[Next] [Up] [Previous]

Restricted Functionality

In previous sections, the topic of machine operation in supervisor mode has only been touched on in connection with explanations of the overall architecture of the machine. The same is true even of the facilities provided to nonprivileged programs in ring 0 to perform memory management tasks for child processes. These facilities will now be explained in detail in this section.

Common to both of these facilities is, of course, that they rely upon the process which uses them having a higher level of privilege than most other processes running on the system. For a restriction on privilege to be effective, processes must not be able to increase their own privilege at will. However, neither can it be true that privilege, once lost, is a thing that can never be regained, as this would cause, for example, a computer to permanently lose its ability to perform input-output, at least until it is turned off.

The solution to that which is generally employed in computers is, however, well known.

An interrupt, trap, or supervisor call is permitted to place the computer in a state having higher privilege than it was in when the interrupt, trap, or supervisor call occurred, because the location of the program code to be executed with the higher privilege is specified in an area of memory that cannot be altered by non-privileged programs.

The effective result of this, under normal circumstances, is that although a non-privileged program cannot increase its own privilege, it can relinquish control to, or be deprived of control by, a more privileged program, thus allowing the computer to increase the level of privilege at which it is running without a program being able to do this for itself.

In this chapter, we will examine the facilities provided by this architecture for privileged operations, and the manner in which the interrupt mechanism works.

[Next] [Up] [Previous]