We've talked a bit about system calls before. Remember that the system
call interface is the application's view of the operating system. Aside
from forming this view, it is also the boundary between the outside world
(the application world) and the inside world (inside the O/S implementation).
There are several things that one has to consider when allowing an application
to make a system call (pass from the outside world into the inside world).
These include the following:
We want to provide as much protection to the O/S internal data structures
as possible. This avoids the problem of an application corrupting O/S data
(an unhappy situation for everyone). If the architecture is dual mode,
then we can protect the O/S code and data from illegal access while an
application is in the "outside" world.
If the architecture is dual-mode, then we must make the O/S data structures
accessible once the boundary has been crossed. Pretty much every system
call needs to either read or update (or both) O/S structures. We've talked
about how this is done when we covered interrupts. Remember that an instruction
is executed that causes all of memory to be accessible (changes mode from
application to supervisor mode). It also causes a trap. A trap causes execution
to jump to a predetermined routine in the O/S. This way, an application
cannot execute an arbitrary piece of code once access to the O/S internals
has been gained. Only the previously set-up O/S routines can be executed.
Once the system call is in progress and we are manipulating O/S structures,
it might be a problem of some other process was trying to manipulate these
same structures at the same time (all of you, I am sure remember your critical
section stuff well). Thus we must protect against concurrent access to
the O/S structures. There are lots of ways of doing this, but the most
common way is to switch off interrupts. This achieves our goal by making
sure no context switch will happen (unless the running process asks for
a context switch [which it better not while manipulating O/S structures],
the only way a context switch can happen is if an interrupt occurs [think
about it]). If no context switch will occur, the running process has exclusive
access to the data it is working on.
