Information Technology Reference
In-Depth Information
The processor status register and privilege levels
Conceptually, the kernel/user mode is a one bit register. When set to 1, the processor
is in kernel mode and can do anything. When set to 0, the processor is in user mode
and is restricted. On most processors, the kernel/user mode is stored in the processor
status register. This register contains flags that control the operation of the processor.
The register is typically not directly accessible to application code. Rather, flags are
set or reset as a by product of executing instructions. For example, the status register
is automatically saved to memory by hardware during an interrupt, because executing
instructions during the interrupt will overwrite its contents.
The kernel/user mode bit is one flag in the processor status register, set whenever the
kernel is entered and reset whenever the kernel is exited. Other flags include condition
codes, set as a side effect of arithmetic operations, to allow a more compact encoding
of conditional branch instructions. Still other flags can specify whether the processor is
executing with 16-bit, 32-bit, or 64-bit addresses. The specific contents of the processor
status register is processor architecture dependent.
Some processor architectures, including the Intel x86, support more than two privi-
lege levels in the processor status register (the x86 supports four privilege levels). The
original reason for this was to allow the operating system kernel to be separated into
layers: a core with unlimited access to the machine, while other portions of the op-
erating system would be restricted from certain operations, but with more power than
completely unprivileged application code. This way, bugs in one part of the operating
system kernel might not crash the entire system. However, to our knowledge, neither
MacOS, Windows, nor Linux make use of this feature.
A potential future use for multiple privilege levels is to simplify running an operating
system as an application, or virtual machine, on top of another operating system. Appli-
cations running on top of the virtual machine operating system would run at user-level,
the virtual machine would run at some intermediate level, while the true kernel would
run in kernel-mode. Of course, with only four levels, this doesn't work for a virtual ma-
chine running on a virtual machine running on a virtual machine. For the purposes of
our discussion, we will assume the simpler case of two levels of hardware protection.
