Restriction of Procedure Entry Points

To achieve transfer of control between procedures on different privilege levels, a special descriptor type called a gate is provided. Programs wishing to transfer control call the gate by specifying the segment base address of the gate, rather than transferring control directly to the required procedure. Under OS/2 Version 2.0, where a single segment is used to implement the flat memory model, the gate is called by specifying its offset within the process address space.

The four types of gates are CALL gates, TASK gates, INTR (Interrupt) gates, and TRAP gates. The routine invoked when the gate is called simply redirects control to a new address which contains the privileged routine to be executed.

From the program's point of view, this is no different from transferring control to another code segment, since the calling instruction simply regards the gate as another procedure. However, it effectively isolates the calling procedure from the called procedure, and since only the entry point address of the gate is supplied in the calling instruction, the calling procedure has no access to any point other than the defined entry point of the called procedure.

Calls are verified to ensure that they satisfy two conditions:

  • The call must enter the called procedure at the beginning of that procedure; this is normally ensured by the gate descriptor itself, which supplies the necessary offset to the entry point.

  • The privilege level of the called procedure must be the same as that of the gate descriptor.


    [Back: Privilege Levels]
    [Next: Reserved Instructions]