Hardware Protection
Dual-Mode Operation
I/O Protection
Memory Protection
CPU Protection
Dual-Mode Operation
Sharing system resources requires operating system to ensure that an incorrect program cannot cause
other programs to execute incorrectly. Provide hardware support to differentiate between at least two
modes of operations.
1. User mode – execution done on behalf of a user.
2. Monitor mode (also kernel mode or system mode) – execution done on behalf of operating system.
Mode bit added to computer hardware to indicate the current mode: monitor (0) or user (1).
When an interrupt or fault occurs hardware switches to monitor mode.
Privileged instructions can be issued only in monitor mode.
I/O Protection
All I/O instructions are privileged instructions. Must ensure that a user program could never gain control
of the computer in monitor mode (I.e., a user program that, as part of its execution, stores a new address in the interrupt vector).
Use of A System Call to Perform I/O
Memory Protection
Must provide memory protection at least for the interrupt vector and the interrupt service routines. In order to have memory protection, add two registers that determine the range of legal addresses a program may access:
Base register – holds the smallest legal physical memory address.
Limit register – contains the size of the range Memory outside the defined range is protected.
Use of A Base and Limit Register
Hardware Address Protection
Hardware Protection
When executing in monitor mode, the operating system has unrestricted access to both monitor and user’s memory. The load instructions for the base and limit registers are privileged instructions.
CPU Protection
1.Timer – interrupts computer after specified period to ensure operating system maintains control.
2.Timer is decremented every clock tick.
3.When timer reaches the value 0, an interrupt occurs.
Timer commonly used to implement time sharing.
Time also used to compute the current time.
Load-timer is a privileged instruction.