9. Hardware Protection

-> DUAL-MODE PROTECTION
• Sharing system resources requires operating system to ensure
that an incorrect program cannot cause other programs to
execute incorrectly.

• Provide hardware support to differentiate between at least two
modes of operations.
1. User mode – execution done on behalf of a user.
2. Monitor mode (also supervisor mode or system mode) –
execution done on behalf of operating system.

• Mode bit added to computer hardware to indicate the current
mode: monitor (0) or user (1).

• When an interrupt or fault occurs hardware switches to monitor
mode



• Privileged instructions can be issued only in monitor mode.

-> I/O PROTECTION
• All I/O instructions are privileged instructions.
• Must ensure that a user program could never gain control of the computer in monitor mode (i.e., a user program that, aspart of its execution, stores a new address in the interrupt vector).

Use of a System Call to Perform an I/O



-> MEMORY PROTECTION
• Must provide memory protection at least for the interrupt vectorand the interrupt service routines.
• In order to have memory protection, add two registers thatdetermine the range of legal addresses a program may access:

– base register
– holds the smallest legal physical memoryaddress.
– limit register
– contains the size of the range.

• Memory outside the defined range is protected.



-> CPU PROTECTION
• Timer
– interrupts computer after specified period to ensure operating system maintains control.
– Timer is decremented every clock tick.
– When timer reaches the value 0, an interrupt occurs.
• Timer commonly used to implement time sharing.
• Time also used to compute the current time.
• Load-timer is a privileged instruction.