PROTECTION

To achieve control transfers, a special descriptor type called a gate is provided to mediate the change in privilege level. Control transfer instructions call the gate rather than transfer directly to a code segment. From the viewpoint of the program, a control transfer to a gate is the same as to another code segment.

Gates allow programs to use other programs at more privileged levels in the same manner as a program at the same privilege level. Programmers need never distinguish between programs or subroutines that are more privileged than the current program and those that are not. The system designer may, however, elect to use gates only for control transfers that cross privilege levels.

7.5.1 Gates

A gate is a four-word control descriptor used to redirect a control transfer to a different code segment in the same or more privileged level or to a different task. There are four types of gates: call, trap, interrupt, and task gates. The access rights byte distinguishes a gate from a segment descriptor, and determines which type of gate is involved. Figure 7-10 shows the format of a gate descriptor.

A key feature of a gate is the re-direction it provides. All four gate types define a new address which transfers control when invoked. This destination address normally cannot be accessed by a program. Loading the selector to a call gate into SS, DS, or ES will cause a general protection fault with an error code identifying the invalid selector.

Only the selector portion of an address is used to invoke a gate. The offset is ignored. All that a program need know about the desired function is the selector required to invoke the gate. The 80286 will automatically start the execution at the correct address stored within the gate.

A further advantage of a gate is that it provides a fixed address for any program to invoke another program. The calling program's address remains unaltered even if the entry address of the destination program changes. Thus, gates provide a fixed set of entry points that allow a task to access Operating System functions such as simple subroutines, yet the task is prohibited from simply jumping into the middle of the Operating System.

Call gates, as described in the next section, are used for control transfers within a task which must either be transparently redirected or which require an increase in privilege level. A call gate normally specifies a subroutine at a greater privilege level, and the called routine returns via a return instruction. Call gates also support delayed binding (resolution of target routine addresses at run-time rather than program-generation-time).

Trap and interrupt gates handle interrupt operations that are to be serviced within the current task.

Interrupt gates cause interrupTs io Ot ui:sauitd~ trap gates do iict. Tr:lp :l!'!d i!~te!"!"12pt g~te.s both require a return via the interrupt return instruction.

Task gates are used to control transfers between tasks and to make use of task state segments for task control and status information. Tasks are discussed in Chapter 8, interrupts in Chapter 9.

In the 80286 protection model, each privilege level has its own stack. Therefore, a control transfer (call or return) that changes the privilege level causes a new stack to be invoked,

7-16

Page 141 Page 143
Page 142
Image 142
Intel 80287, 80286 manual Gates
Page 141 Page 143
Top Page Image Contents