In order to perform effectively its process management tasks, an operating systems must control the execution of each process and ensure that all the information used for management purposes is protected from direct access by a process. Otherwise a process might ensue chaos by messing with OS data structures, possibly defeating the resource utilization policies the OS is supposed to enforce.
Furthermore, in order to ensure the correct execution of each process, a multitasking operating system must protect each process's private information (executable code, data, stack) from uncontrolled interferences from other processes. As remarked before, this is accomplished by suitably restricting the memory address space available to a process for reading/writing, so that the OS can regain CPU control through hardware-generated exceptions whenever a process violates those restrictions. At the same time, multitasking OS which offer inter-process communication facilities, provide these communication resources to all processes that need them, so they can ``interfere'' with each other in a controlled and fruitful fashion.
All the above implies that the OS code needs to execute in a privileged condition with respect to ``normal'': to manage processes, it needs to be enabled to execute operations which are forbidden to ``normal'' processes. The approach commonly followed to implement these privileges takes advantage of the fact that:
The interruption mechanism needed to switch execution modes allows the enforcement of OS privileges in a simple and elegant way. In fact, each interruption (both HW or SW) generally causes the CPU to branch the execution flow to memory to a fragment of executable code (exception or interrupt handler) which: