Mark Smotherman. Last updated June 2004.
Four access modes:
Mode recorded in PSL (current mode, previous mode).
+--+--+----+--+--+----+----+--+----------+----------------+--+--+--+--+--+--+--+--+
|CM|TP| 0 |FD|IS|cmod|pmod|0 |int.pr.lvl| 0 |DV|FU|IV|T |N |Z |V |C |
+--+--+----+--+--+----+----+--+----------+----------------+--+--+--+--+--+--+--+--+
31 30 29 27 26 25 23 21 20 15 7 6 5 4 3 2 1 0
31 PDP-11 compatibility mode
30 trace pending
29:28 (must be zero)
27 first part done (when instruction are interrupted during execution)
26 interrupt stack
25:24 current execution mode
23:22 previous execution mode
21 (must be zero)
20:16 interrupt priority level
15: 8 (must be zero)
7 decimal overflow trap enable
6 floating-point underflow trap enable
5 integer overflow trap enable
4 trace bit
condition codes
3 negative
2 zero
1 overflow
0 carry
One stack per mode for each process (switch stack pointers when you switch modes).
mode per process stacks
------------- ------------------
11 user user stack (IS = 0)
10 supervisor supervisor stack "
01 executive executive stack "
00 kernel kernel stack "
system-wide stack
-----------------
00 kernel interrupt stack (IS = 1)
Three regions in memory for each process: P0, P1, and S.
control regs mapping high addr bits P0+P1 per process
+------------------+
+------------------+ |
+------------------+ | |
P0BR-------> P0 page table / 00 | P0: user program | |---+
P0LR \ | |---+ |
+------------------+ | |
P1BR-------> P1 page table / 01 | P1: stacks | |---+
P1LR \ | |---+
+------------------+
SBR--------> system page table / 10 | S: system area |
SLR \ | process PTs |
+------------------+
11 | reserved |
| |
+------------------+
same system area shared by all processes
Page protection encoding (PROT field of PTE)
K E S U
0000 no access - - - -
0001 reserved (unpredictable)
0010 kernel write RW - - -
0011 kernel read R - - -
0100 all access RW RW RW RW
0101 executive write RW RW - -
0110 executive read, kernel write RW R - -
0111 executive read R R - -
1000 supervisor write RW RW RW -
1001 supervisor read, executive write RW RW R -
1010 supervisor read, kernel write RW R R -
1011 supervisor read R R R -
1100 user read, supervisor write RW RW RW R
1101 user read, executive write RW RW R R
1110 user read, kernel write RW R R R
1111 user read R R R R
The VAX also defined a 96-byte hardware-supported process context block (PCB). It included the stack pointers, other general registers, PC, PSL, P0 page table base and length, and P1 page table base and length.
CHM_ (KESU) - instruction has a request code as its only operand
actions: (1) switch stack pointer
(2) probe for legal write access on new stack
(3) push PSL, PC, and CHM_ operand on new stack
(4) update PSL access mode fields (note: CHM_
cannot decrease access level)
(5) route control flow through exception vector to
change mode dispatcher
use in VMS: CMHK - call to system service
CHME - for internal use
CHMS - call to command interpreter (DCL)
CHMU - for user program use
(note: illegal instruction when in interrupt stack mode)
Can only execute in kernel mode.
LDPCTX / SVPCTX - load and save process context
MFPR / MTPR - move from and move to processor register
REI - restore mode and stack pointer (new mode must be same or less privileged as current mode)
PROBE_ (RW) - for argument checking
MOVL 4(AP),R0 ; Copy the address of first arg so
; that it cannot be changed
PROBER #0,#4,(R0) ; Verify that the longword pointed to
; by the first arg could be read by
; the previous access mode
; Note that the arg list itself must
; already have been probed
BEQL violation ; Branch if either byte gives an
; access violation
MOVQ 8(AP),R0 ; Copy length and address of buffer
; arg so that they cannot change
PROBER #0,R0,(R1) ; Verify that the buffer described by
; the 2nd and 3rd args could be
; written by the previous access
; mode
; Note that the arg list must already
; have been probed and that the 2nd
; arg must be known to be less than
; 512
BEQL violation ; Branch if either byte gives an
; access violation
[from: VAX MACRO and Instruction Set Reference Manual]
no change in privilege level
user program:
CALL SYS$example1
| <----------.
| |
V |
SYS$example1: |
.word <..> // reg save mask |
JMP EXE$example |
| |
| |
V |
EXE$example: |
... |
RET --------------------------'
change in privilege level
// P0 region
user program:
CALL SYS$example2
| <----------.
| |
V |
// system service vector |
// P1 region, current mode |
SYS$example2: |
.word <..> // reg save mask |
CHMK #code // exception! -----------------.
.--> RET --------------------------' |
| V
| routed by exception
| vector 0x40 contents
| |
| // S region, kernel mode |
| change mode dispatcher: <--------------------'
| ...
| #code:
| ... PROBE arguments using AP ...
| ... copy arguments to new stack ...
| CALL EXE$example2 --.
`--- REI | <--.
... | |
| |
EXE$example2: <------' |
... |
RET ---------------------'
[History of system calls page] [Mark's homepage] [CPSC homepage] [Clemson Univ. homepage]
mark@cs.clemson.edu