What decides privilege level of the process?

Question

I heard of privilege levels, rings, privileged instructions, non privileged instructions, user mode, kernel mode, user space, kernel space.

User process will run with low privilege where OS process with higher ,also I heard about CPL register which responsible for general protection. Also CPU only know CPL and it is decided basis of to which page instruction belongs to.

I want to know who/what decides initially the privilege level of process?

When it is decided that process will run with low or high privilege level? At compile time? At loading?

What tells that current program will run with specific privilege level? Segment registers? Descriptors? Loader ?

Answer 1

Firstly I see 3 questions.

1. Who/What decides initially the privilege level of process ?
2. When it is decided that process will run with low or high privilege level?
3. What tells that current program will run with specific privilege level?

Secondly to confirm the definition of some terms

When you say privilege level, I believe you are referring to the concept of level of privilege associated with CPU processor mode as opposed the generic level of any other privilege mechanism available.

When you say process, I believe you are referring to the concept of the currently running program as opposed to some alternate definition.

User processes run in user mode with the user privilege for a given CPU architecture

Kernel processes run in kernel mode with the supervisor privilege for a given CPU architecture.

Whether the process is user or kernel depends on which flags are set either in segment descriptors when paging isn't used or in page table or page directory entries where paging is used.

This means that the privilege level of a process is determined by where that process's code is located in memory. If it is in kernel space and marked as such using the relevant flags, then it is a kernel process. If it is in user space and marked as such using the relevant flags, then it is a user process.

If the process / program you are running isn't the kernel, it is a user process on most modern operating systems. So when the decision is made is at program execution time, specifically operating system initialization time when the kernel is first loaded.

Either the process is that kernel and is runs at supervisor privilege level or it isn't and it runs at user privilege level.

The CPU checks every execution of any code or data segment from memory against the relevant status registers (code status register on Intel X86, and current program status register on ARM).

When user processes need to access kernel resources, the general way this is done is by allowing the user process to ask the kernel process on its behalf by making a system call, which makes a privilege context switch when the kernel process runs the request for the user process.

As a side note, Kernel Mode Linux, allows you to run user processes in kernel / supervisor mode.

References and further reading

• OS Dev Security Page
• OS Dev Segmentation Page
• OS Dev Paging Page
• OS Dev ARM overview
• Memory Translation and Segmentation
• CPU Rings, Privilege, and Protection
• Operating System Privilege: Protection and Isolation
• Operating Modes, System Calls and Interrupts
• Paging and Segmentation

Answer 2

Most processors have a trap or software fault instruction that switches the processor into privileged mode. The kernel checks if the user mode process has permission for the particular operation. Since kernel data is protected, the kernel can enforce security policy - the user process can't directly give itself permissions.

Permissions are sometimes called privileges, so that's why I wanted to explain how processor modes work in enforcing security permissions.