Information Technology Reference
In-Depth Information
At a minimum, this common sequence must provide:
Limited entry. To transfer control to the operating system kernel, the
hardware must ensure that the entry point into the kernel is one set up by
the kernel. User programs cannot be allowed to jump to arbitrary locations
in the kernel. For example, the kernel code for handling a system call to
read a file will first check whether the user program has permission to do
so, and if not, the kernel should return an error. Without limited entry
points into the kernel, a malicious program could simply jump immediately
after the code to perform the check, allowing any user access to any file
in the file system.
Atomic changes to processor state. In user mode, the program
counter and stack point to memory locations in the user process; memory
protection prevents the user process from accessing any memory outside
of its region. In kernel mode, the program counter and stack point to
memory locations in the kernel; memory protection is changed to allow
the kernel to access both its own data and that of the user process. Tran-
sitioning between the two must be done atomically, so that the mode,
program counter, stack, and memory protection are all changed at the
same time.
Transparent, restartable execution. A running user-level process may
be interrupted at any point, between any instruction and the next one. For
example, the processor could have calculated a memory address, loaded
it into a register, and be about to store a value to that address. The key
to making interrupts work is that the operating system must be able to
restore the state of the user program exactly as it was before the interrupt
occurred. To the user process, an interrupt is invisible, except that the
program temporarily slows down. A \hello world" program does not need
to be written to understand interrupts! But an interrupt might still occur
while it is running. Thus, on an interrupt, the processor saves its current
state to memory, temporarily defers further events, and sets the processor
to execute in kernel-mode, before jumping to the interrupt or exception
handler. When the handler completes, the steps are reversed: the proces-
sor state is restored from its saved location, with the interrupted program
none the wiser.
With that context, we first describe the hardware and software mechanism
for handling an interrupt, exception, or trap, followed by how we can reuse
this same basic mechanism as a building block for system calls, starting a new
process, and user-level signals.
