Wednesday, September 29, 2010

Privilege Levels

The architecture of 32-bit Intel processors provides four privilege levels of which Minix takes advantage of three. These are defined as C macros in kernel/protect.h

#define INTR_PRIVILEGE 0 /* kernel and interrupt handlers */
#define TASK_PRIVILEGE 1 /* kernel tasks */
#define USER_PRIVILEGE 3 /* servers and user processes */

The kernel contains code that runs during interrupts and during context switches, so it always runs with INTR_PRIVILEGE. Every address in memory and every register in the CPU can be accessed by a process with this privilege level.

The System and Clock tasks run with the TASK_PRIVILEGE level which allows them to access I/O but not to use instructions that modify special registers (like those that point to descriptor tables).

Servers and user processes run at USER_PRIVILEGE level. Such processes are unable to execute certain instructions such as those that access I/O ports, change memory assignments or change privilege levels themselves.

Note that of the four layers of processes in the Minix OS, all the layers except Layer 1 run with USER_PRIVILEGE level (i.e. user mode).

No comments:

Post a Comment