DEC VAX System Calls

Mark Smotherman. Last updated June 2004.

Introduction

Four access modes:

  1. user (user programs, compilers, editors, etc.)
  2. supervisor (shell)
  3. executive (file subsystem)
  4. kernel (scheduling, I/O operations, memory management)

Mode recorded in PSL (current mode, previous mode).

+--+--+----+--+--+----+----+--+----------+----------------+--+--+--+--+--+--+--+--+
|CM|TP| 0  |FD|IS|cmod|pmod|0 |int.pr.lvl|        0       |DV|FU|IV|T |N |Z |V |C |
+--+--+----+--+--+----+----+--+----------+----------------+--+--+--+--+--+--+--+--+
 31 30 29   27 26 25   23   21 20         15                7  6  5  4  3  2  1  0

   31     PDP-11 compatibility mode
   30     trace pending
   29:28    (must be zero)
   27     first part done (when instruction are interrupted during execution)
   26     interrupt stack
   25:24  current execution mode
   23:22  previous execution mode
   21       (must be zero)
   20:16  interrupt priority level
   15: 8    (must be zero)
    7     decimal overflow trap enable
    6     floating-point underflow trap enable
    5     integer overflow trap enable
    4     trace bit

   condition codes
    3  negative
    2  zero
    1  overflow
    0  carry

One stack per mode for each process (switch stack pointers when you switch modes).

      mode           per process stacks
      -------------  ------------------
      11 user        user stack           (IS = 0)
      10 supervisor  supervisor stack         "
      01 executive   executive stack          "
      00 kernel      kernel stack             "

                     system-wide stack
                     -----------------
      00 kernel      interrupt stack      (IS = 1)

Three regions in memory for each process: P0, P1, and S.

    control regs    mapping        high addr bits      P0+P1 per process
                                                     +------------------+
                                                 +------------------+   |
                                             +------------------+   |   |
       P0BR-------> P0 page table /      00  | P0: user program |   |---+
       P0LR                       \          |                  |---+   |
                                             +------------------+   |   |
       P1BR-------> P1 page table /      01  | P1: stacks       |   |---+
       P1LR                       \          |                  |---+
                                             +------------------+
       SBR--------> system page table /  10  | S:  system area  |
       SLR                            \      |     process PTs  |
                                             +------------------+
                                         11  | reserved         |
                                             |                  |
                                             +------------------+

       same system area shared by all processes

Page protection encoding (PROT field of PTE)

                                             K   E   S   U
      0000 no access                         -   -   -   -
      0001 reserved                         (unpredictable)
      0010 kernel write                      RW  -   -   -
      0011 kernel read                       R   -   -   -
      0100 all access                        RW  RW  RW  RW
      0101 executive write                   RW  RW  -   -
      0110 executive read, kernel write      RW  R   -   -
      0111 executive read                    R   R   -   -
      1000 supervisor write                  RW  RW  RW  -
      1001 supervisor read, executive write  RW  RW  R   -
      1010 supervisor read, kernel write     RW  R   R   -
      1011 supervisor read                   R   R   R   -
      1100 user read, supervisor write       RW  RW  RW  R
      1101 user read, executive write        RW  RW  R   R
      1110 user read, kernel write           RW  R   R   R
      1111 user read                         R   R   R   R

The VAX also defined a 96-byte hardware-supported process context block (PCB). It included the stack pointers, other general registers, PC, PSL, P0 page table base and length, and P1 page table base and length.

Change Mode instructions

CHM_ (KESU) - instruction has a request code as its only operand

    actions: (1) switch stack pointer
             (2) probe for legal write access on new stack
             (3) push PSL, PC, and CHM_ operand on new stack
             (4) update PSL access mode fields (note: CHM_
                 cannot decrease access level)
             (5) route control flow through exception vector to
                 change mode dispatcher

    use in VMS:  CMHK - call to system service
                 CHME - for internal use
                 CHMS - call to command interpreter (DCL)
                 CHMU - for user program use

(note: illegal instruction when in interrupt stack mode)

Privileged instructions

Can only execute in kernel mode.

LDPCTX / SVPCTX - load and save process context

MFPR / MTPR - move from and move to processor register

Other instructions

REI - restore mode and stack pointer (new mode must be same or less privileged as current mode)

PROBE_ (RW) - for argument checking

      MOVL    4(AP),R0        ; Copy the address of first arg so 
                              ;   that it cannot be changed 
      PROBER  #0,#4,(R0)      ; Verify that the longword pointed to 
                              ;   by the first arg could be read by 
                              ;   the previous access mode 
                              ; Note that the arg list itself must 
                              ;   already have been probed 
      BEQL    violation       ; Branch if either byte gives an 
                              ;   access violation 
      MOVQ    8(AP),R0        ; Copy length and address of buffer 
                              ;   arg so that they cannot change 
      PROBER  #0,R0,(R1)      ; Verify that the buffer described by 
                              ;   the 2nd and 3rd args could be 
                              ;   written by the previous access 
                              ;   mode 
                              ; Note that the arg list must already 
                              ;   have been probed and that the 2nd 
                              ;   arg must be known to be less than 
                              ;   512 
      BEQL    violation       ; Branch if either byte gives an 
                              ;   access violation 

      [from: VAX MACRO and Instruction Set Reference Manual]

OS call flow of control (VMS)

no change in privilege level

      user program:
        CALL SYS$example1
           |                <----------.
           |                           |
           V                           |
      SYS$example1:                    |
        .word <..>  // reg save mask   |
        JMP EXE$example                |
           |                           |
           |                           |
           V                           |
      EXE$example:                     |
        ...                            |
        RET  --------------------------'

change in privilege level

      // P0 region
      user program:
        CALL SYS$example2
           |                <----------.
           |                           |
           V                           |
      // system service vector         |
      // P1 region, current mode       |
      SYS$example2:                    |
        .word <..>  // reg save mask   |
        CHMK #code  // exception! -----------------.
   .--> RET  --------------------------'           |
   |                                               V
   |                                      routed by exception
   |                                      vector 0x40 contents
   |                                               |
   |  // S region, kernel mode                     |
   |  change mode dispatcher: <--------------------'
   |    ...
   |  #code:
   |    ... PROBE arguments using AP ...
   |    ... copy arguments to new stack ...
   |    CALL EXE$example2 --.
   `--- REI                 |  <--.
      ...                   |     |
                            |     |
      EXE$example2:  <------'     |
        ...                       |
        RET  ---------------------'

Sources


[History of system calls page] [Mark's homepage] [CPSC homepage] [Clemson Univ. homepage]

mark@cs.clemson.edu