Stack pushes are made in eight-byte increments.

A 64-bit RIP is pushed onto the stack.

Parameter copying is not performed.

Use a matching far-return instruction size for correct operation (returns from 64-bit calls must
be performed with a 64-bit operand-size return to process the stack correctly).

4.8.4

Accessing a Code Segment Through a Call Gate

To access a call gate, a far pointer to the gate is provided as a target operand in a CALL or JMP
instruction. The segment selector from this pointer identifies the call gate (see Figure 4-10); the
offset from the pointer is required, but not used or checked by the processor. (The offset can be
set to any value.)

When the processor has accessed the call gate, it uses the segment selector from the call gate to
locate the segment descriptor for the destination code segment. (This segment descriptor can be
in the GDT or the LDT.) It then combines the base address from the code-segment descriptor
with the offset from the call gate to form the linear address of the procedure entry point in the
code segment.

As shown in Figure 4-11, four different privilege levels are used to check the validity of a
program control transfer through a call gate:

The CPL (current privilege level).

The RPL (requestor's privilege level) of the call gate’s selector.

The DPL (descriptor privilege level) of the call gate descriptor.

The DPL of the segment descriptor of the destination code segment.

The C flag (conforming) in the segment descriptor for the destination code segment is also
checked.