Call gate

Call gate

A call gate (or callgate) is a mechanism in Intel's x86 architecture for changing the privilege level of the CPU when it executes a predefined function call using a CALL FAR instruction.

Overview

Call gates are intended to allow less privileged code to call code with a higher privilege level. This type of mechanism is essential in modern operating systems that employ memory protection since it allows user applications to use kernel functions and system calls in a way that can be controlled by the operating system.

Call gates use a special selector value to reference a descriptor accessed via the Global Descriptor Table or the Local Descriptor Table, which contains the information needed for the call across privilege boundaries. This is similar to the mechanism used for interrupt gates.

Security issues

To preserve system security, the Global Descriptor Table should be held in protected memory, otherwise any program will be able to create its own call gate and use it to raise its privilege level. Call gates have sometimes been used as a vector for software security exploits, when ways have been found around this protection. One example of this is the E-mail worm "Gurong.A" written to exploit the Microsoft Windows operating system, which uses DevicePhysicalMemory to install a call gate.

How to use

Assuming a call gate has been set up already by the operating system kernel, code simply does a CALL FAR (LCALL in AT&T syntax) with the necessary segment selector (the offset field is ignored). The processor will perform a number of checks to make sure the entry is valid and the code was operating at sufficient privilege to use the gate. Assuming all checks pass, a new CS/EIP is loaded from the segment descriptor, and continuation information is pushed onto the stack of the new privilege level (old SS, old ESP, old CS, old EIP in that order). Parameters may also be copied from the old stack to the new stack if needed. The number of parameters to copy is located in the call gate descriptor.

The kernel may return to the user space program by using a RET FAR (LRET) instruction which pops the continuation information off the stack and returns to the outer privilege level.

For information on the exact format of the call gate descriptor, please see the IA-32 manuals.

Modern use

Modern X86 operating systems are transitioning away from CALL FAR callgates. With the introduction of SYSENTER/SYSEXIT and SYSCALL/SYSRET, a new faster mechanism was introduced for control transfers for x86 programs. And as most other architectures do not support call gates, their use was rare even before these new instructions as software interrupts/traps were preferred for portability.

It should be noted that call gates are more flexible than the SYSENTER/SYSEXIT and SYSCALL/SYSRET instructions since unlike the latter two, call gates allow for changing from an arbitrary privilege level to an arbitrary privilege level. The fast SYS* instruction only allow control transfers from ring 3->0 and vice versa. Upon comparing call gates to interrupts, call gates are significantly faster.

See also

* Computer insecurity
* Software interrupt
* Interrupt gate
* System call
* SYSCALL instruction
* Global Descriptor Table

External links

* [http://www.windowsitlibrary.com/Content/356/10/1.html Using callgates to execute privileged code]
* [http://www.f-secure.com/v-descs/gurong_a.shtml F-Secure Virus Information Pages: Gurong.A]


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Call of Duty: World at War — North American cover Developer(s) Treyarch Certain Affinity (some multiplayer maps a …   Wikipedia

  • Call of Duty: Black Ops II — Call of Duty: Black Ops 2 Разработчик …   Википедия

  • Gate of Alchemy — The Gate of Alchemy is a fictional metaphysical construct integral to the plot of the anime/manga series Fullmetal Alchemist, referred to as the Doors of Truth in the manga or simply The Gate in the anime. The Gate/Doors is the source of all… …   Wikipedia

  • Gate Keepers — Infobox animanga/Header name = Gate Keepers caption = The Playstation Gate Keepers A.E.G.I.S. cast ja name = ゲートキーパーズ ja name trans = genre = Adventure, Comedy, Fantasy, Science FictionInfobox animanga/Manga title = author = Keiji Gotoh (art)… …   Wikipedia

  • Call of Duty: World at War — Para el videojuego de PlayStation 2, véase Call of Duty: World at War Final Fronts. Para el videojuego de Nintendo DS, véase Call of Duty: World at War (Nintendo DS). Call of Duty: World at War …   Wikipedia Español

  • gate — 01. If you don t close the [gate], the dog will get out of the yard. 02. The house was surrounded by a fence with a huge iron [gate]. 03. Before entering the military base, you have to check in at the [gate]. 04. Attention all passengers on… …   Grammatical examples in English

  • Gate of Tears — Bab el Mandeb Strait linking Gulf of Aden and Indian Ocean with the Red Sea; many sailors call it Gate of Hell because of its desert heated winds …   Eponyms, nicknames, and geographical games

  • gate-hold procedures — A procedure at selected airports that holds aircraft at the gate, or another ground location, whenever a departure delay exceeds or is expected to exceed 15 min. The sequence for departure is maintained in accordance with the initial call up… …   Aviation dictionary

  • System call — In computing, a system call is the mechanism used by an application program to request service from the kernel. Background A system call is a request made by any arbitrary program to the kernel for performing tasks picked from a predefined set… …   Wikipedia

  • Squires Gate F.C. — Football club infobox clubname = Squires Gate FC imagesize = 200px fullname = Squires Gate Football Club nickname = Gate founded = 1948 (as Squires Gate British Legion) ground = School Road, Squires Gate, Blackpool capacity = 1,000 chairman =… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”