CPU modes
Encyclopedia
CPU modes are operating modes for the central processing unit
of some computer architecture
s that place restrictions on the type and scope of operations that can be performed by certain process
es being run by the CPU. This design allows the operating system
to run with more privileges than application software
.
Ideally, only highly-trusted kernel
code is allowed to execute in the unrestricted mode; everything else (including non-supervisory portions of the operating system) runs in a restricted mode and must use a system call
to request the kernel perform on its behalf any operation that could damage or compromise the system, making it impossible for untrusted programs to alter or damage other programs (or the computing system itself).
In practice, however, system call
s take time and can hurt the performance of a computing system, so it is not uncommon for system designers to allow some time-critical software (especially device driver
s) to run with full kernel privileges.
Multiple modes can be implemented—allowing a hypervisor
to run multiple operating system supervisors beneath it, which is the basic design of many virtual machine
systems available today.
In kernel mode, the CPU may perform any operation allowed by its architecture; any instruction may be executed, any I/O operation initiated, any area of memory accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically, certain instructions are not permitted (especially those—including I/O operations—that could alter the global state of the machine), some memory areas cannot be accessed, etc. User-mode capabilities of the CPU are typically a subset of those available in kernel mode but in some cases, such as hardware emulation of non-native architectures, they may be significantly different from those available in standard kernel mode.
Some CPU architectures support multiple user modes, often with a hierarchy of privileges. These architectures are often said to have ring-based security
, wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the center. Multics
hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the Intel 80286
protected mode
, and the IA-64 as well, though it is referred to by a different name in these cases.
Mode protection may extend to resources beyond the CPU hardware itself. Hardware registers track the current operating mode of the CPU, but additional virtual-memory
registers, page-table
entries, and other data may track mode identifiers for other resources. For example, a CPU may be operating in Ring 0 as indicated by a status word in the CPU itself, but every access to memory may additionally be validated against a separate ring number for the virtual-memory segment targeted by the access, and/or against a ring number for the physical page (if any) being targeted. This has been demonstrated with the PSP handheld system.
For details about interoperation between CPU and OS levels of abstraction, see the dedicated section in the Ring (computer security)
article.
Hardware that supports the Popek and Goldberg virtualization requirements
makes writing software to efficiently support a virtual machine much simpler. Such a system can run software that "believes" it is running in supervisor mode, but is actually running in user mode.
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...
of some computer architecture
Computer architecture
In computer science and engineering, computer architecture is the practical art of selecting and interconnecting hardware components to create computers that meet functional, performance and cost goals and the formal modelling of those systems....
s that place restrictions on the type and scope of operations that can be performed by certain process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
es being run by the CPU. This design allows the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
to run with more privileges than application software
Application software
Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. Many application programs deal principally with...
.
Ideally, only highly-trusted kernel
Kernel (computing)
In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources...
code is allowed to execute in the unrestricted mode; everything else (including non-supervisory portions of the operating system) runs in a restricted mode and must use a system call
System call
In computing, a system call is how a program requests a service from an operating system's kernel. This may include hardware related services , creating and executing new processes, and communicating with integral kernel services...
to request the kernel perform on its behalf any operation that could damage or compromise the system, making it impossible for untrusted programs to alter or damage other programs (or the computing system itself).
In practice, however, system call
System call
In computing, a system call is how a program requests a service from an operating system's kernel. This may include hardware related services , creating and executing new processes, and communicating with integral kernel services...
s take time and can hurt the performance of a computing system, so it is not uncommon for system designers to allow some time-critical software (especially device driver
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
s) to run with full kernel privileges.
Multiple modes can be implemented—allowing a hypervisor
Hypervisor
In computing, a hypervisor, also called virtual machine manager , is one of many hardware virtualization techniques that allow multiple operating systems, termed guests, to run concurrently on a host computer. It is so named because it is conceptually one level higher than a supervisory program...
to run multiple operating system supervisors beneath it, which is the basic design of many virtual machine
Virtual machine
A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software emulation or hardware virtualization or both together.-VM Definitions:A virtual machine is a software...
systems available today.
Mode types
At a minimum, any CPU architecture supporting protected execution will offer two distinct operating modes; at least one of the modes must allow completely unrestricted operation of the processor. The unrestricted mode is often called kernel mode, but many other designations exist (master mode, supervisor mode, privileged mode, supervisor state, etc.). Restricted modes are usually referred to as user modes, but are also known by many other names (slave mode, user mode, problem state, etc.).In kernel mode, the CPU may perform any operation allowed by its architecture; any instruction may be executed, any I/O operation initiated, any area of memory accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically, certain instructions are not permitted (especially those—including I/O operations—that could alter the global state of the machine), some memory areas cannot be accessed, etc. User-mode capabilities of the CPU are typically a subset of those available in kernel mode but in some cases, such as hardware emulation of non-native architectures, they may be significantly different from those available in standard kernel mode.
Some CPU architectures support multiple user modes, often with a hierarchy of privileges. These architectures are often said to have ring-based security
Ring (computer security)
In computer science, hierarchical protection domains, often called protection rings, are a mechanism to protect data and functionality from faults and malicious behaviour . This approach is diametrically opposite to that of capability-based security.Computer operating systems provide different...
, wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the center. Multics
Multics
Multics was an influential early time-sharing operating system. The project was started in 1964 in Cambridge, Massachusetts...
hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the Intel 80286
Intel 80286
The Intel 80286 , introduced on 1 February 1982, was a 16-bit x86 microprocessor with 134,000 transistors. Like its contemporary simpler cousin, the 80186, it could correctly execute most software written for the earlier Intel 8086 and 8088...
protected mode
Protected mode
In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units...
, and the IA-64 as well, though it is referred to by a different name in these cases.
Mode protection may extend to resources beyond the CPU hardware itself. Hardware registers track the current operating mode of the CPU, but additional virtual-memory
Virtual memory
In computing, virtual memory is a memory management technique developed for multitasking kernels. This technique virtualizes a computer architecture's various forms of computer data storage , allowing a program to be designed as though there is only one kind of memory, "virtual" memory, which...
registers, page-table
Page table
A page table is the data structure used by a virtual memory system in a computer operating system to store the mapping between virtual addresses and physical addresses. Virtual addresses are those unique to the accessing process...
entries, and other data may track mode identifiers for other resources. For example, a CPU may be operating in Ring 0 as indicated by a status word in the CPU itself, but every access to memory may additionally be validated against a separate ring number for the virtual-memory segment targeted by the access, and/or against a ring number for the physical page (if any) being targeted. This has been demonstrated with the PSP handheld system.
For details about interoperation between CPU and OS levels of abstraction, see the dedicated section in the Ring (computer security)
Ring (computer security)
In computer science, hierarchical protection domains, often called protection rings, are a mechanism to protect data and functionality from faults and malicious behaviour . This approach is diametrically opposite to that of capability-based security.Computer operating systems provide different...
article.
Hardware that supports the Popek and Goldberg virtualization requirements
Popek and Goldberg virtualization requirements
The Popek and Goldberg virtualization requirements are a set of conditions sufficient for a computer architecture to support system virtualization efficiently. They were introduced by Gerald J. Popek and Robert P. Goldberg in their 1974 article "Formal Requirements for Virtualizable Third...
makes writing software to efficiently support a virtual machine much simpler. Such a system can run software that "believes" it is running in supervisor mode, but is actually running in user mode.