Going from user to OS code
System calls used to transfer control between user and system code
– such calls come through “call gates” and return back to user code. The processor execution mode or privilege ring changes when call and return happen.
– x86 Systenter/ sysexit instructions
Isolating user processes from each other
How do we meet the user/user isolation and separation?
OS uses hardware support for memory protection to ensure this.
Processes view memory as contiguous often larger than available physical memory
– usually 2^32 or 2-64 addresses
– each process has its own mapping
Operating system maps logical virtual addresses or pages onto physical memory frames
OS will not map a virtual page of process A to a physical page of process B unless explicit sharing is desired.
– process A cannot access process B’s memory because it has no way to name/reach its memory.
– page tables managed by OS.
Process Protection through Memory Management
– processor memory management unit(MMU) uses page tables to resolve virtual addresses to physical addresses.
– RWX bits on pages lilmit type of access to addressable memory