Architectural Support for System Protection

Tom Kelliher, CS42

Sept. 9, 1996

The Need for System Protection


What needs protection:

What developments made this protection necessary?

Protection Mechanisms

  1. Dual mode operation.
  2. Privileged I/O instructions.
  3. Memory protection mechanisms.
  4. Interval timers.

Dual Mode Operation

CPU operates in two or more states:

  1. Supervisor mode
  2. User mode

Examples of privileged instructions:

  1. I/O instructions.
  2. Halt.
  3. Reset.
  4. Mask interrupts.
  5. Set interval timer.
  6. Set status. Read status?
  7. Modify page table registers.

Differences, similarities between interrupts, traps, system calls?

Schema of System operation:

  1. System powered on; in supervisor mode.
  2. System boots, kernel initializes, still in supervisor mode.
  3. System enters user mode to run user threads.

Should there be a user mode instruction to enter supervisor mode?

How can supervisor mode be re-entered?

Memory Protection

Prevent thread from scribbling on arbitrary memory locations.


  1. Bounds registers: How does it work?

    What needs to be done on a context switch?

  2. Virtual memory --- threads run in individual ``virtual'' address spaces.

    Virtual address space mapped onto subset of physical address space:

Interval Timers

What prevents a thread from grabbing the CPU and not relinquishing it?

Interval timer, interrupt. On context switch:

  1. Set interval time.
  2. Run user thread.
  3. Timer interrupt generated on timer expiration.
  4. Run timer interrupt handler.

Used to:

Syscall Mechanism

How does a process perform I/O if it's a privileged operation?


Unix has an abstraction of the interrupt, called a signal. A user program can install its own signal handler. Interrupt handlers always run in supervisor mode. Should a signal handler run in supervisor mode? (Consider the consequences.)

Thomas P. Kelliher
Fri Sep 6 10:58:51 EDT 1996
Tom Kelliher