The Global Descriptor Table (GDT) is one of the most critical data structures in the x86 architecture. It serves as the system-wide repository of segment descriptors—the fundamental building blocks that define how memory is organized, protected, and accessed in protected mode.

Every memory access in protected mode (and even in 64-bit long mode) ultimately references the GDT. When a segment register is loaded with a selector, the processor uses that selector as an index into the GDT to retrieve the corresponding descriptor. The GDT is not merely a software construct—it is a hardware-mandated structure that the processor itself reads and interprets.

Understanding the GDT is essential for anyone working with operating system internals, bootloader development, hypervisors, or low-level security. Without a properly configured GDT, protected mode operation is simply impossible.

The Global Descriptor Table serves as the central registry of segments that are available to all tasks (processes) in the system. Unlike the Local Descriptor Table (LDT), which can be different for each process, the GDT is system-wide—there is exactly one active GDT at any time, shared by all code running on the processor.

What the GDT Contains:

The GDT is an array of 8-byte segment descriptors. Each descriptor defines a memory segment's:

• Base Address: Where the segment starts in linear address space
• Limit: How large the segment is (in bytes or 4KB pages)
• Access Rights: Permissions (read, write, execute) and type (code, data, system)
• Privilege Level: The ring (0-3) required to access this segment

The processor uses segment selectors (loaded into segment registers like CS, DS, SS) to index into the GDT and retrieve these descriptors.

Why "Global"?

The term "global" indicates that this table is visible to all tasks. In contrast, each task can have its own Local Descriptor Table (LDT) containing task-specific segments. However, the GDT:

• Is always present and accessible
• Contains system segments (TSS, LDT descriptors) that must be globally available
• Usually contains the kernel code and data segments used by the operating system
• Must contain at least a null descriptor at index 0

The Mandatory Null Descriptor:

The first entry (index 0) in the GDT is always a null descriptor—8 bytes of zeros. This is not optional; the processor requires it. If a segment register contains selector 0x0000, this references the null descriptor, and any attempt to use that segment for memory access will generate a General Protection Fault.

This null descriptor serves as a safety mechanism: uninitialized segment registers (containing 0) will cause immediate, predictable faults rather than unpredictable memory corruption.

The GDT is simply a contiguous array of 8-byte segment descriptors stored in memory. It can be located anywhere in the linear address space—there's no fixed location. The processor learns the GDT's location and size from a special register called the GDT Register (GDTR).

The GDTR Register:

The GDTR is a 48-bit (6-byte) register containing:

• Limit (16 bits): The size of the GDT in bytes minus 1
• Base (32 bits): The linear base address of the GDT

Since each descriptor is 8 bytes and the limit is a 16-bit value, the maximum GDT size is 65,536 bytes, allowing for up to 8,192 descriptors (2^16 / 8 = 8,192).

Loading and Storing the GDTR:

Two special privileged instructions manage the GDTR:

• LGDT (Load GDT): Loads a new base and limit into the GDTR from a memory operand. This instruction is privileged (Ring 0 only).
• SGDT (Store GDT): Stores the current GDTR contents to memory. This instruction is NOT privileged—any code can execute it.

The ability for unprivileged code to read the GDT location via SGDT has been a source of security concerns (e.g., the "Red Pill" technique for detecting virtual machines). Modern systems sometimes take countermeasures against this.

To access a descriptor in the GDT, the processor uses a segment selector—a 16-bit value loaded into a segment register. The selector is not a simple byte offset; it encodes three distinct pieces of information.

Selector Format:

The Index-to-Offset Calculation:

To convert a selector to a byte offset in the GDT:

Byte Offset = (Selector & 0xFFF8)

Alternatively:

Byte Offset = Index × 8

Since the index field occupies bits 15-3, masking with 0xFFF8 clears the TI and RPL bits, leaving just the byte offset (since index × 8 equals the same as shifting left by 3 bits, which the encoding already provides).

Table Indicator (TI) Behavior:

The TI bit determines which descriptor table the processor consults:

• TI = 0: The processor fetches the descriptor from the GDT
• TI = 1: The processor fetches the descriptor from the current task's LDT

The active LDT is determined by the LDT Register (LDTR), which itself contains a selector pointing to an LDT descriptor in the GDT. This creates a two-level hierarchy: the GDT contains the LDT descriptor, which points to the LDT, which contains task-specific segment descriptors.

The GDT can contain several types of descriptors, categorized by the S (descriptor type) bit in the access byte:

• Code/Data Segments (S=1): Normal memory segments for program code and data
• System Segments (S=0): Special segments for processor mechanisms (TSS, LDT, gates)

Code and Data Segment Descriptors (S=1):

When S=1, the descriptor defines a code or data segment. The E (Executable) bit distinguishes:

• E=0: Data segment (can be read, optionally written)
• E=1: Code segment (can be executed, optionally read)

System Segment Descriptors (S=0):

When S=0, the descriptor defines a system object. These are critical for protected mode operation:

While the GDT can theoretically hold 8,192 entries, practical implementations use far fewer. A typical operating system GDT contains:

• Null Descriptor (index 0): Required by the processor
• Kernel Code Segment (index 1): Ring 0 executable segment
• Kernel Data Segment (index 2): Ring 0 read/write segment
• User Code Segment (index 3): Ring 3 executable segment
• User Data Segment (index 4): Ring 3 read/write segment
• TSS Descriptor (index 5): For ring transitions and interrupt handling

Flat Memory Model Configuration:

Modern operating systems use a flat memory model where all segments have:

• Base = 0: Segment starts at linear address 0
• Limit = 0xFFFFF with G=1: Segment spans the entire 4 GB address space

This effectively disables segmentation's memory partitioning while retaining privilege-level protection.

Why Kernel and User Segments Have the Same Base/Limit:

In the flat memory model, both kernel (Ring 0) and user (Ring 3) segments have identical base (0) and limit (4GB) settings. This might seem to defeat the purpose of protection, but the protection comes from:

1. Privilege Levels (DPL): Even with identical memory ranges, Ring 3 code cannot load Ring 0 selectors
2. Paging: The real memory protection comes from page tables, which mark pages as supervisor-only or user-accessible
3. Type Separation: Code segments are in code descriptors, data in data descriptors

The GDT in a flat model primarily serves to:

• Establish the privilege levels for kernel vs. user code
• Provide the TSS for ring transition stack switching
• Maintain compatibility with the protected mode architecture

In multiprocessor (SMP) systems, GDT management becomes more complex. While the GDT can theoretically be shared among all CPUs, practical considerations often lead to per-CPU GDT copies.

Why Per-CPU GDTs?

1. TSS Requirements: Each CPU needs its own Task State Segment (TSS) for ring transition stack pointers. Since the TSS descriptor is in the GDT, each CPU needs its own GDT entry.

2. FS/GS Base Optimization: Some architectures use per-CPU data accessed via FS or GS segments with different bases per CPU.

3. Cache Performance: Each CPU has its own cache; if all CPUs share a GDT, cache coherency traffic increases.

4. Isolation: A corrupted GDT affects only one CPU if GDTs are per-CPU.

Linux's Approach:

Linux uses per-CPU GDTs. The cpu_gdt_descr array contains the GDTR value for each CPU, and gdt_page contains the actual GDT. During CPU initialization, each processor loads its own GDT.

Key GDT entries in Linux include:

• GDT_ENTRY_KERNEL32_CS: 32-bit kernel code segment
• GDT_ENTRY_KERNEL_CS: 64-bit kernel code segment (x86-64)
• GDT_ENTRY_KERNEL_DS: Kernel data segment
• GDT_ENTRY_DEFAULT_USER32_CS: User code segment (32-bit compat)
• GDT_ENTRY_DEFAULT_USER_CS: User code segment (64-bit)
• GDT_ENTRY_DEFAULT_USER_DS: User data segment
• GDT_ENTRY_TSS: Task State Segment
• GDT_ENTRY_PERCPU: Per-CPU data segment

When x86-64 processors operate in 64-bit long mode, the GDT remains required but its role changes significantly. Most segmentation features are disabled or ignored, but the GDT still serves critical functions.

What Changes in Long Mode:

64-bit System Descriptors:

In long mode, system segment descriptors (TSS and LDT) expand from 8 bytes to 16 bytes to accommodate 64-bit base addresses. This means they occupy two GDT slots:

64-bit TSS Descriptor (16 bytes):
┌─────────────────────┐
│ Bytes 0-7           │  Standard 8-byte format (base bits 0-23, limit, access)
├─────────────────────┤
│ Bytes 8-11          │  Base bits 32-63
├─────────────────────┤
│ Bytes 12-15         │  Reserved (must be zero)
└─────────────────────┘

The selector for a 64-bit TSS still indexes the first 8 bytes; the processor automatically reads the following 8 bytes as part of the descriptor.

We've conducted an in-depth exploration of the Global Descriptor Table—the central data structure that defines how segment selectors map to memory segment attributes in protected mode.

What's Next:

With the GDT established as the global segment repository, we'll examine its complement: the Local Descriptor Table (LDT). While rarely used in modern operating systems, the LDT provides per-process segment definitions and offers insights into the original segmentation vision of the x86 architecture.