Call Gates - Intel Quark SoC X1000 Core Developer's Manual

Protected Mode Architecture—Intel
The privilege rules require that:
• Privilege level transitions can only occur via gates.
• JMPs can be made to a non-conforming code segment with the same privilege or to
a conforming code segment with greater or equal privilege.
• CALLs can be made to a non-conforming code segment with the same privilege or
via a gate to a more privileged level.
• Interrupts handled within the task obey the same privilege rules as CALLs.
• Conforming code segments are accessible by privilege levels that are the same or
less privileged than the conforming-code segment's DPL.
• Both the requested privilege level (RPL) in the selector pointing to the gate and the
task's CPL must be of equal or greater privilege than the gate's DPL.
• The code segment selected in the gate must be the same or more privileged than
the task's CPL.
• Return instructions that do not switch tasks can only return control to a code
segment with the same or less privilege.
• Task switches can be performed by a CALL, JMP, or INT that references either a
task gate or task state segment who's DPL is less privileged or the same privilege
as the old task's CPL.
Any control transfer that changes CPL within a task causes a change of stacks as a
result of the privilege level change. The initial values of SS:ESP for privilege levels 0, 1,
and 2 are retained in the task state segment (see
control transfer, the new stack pointer is loaded into the SS and ESP registers and the
previous stack pointer is pushed onto the new stack.
When returning to the original privilege level, use of the lower-privileged stack is
restored as part of the RET or IRET instruction operation. For subroutine calls that pass
parameters on the stack and cross privilege levels, a fixed number of words (as
specified in the gate's word count field) are copied from the previous stack to the
current stack. The inter-segment RET instruction with a stack adjustment value
correctly restores the previous stack pointer upon return.
6.3.5

Call Gates

Gates provide protected, indirect CALLs. One of the major uses of gates is to provide a
secure method of privilege transfers within a task. Because the operating system
defines all of the gates in a system, it can ensure that all gates allow entry into a few
trusted procedures only (such as those that allocate memory or perform I/O).
Gate descriptors follow the data access rules of privilege; that is, gates can be accessed
by a task if the EPL is equal to or more privileged than the gate descriptor's DPL. Gates
follow the control transfer rules of privilege and therefore may only transfer control to a
more privileged level.
Call Gates are accessed via a CALL instruction and are syntactically identical to calling a
normal subroutine. When an inter-level Intel
activated, the following actions occur.
1. Load CS:EIP from gate check for validity.
2. SS is pushed zero-extended to 32 bits.
3. ESP is pushed.
4. Copy Word Count 32-bit parameters from the old stack to the new stack.
5. Push Return address on stack.
October 2013
Order Number: 329679-001US
®
Quark Core
Section 6.3.6). During a JMP or CALL
®
Quark SoC X1000 Core call gate is
®
Intel Quark SoC X1000 Core
Developer's Manual
87