next up previous contents Back to Operating Systems Home Page
Next: Process creation and execution Up: Process control and system Previous: Process control and system

Privileged execution modes

In order to perform effectively its process management tasks, an operating systems must control the execution of each process and ensure that all the information used for management purposes is protected from direct access by a process. Otherwise a process might ensue chaos by messing with OS data structures, possibly defeating the resource utilization policies the OS is supposed to enforce.

Furthermore, in order to ensure the correct execution of each process, a multitasking operating system must protect each process's private information (executable code, data, stack) from uncontrolled interferences from other processes. As remarked before, this is accomplished by suitably restricting the memory address space available to a process for reading/writing, so that the OS can regain CPU control through hardware-generated exceptions whenever a process violates those restrictions. At the same time, multitasking OS which offer inter-process communication facilities, provide these communication resources to all processes that need them, so they can ``interfere'' with each other in a controlled and fruitful fashion.

All the above implies that the OS code needs to execute in a privileged condition with respect to ``normal'': to manage processes, it needs to be enabled to execute operations which are forbidden to ``normal'' processes. The approach commonly followed to implement these privileges takes advantage of the fact that:

  1. Most modern CPUs have a subset of machine instructions that can be executed only in a ``supervisor'' (or ``protected'', or ``kernel'') mode, indicated by the the status of one or more of the PSW bits. Among the privileged instructions there may be the access to special registers, used as pointers to OS data structures, the execution of special memory management operations, the possibility to access the whole memory address space available to the CPU.
  2. A change of status from CPU ``normal'' (or ``user'') mode to ``supervisor'' mode can be accomplished only by means of hardware interrupts (e.g. timer, I/O) or by executing in software dedicated interrupt/trap/exceptions instructions.

The interruption mechanism needed to switch execution modes allows the enforcement of OS privileges in a simple and elegant way. In fact, each interruption (both HW or SW) generally causes the CPU to branch the execution flow to memory to a fragment of executable code (exception or interrupt handler) which:

  1. is not under the control of the currently executing process; indeed, it is often stored outside the process's own address space;
  2. is executed with the CPU in supervisor mode
Hence an application program cannot inadvertently mess with the OS code or data: the interrupt handler is part of the OS code, not of the application's, and the application cannot modify this code because it resides outside the application's own allowable address space. If it tried to, an exception would be trapped by the hardware, thus causing the OS to regain control by the above mechanism, and possibly remove the faulty process (incidentally, this is what causes a process-killer ``Segmentation Fault'' exception in UNIX).


next up previous contents Back to Operating Systems Home Page
Next: Process creation and execution Up: Process control and system Previous: Process control and system

Franco Callari