Intel ITANIUM ARCHITECTURE - SOFTWARE DEVELOPERS MANUAL VOLUME 1 REV 2.3 Manual page 1351

CALL—Call Procedure (Continued)
When executing a near call, the operand-size attribute determines the size of the target
operand (16 or 32 bits) for absolute addresses. Absolute addresses are loaded directly
into the EIP register. When a relative offset is specified, it is added to the value of the
EIP register. If the operand-size attribute is 16, the upper two bytes of the EIP register
are cleared to 0s, resulting in a maximum instruction pointer size of 16 bits. The CS
register is not changed on near calls.
When executing a far call, the processor pushes the current value of both the CS and
EIP registers onto the procedure stack for use as a return-instruction pointer. The
processor then performs a far jump to the code segment and address specified with the
target operand for the called procedure. Here the target operand specifies an absolute
far address either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a
memory location (m16:16 or m16:32). With the pointer method, the segment and
address of the called procedure is encoded in the instruction using a 4-byte (16-bit
operand size) or 6-byte (32-bit operand size) far address immediate. With the indirect
method, the target operand specifies a memory location that contains a 4-byte (16-bit
operand size) or 6-byte (32-bit operand size) far address. The operand-size attribute
determines the size of the offset (16 or 32 bits) in the far address. The far address is
loaded directly into the CS and EIP registers. If the operand-size attribute is 16, the
upper two bytes of the EIP register are cleared to 0s.
Any far call from a 32-bit code segment to a 16-bit code segment should be made from
the first 64 Kbytes of the 32-bit code segment, because the operand-size attribute of
the instruction is set to 16, allowing only a 16-bit return address offset to be saved.
Also, the call should be made using a 16-bit call gate so that 16-bit values will be
pushed on the stack.
When the processor is operating in protected mode, a far call can also be used to
access a code segment at a different privilege level or to switch tasks. Here, the
processor uses the segment selector part of the far address to access the segment
descriptor for the segment being jumped to. Depending on the value of the type and
access rights information in the segment selector, the CALL instruction can perform:
• A far call to the same privilege level (described in the previous paragraph).
• An far call to a different privilege level. Results in an IA-32_Intercept(Gate) in
Itanium System Environment.
• A task switch. Results in an IA-32_Intercept(Gate) in Itanium System
Environment.
When executing an inter-privilege-level far call, the code segment for the procedure
being called is accessed through a call gate. The segment selector specified by the
target operand identifies the call gate. In executing a call through a call gate where a
change of privilege level occurs, the processor switches to the stack for the privilege
level of the called procedure, pushes the current values of the CS and EIP registers and
the SS and ESP values for the old stack onto the new stack, then performs a far jump to
the new code segment. The new code segment is specified in the call gate descriptor;
the new stack segment is specified in the TSS for the currently running task. The jump
to the new code segment occurs after the stack switch. On the new stack, the processor
pushes the segment selector and stack pointer for the calling procedure's stack, a set of
parameters from the calling procedures stack, and the segment selector and instruction
pointer for the calling procedure's code segment. (A value in the call gate descriptor
determines how many parameters to copy to the new stack.)
Finally, the processor jumps to the address of the procedure being called within the new
code segment. The procedure address is the offset specified by the target operand.
Here again, the target operand can specify the far address of the call gate and
procedure either directly with a pointer (ptr16:16 or ptr16:32) or indirectly with a
memory location (m16:16 or m16:32).
Volume 4: Base IA-32 Instruction Reference 4:49