CPU Modes Flashcards
The 2 CPU Modes
Kernel and User Mode
How are CPU modes implemented?
Using protection rings (privilege levels).
Lower numbered rings have higher privilege.
Why are protection rings needed?
- Fault isolation (handled in more privileged ring)
- Privileged instructions
- Privileged memory space
When is Kernel mode used?
- Faults are captured and handled by the kernel
- Issuing privileged instructions (i.e. disk I/O)
- Accessing kernel memory space
Privileged Instruction Examples
- I/O operations!!
- Enable/disable interrupts
- Changing from kernel to user mode
System Call
Call to the kernel to execute a privileged instruction
PC
Program Counter.
Register that stores the address of the instruction to be executed.
Incremented after fetching an instruction.
Can only be incremented by Kernel code.
Process for Linux System Call
- Privileged instruction is encountered (printf)
- System call type is stored in register (%eax = sys_write;)
- Interrupt is sent (0x80)
- Enters Kernel mode
- Interrupt code is used to look up handlers in IDT, Interrupt descriptor table
- Previously saved sys call is used to look up code in previously found handler table (syscalls[%eax])
- Needed code is run
What is interrupt code for a system call?
0x80
strace
Intercepts and records process’s system calls and the process’s received signals
ltrace
Intercepts and records executed process’s dynamic library calls and the process’s received signals
Hypervisor
VMM (Virtual Machine Monitor) that runs and manages virtual machines.
Has its own separate permission ring that has the highest privileges.
