
M80C286
scriptor or execute only code segment) exception 13
occurs. If the segment is not present, exception 11
is generated.
Instructions that load selectors into SS must refer to
data segment descriptors for writable data seg-
ments. The descriptor privilege (DPL) and RPL must
equal CPL. All other descriptor types or a privilege
level violation will cause exception 13. A not present
fault causes exception 12.
CONTROL TRANSFER
Four types of control transfer can occur when a se-
lector is loaded into CS by a control transfer opera-
tion (see Table 10). Each transfer type can only oc-
cur if the operation which loaded the selector refer-
ences the correct descriptor type. Any violation of
these descriptor usage rules (e.g. JMP through a call
gate or RET to a Task State Segment) will cause
exception 13.
The ability to reference a descriptor for control trans-
fer is also subject to rules of privilege. A CALL or
JUMP instruction may only reference a code seg-
ment descriptor with DPL equal to the task CPL or a
conforming segment with DPL of equal or greater
privilege than CPL. The RPL of the selector used to
reference the code descriptor must have as much
privilege as CPL.
RET and IRET instructions may only reference code
segment descriptors with descriptor privilege equal
to or less privileged than the task CPL. The selector
loaded into CS is the return address from the stack.
After the return, the selector RPL is the task’s new
CPL. If CPL changes, the old stack pointer is popped
after the return address.
When a JMP or CALL references a Task State Seg-
ment descriptor, the descriptor DPL must be the
same or less privileged than the task’s CPL. Refer-
ence to a valid Task State Segment descriptor caus-
es a task switch (see Task Switch Operation). Refer-
ence to a Task State Segment descriptor at a more
privileged level than the task’s CPL generates ex-
ception 13.
When an instruction or interrupt references a gate
descriptor, the gate DPL must have the same or less
privilege than the task CPL. If DPL is at a more privi-
leged level than CPL, exeception 13 occurs. If the
destination selector contained in the gate refer-
ences a code segment descriptor, the code seg-
ment descriptor DPL must be the same or more priv-
ileged than the task CPL. If not, Exception 13 is is-
sued. After the control transfer, the code segment
descriptors DPL is the task’s new CPL. If the desti-
nation selector in the gate references a task state
segment, a task switch is automatically performed
(see Task Switch Operation).
The privilege rules on control transfer require:
D JMP or CALL direct to a code segment (code
segment descriptor) can only be to a conforming
segment with DPL of equal or greater privilege
than CPL or a non-conforming segment at the
same privilege level.
D interrupts within the task or calls that may
change privilege levels, can only transfer control
through a gate at the same or a less privileged
level than CPL to a code segment at the same or
more privileged level than CPL.
D return instructions that don’t switch tasks can
only return control to a code segment at the
same or less privileged level.
D task switch can be performed by a call, jump or
interrupt which references either a task gate or
task state segment at the same or less privileged
level.
Table 10. Descriptor Types Used for Control Transfer
Control Transfer Types
Operation Types
Descriptor
Referenced
Descriptor
Table
Intersegment within the same privilege level
JMP, CALL, RET, IRET
*
Code Segment
GDT/LDT
Intersegment to the same or higher privilege level Interrupt
within task may change CPL.
CALL
Call Gate
GDT/LDT
Interrupt Instruction,
Exception, External
Interrupt
RET, IRET
*
Trap or
Interrupt
Gate
IDT
Intersegment to a lower privilege level (changes task CPL)
Code Segment
GDT/LDT
CALL, JMP
Task State
Segment
GDT
Task Switch
CALL, JMP
IRET
**
Interrupt Instruction,
Exception, External
Interrupt
Task Gate
GDT/LDT
Task Gate
IDT
*
NT (Nested Task bit of flag word)
e
0
**
NT (Nested Task bit of flag word)
e
1
17