CPU modes (also called processor modes, CPU states, CPU privilege levels and other names) are operating modes for the
central processing unit
A central processing unit (CPU), also called a central processor, main processor, or just processor, is the primary Processor (computing), processor in a given computer. Its electronic circuitry executes Instruction (computing), instructions ...
of most
computer architectures that place restrictions on the type and scope of operations that can be performed by instructions being executed by the CPU. For example, this design allows an
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
to run with more privileges than
application software
Application software is any computer program that is intended for end-user use not operating, administering or programming the computer. An application (app, application program, software application) is any program that can be categorized as ...
by running the operating systems and applications in different modes.
Ideally, only highly trusted
kernel code is allowed to execute in the unrestricted mode; everything else (including non-supervisory portions of the operating system) runs in a restricted mode and must use a
system call
In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...
(via
interrupt
In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted ...
) to request the kernel perform on its behalf any operation that could damage or compromise the system, making it impossible for untrusted programs to alter or damage other programs (or the computing system itself).
Device drivers are designed to be part of the kernel due to the need for frequent
I/O access.
Multiple modes can be implemented, e.g. allowing a
hypervisor
A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...
to run multiple operating system supervisors beneath it, which is the basic design of many
virtual machine
In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
systems available today.
Mode types
The unrestricted mode is often called ''kernel mode,'' but many other designations exist (''master mode'', ''supervisor mode'', ''privileged mode'', etc.). Restricted modes are usually referred to as ''user modes,'' but are also known by many other names (''slave mode,'' ''problem state,'' etc.).
; Hypervisor
: Hypervisor mode is used to support virtualization, allowing the simultaneous operation of multiple operating systems.
; Kernel and User
: In kernel mode, the CPU may perform any operation allowed by its architecture; any instruction may be executed, any I/O operation initiated, any area of memory accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically, certain instructions are not permitted (especially those—including I/O operations—that could alter the global state of the machine), some memory areas cannot be accessed, etc. User-mode capabilities of the CPU are typically a subset of those available in kernel mode, but in some cases, such as hardware emulation of non-native architectures, they may be significantly different from those available in standard kernel mode.
Some CPU architectures support more modes than those, often with a hierarchy of privileges. These architectures are often said to have ''ring-based security,'' wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the center.
Multics
Multics ("MULTiplexed Information and Computing Service") is an influential early time-sharing operating system based on the concept of a single-level memory.Dennis M. Ritchie, "The Evolution of the Unix Time-sharing System", Communications of t ...
hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the
Intel 80286
The Intel 80286 (also marketed as the iAPX 286 and often called Intel 286) is a 16-bit microprocessor that was introduced on February 1, 1982. It was the first 8086-based CPU with separate, non- multiplexed address and data buses and also the f ...
protected mode
In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as Memory_segmentation, segmentation, virtual mem ...
, and the
IA-64
IA-64 (Intel Itanium architecture) is the instruction set architecture (ISA) of the discontinued Itanium family of 64-bit Intel microprocessors. The basic ISA specification originated at Hewlett-Packard (HP), and was subsequently implemented by ...
as well, though it is referred to by a different name in these cases.
Mode protection may extend to resources beyond the CPU hardware itself. Hardware registers track the current operating mode of the CPU, but additional
virtual-memory registers,
page-table entries, and other data may track mode identifiers for other resources. For example, a CPU may be operating in Ring 0 as indicated by a status word in the CPU itself, but every access to memory may additionally be validated against a separate ring number for the virtual-memory segment targeted by the access, and/or against a ring number for the physical page (if any) being targeted. This has been demonstrated with the
PSP handheld system.
Hardware that meets the
Popek and Goldberg virtualization requirements
The Popek and Goldberg virtualization requirements are a set of conditions sufficient for a computer architecture to support system virtualization efficiently. They were introduced by Gerald J. Popek and Robert P. Goldberg in their 1974 article " ...
makes writing software to efficiently support a virtual machine much simpler. Such a system can run software that "believes" it is running in supervisor mode, but is actually running in user mode.
Architectures
Several computer systems introduced in the 1960s, such as the
IBM System/360
The IBM System/360 (S/360) is a family of mainframe computer systems announced by IBM on April 7, 1964, and delivered between 1965 and 1978. System/360 was the first family of computers designed to cover both commercial and scientific applicati ...
,
DEC PDP-6
The PDP-6, short for Programmed Data Processor model 6, is a computer developed by Digital Equipment Corporation (DEC) during 1963 and first delivered in the summer of 1964. It was an expansion of DEC's existing 18-bit systems to use a 36-bit da ...
/
PDP-10
Digital Equipment Corporation (DEC)'s PDP-10, later marketed as the DECsystem-10, is a mainframe computer family manufactured beginning in 1966 and discontinued in 1983. 1970s models and beyond were marketed under the DECsystem-10 name, especi ...
, the
GE-600/
Honeywell 6000 series, and the
Burroughs B5000 series and
B6500 series, support two CPU modes; a mode that grants full privileges to code running in that mode, and a mode that prevents direct access to
input/output
In computing, input/output (I/O, i/o, or informally io or IO) is the communication between an information processing system, such as a computer, and the outside world, such as another computer system, peripherals, or a human operator. Inputs a ...
devices and some other hardware facilities to code running in that mode. The first mode is referred to by names such as ''supervisor state'' (System/360), ''executive mode'' (PDP-6/PDP-10), ''master mode'' (GE-600 series), ''control mode'' (B5000 series), and ''control state'' (B6500 series). The second mode is referred to by names such as ''problem state'' (System/360), ''user mode'' (PDP-6/PDP-10), ''slave mode'' (GE-600 series), and ''normal state'' (B6500 series); there are multiple non-control modes in the B5000 series.
RISC-V
RISC-V has three main CPU modes: User Mode (U), Supervisor Mode (S), and Machine Mode (M).
Virtualization is supported via an orthogonal CSR setting instead of a fourth mode.
References
{{Reflist
Central processing unit
Computer security