Section 1.1. Windows Kernel Mode and User Mode

   

1.1 Windows Kernel Mode and User Mode

This book uses the terms kernel mode and user mode regularly. Before we see how they are defined, a bit of background is in order.

Windows NT has been designed as a portable operating system with all processor- and hardware-dependent code isolated in a module called the hardware abstraction layer ( HAL ), which is described in Section 1.3.1. Although Windows NT did indeed once run on multiple processors, including PowerPC and Alpha, it is now supported only on Intel and Intel-compatible processors. Some basic details of the Intel x86 architecture are presented here so that the details of Windows NT presented later can be appreciated. This section does not attempt to describe all the features of the Intel x86 architecture, but explains only what is immediately relevant.

The Intel x86 architecture supports four modes of operation: real mode, virtual x86 mode, system management mode, [1] and protected mode.

[1] System management mode is not used by Windows NT.

In real mode , every process has access to the lower 1MB of memory address space with no restrictions. On power-up , the processor always starts in real mode. We can easily switch the processor to protected mode by setting a bit in a control register, and we can switch it from protected mode to real mode by clearing this bit. Windows NT uses real mode for initialization, but it switches to protected mode well before applications are started. Throughout the Windows NT family of products, the trend has been toward reducing the amount of work done in real mode and switching more quickly to protected mode. Once the processor is in protected mode, Windows NT never switches it to real mode.

Virtual x86 mode provides the ability to execute multiple real-mode applications while the processor is in protected mode. Windows NT 4.0 supports this with a subsystem called the NT Virtual DOS Machine (NTVDM). The requirement that DOS-based applications must run easily on the Windows Server platform has gradually been decreasing in importance. Hence the importance of the NTVDM subsystem has also been decreasing .

Protected mode is the mode that Windows NT uses most heavily. Protected mode offers four levels of operation, as shown in Figure 1.1. At level 0 (or ring 0), often called kernel mode , processor instructions and features to facilitate memory protection and virtual memory are available. Privileged instructions, such as instructions to manipulate control registers within the processor, are also available at level 0. Windows NT does not use levels (rings) 1 and 2. The lowest privilege level ”level 3, or user mode ”offers the greatest protection in terms of restricting one process from accessing memory or code owned by another process.

Figure 1.1. Intel x86 Architecture Privilege Levels

graphics/01fig01.gif

Here are some concrete examples of the functionality provided by Windows NT using the x86 architecture:

  • All memory is manipulated (allocated, read, written) in units called pages . See Section 1.3.3.6 (Virtual Memory Manager) for more details.

  • Each memory page has an associated tag defining whether it can be read or written and what privilege level is needed to do so. The intent is to protect user processes from each other and to protect system code and data from user processes. Note that system code (running in kernel mode) is not protected in any way from other code running in kernel mode.

  • Memory pages containing code (as opposed to data) can be marked as nonwritable by user processes and kernel mode code.

Applications running in user mode access Windows NT kernel services by executing a special instruction that allows a controlled transition into kernel mode and then back into user mode once the kernel mode request has been completed.


   
Top


Inside Windows Storage
Inside Windows Storage: Server Storage Technologies for Windows 2000, Windows Server 2003 and Beyond
ISBN: 032112698X
EAN: 2147483647
Year: 2003
Pages: 111
Authors: Dilip C. Naik

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net