CPU modes

CPU modes (also called "processor modes" or "CPU privilege levels," and by other names) are operating modes for the central processing unit of some computer architectures that place restrictions on the operations that can be performed by the process currently running in the CPU. This design allows the operating system to run at different privilege levels. These different privilege levels are called rings when referring to their implementation at the OS abstraction level, while CPU modes when referring to their implementation at the cpu firmware abstraction level.

In principle, implementing hardware supported CPU modes correctly in the operating system code and in applications should make it impossible to introduce viruses, spyware, and/or similar malware as only very specific and limited "kernel" code would run unrestricted. Any other software (including portions of the operating system) would run restricted and would have to ask the "kernel" for permission to modify anything that could compromise the system. Multiple mode levels could be designed - including a mode zero which basically would only get control if the operating "kernel" at level 1 would be in trouble. All applications/drivers/etc. should run at a level well above the operating system kernel and be "severely" restricted in what they can do to the hardware and real memory. Real memory locations write access should also belong to a specific mode level - i.e. write access to a lower level memory (higher privilege level) location should be impossible (this should be checked by the hardware).

Mode types

At a minimum, any CPU with this type of architecture will support at least two distinct operating modes, and at least one of the modes will provide completely unrestricted operation of the CPU. The unrestricted mode is usually called "kernel mode," but many other designations exist ("master mode," "supervisor mode," "privileged mode" etc.). Other modes are usually called "user modes," but are occasionally known by other names ("slave mode" etc.).

In kernel mode, the CPU may perform any operation provided for by its architecture. Any instruction may be executed, any I/O operation may be initiated, any area of memory may be accessed, and so on. In the other CPU modes, certain restrictions on CPU operations are enforced by the hardware. Typically certain instructions are not permitted, I/O operations may not be initiated, some areas of memory cannot be accessed etc. Usually the user-mode capabilities of the CPU are a subset of the kernel mode capabilities, but in some cases (such as hardware emulation of non-native architectures), they may be significantly different from kernel capabilities, and not just a subset of them.

At least one user mode is always defined, but some CPU architectures support multiple user modes, often with a hierarchy of privileges. These architectures are often said to have "ring-based security," wherein the hierarchy of privileges resembles a set of concentric rings, with the kernel mode in the central, innermost ring. Multics hardware was the first significant implementation of ring security, but many other hardware platforms have been designed along similar lines, including the Intel 80286 protected mode, and the IA-64 as well, though it is referred to by a different name in these cases.

Mode protection may extend to resources beyond the CPU processing hardware itself. Hardware registers track the current operating mode of the CPU, but additional virtual-memory registers, page-table entries, and other data may track mode identifiers for other resources. For example, a CPU may be operating in Ring 0 as indicated by a status word in the CPU itself, but every access to memory may additionally be validated against a separate ring number for the virtual-memory segment targeted by the access, and/or against a ring number for the physical page (if any) being targeted. This has been demonstrated with the PSP handheld system.

For details about interoperation between CPU and OS levels of abstraction, see the dedicated section in the Ring (computer security) article.

Hardware that supports the Popek and Goldberg virtualization requirements makes writing software to efficiently support a virtual machine much simpler.Such a system can run software that "believes" it is running in supervisor mode, but is actually running in user mode.