Information Technology Reference
In-Depth Information
that processes can indirectly change their privilege level by executing a special
instruction called a system call to transfer control into the kernel at a fixed loca-
tion specified by the operating system. Other than trapping into the operating
system kernel (that is, in effect, becoming the kernel) at these fixed locations,
an application process cannot be allowed to change its privilege level.
Other instructions are also prohibited to application code. The application
cannot be allowed to change the set of memory locations it can access; as we
will see shortly, limiting an application to being able to access only its own
memory is essential to preventing an application from either intentionally, or
accidentally, corrupting or misusing the data or code from other applications
or the operating system itself. Another limitation on applications is that they
cannot disable processor interrupts, for reasons that we we will also describe
shortly.
Instructions available in kernel-mode, but not in user-mode, are called, nat-
urally enough, privileged instructions . The operating system kernel needs to be
Definition: privileged
instructions
able to execute these instructions to be able to do its work | it needs to be
able to change privilege levels, adjust memory access, and disable and enable
interrupts. But if these instructions were available to applications, then a rogue
application would in effect have the power of the operating system kernel.
Thus, while application programs can use only a subset of the full instruction
set, the operating system executes in kernel-mode with the full power of the
hardware.
What happens if an application attempts to access memory it shouldn't or
attempts to change its privilege level? Such actions cause a processor exception.
Unlike taking an exception in a programming language where the exception is
handled by the language runtime, a processor exception causes the processor to
transfer control to an exception handler in the operating system kernel. (We
will describe in detail how exception handling works a bit later in the chapter,
as exceptions can occur for many reasons beyond privilege violations.) Usually,
the operating system kernel simply halts the process on privilege violations, as
it often means that the application's code has encountered a bug.
Memory protection
In order to run an application process, both the operating system and the
application must be resident in memory at the same time. The application
needs to be in memory in order to execute, while the operating system needs
to be in memory to be able to start the program, as well as to handle any
system calls, interrupts, or exceptions. More generally, there are often several
application processes with code and data stored in memory; for example, you
may read email, download songs, Skype, instant message, and browse the web
at the same time.
To make this memory sharing work, the operating system must be able to
