Crossing Protection Boundaries
For a user to do something “privileged” (e.g., I/O) it must call an OS procedure.
How does a user-mode program call a kernel-mode service?
There must be a system call instruction:
- causes an exception, which vectors to a kernel handler
- passes a parameter, saying which system routine to call
- saves caller’s state (PC, mode bit) so it can be restored
- arch must permit os to verify caller’s parameters
- must provide a way to return to user mode when done