Dual Mode Execution

Motivation

• OS: manages and abstracts hardware resources
• benefits of abstraction: ease of use (illusionist), common interface (glue), and managed access (referee)
• must prevent processes from violating its management, how does the OS do that?
• monitor user instructions & memory accesses
• does every instruction need to be monitored?
• does every memory access need to be monitored?
• how can it be done efficiently?

Protection Rings

• suppored by hardware
• current privilege level shown by the lower 2 bits of the cs register


• ring 0 (kernel mode)
• where the kernel code executes
• access to privileged instructions
• e.g. pausing processor, update virtual memory mappings, I/O related (move data from I/O port, disable interrupts)
• access to all mapped virtual memory
• ring 1 & 2
• where device drivers execute
• can only access non-privileged instructions & some I/O sensitive instructions
• access to all mapped virtual memory
• ring 3 (user mode)
• where the user code executes
• can only access non-privileged instructions
• most instructions (add, mov, call, ret)
• can only access virtual memory mapped with user permission

Types of Mode Transfer

• exception (synchronous)
• a problem caused by the current instruction
• e.g. divide by zero, null pointer access, segmentation fault, execute privileged instruction
• processes will be terminated (for all the examples above)
• depending on the exception, processes may resume on the faulting instruction
• if the kernel knows how to handle the exception
• system call (synchronous)
• processes requesting kernel services process (e.g. open, close, read, write)
• syscall, sysret: instruction to enter/exit the kernel for a system call
• a process resumes at the next instruction upon a syscall return, why?
• interrupt (asynchronous)
• hardware events/notifications, often time sensitive
• e.g. I/O completion (disk write completed, packet arrived), timer interrupt, keyboard input
• unrelated to the current instruction
• interrupt is checked and handled before the current instruction is executed
• resumes on the current instruction since it was interrupted
• who executes the kernel code when a mode switch occurs?
• the current running process that transferred into the kernel
• once inside the kernel, a process can only execute the kernel code
• how is this done?
• upon a user to kernel mode switch, %rip is set to kernel code by hardware