I heard of privilege levels, rings, privileged instructions, non privileged instructions, user mode, kernel mode, user space, kernel space.
User process will run with low privilege where OS process with higher ,also I heard about CPL register which responsible for general protection. Also CPU only know CPL and it is decided basis of to which page instruction belongs to.
I want to know who/what decides initially the privilege level of process?
When it is decided that process will run with low or high privilege level? At compile time? At loading?
What tells that current program will run with specific privilege level? Segment registers? Descriptors? Loader ?
The current privilege level is used by the system to control access to resources and execution of certain instructions. The number and specific use of privilege levels are architecture specific, but most architectures support a minimum of two privilege levels.
Definition. A privileged process is. [a] computer process that is authorized (and, therefore, trusted) to perform security-relevant functions that ordinary processes are not authorized to perform.
Privilege level There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the kernel/executive, and use level 3 for application programs.
In computing, privilege is defined as the delegation of authority to perform security-relevant functions on a computer system. A privilege allows a user to perform an action with security consequences. Examples of various privileges include the ability to create a new user, install software, or change kernel functions.
Firstly I see 3 questions.
Secondly to confirm the definition of some terms
When you say privilege level, I believe you are referring to the concept of level of privilege associated with CPU processor mode as opposed the generic level of any other privilege mechanism available.
When you say process, I believe you are referring to the concept of the currently running program as opposed to some alternate definition.
User processes run in user mode with the user privilege for a given CPU architecture
Kernel processes run in kernel mode with the supervisor privilege for a given CPU architecture.
Whether the process is user or kernel depends on which flags are set either in segment descriptors when paging isn't used or in page table or page directory entries where paging is used.
This means that the privilege level of a process is determined by where that process's code is located in memory. If it is in kernel space and marked as such using the relevant flags, then it is a kernel process. If it is in user space and marked as such using the relevant flags, then it is a user process.
If the process / program you are running isn't the kernel, it is a user process on most modern operating systems. So when the decision is made is at program execution time, specifically operating system initialization time when the kernel is first loaded.
Either the process is that kernel and is runs at supervisor privilege level or it isn't and it runs at user privilege level.
The CPU checks every execution of any code or data segment from memory against the relevant status registers (code status register on Intel X86, and current program status register on ARM).
When user processes need to access kernel resources, the general way this is done is by allowing the user process to ask the kernel process on its behalf by making a system call, which makes a privilege context switch when the kernel process runs the request for the user process.
As a side note, Kernel Mode Linux, allows you to run user processes in kernel / supervisor mode.
References and further reading
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With