Cortex-M3處理器支持兩種處理器的操作模式,還支持兩級特權操作。
兩種操作模式分別為:處理者模式和線程模式(thread mode)。
引入兩個模式的本意,是用於區別普通應用程序的代碼和異常服務例程的代碼——包括中斷服務例程的代碼。
兩級特權操作分別為:特權級和用戶級。
這可以提供一種存儲器訪問的保護機制,使得普通的用戶程序代碼不能意外地,甚至是惡意地執行涉及到要害的操作。
處理器支持兩種特權級,這也是一個基本的安全模型。
主應用程序(線程模式),既可以使用特權級,也可以使用用戶級;
異常服務例程(處理者模式)必須在特權級下執行。
通過引入特權級和用戶級,就能夠在硬件水平上限制某些不受信任的或者還沒有調試好的程序,
不讓它們隨便地配置涉及要害的寄存器,因而系統的可靠性得到了提高。
控制寄存器(CONTROL) CONTROL[0]=1,用戶級的線程模式 CONTROL[0]=0,特權級的線程模式 CONTROL[1]=1,選擇使用PSP CONTROL[1]=0,選擇使用MSP
復位后,處理器默認進入線程模式,特權極訪問 ( 使用 MSP 作為堆棧指針 )
EXC_RETURN Description 0xFFFFFFF1 Return to Handler mode. Exception return gets state from the main stack. Execution uses MSP after return. 0xFFFFFFF9 Return to Thread mode. Exception Return get state from the main stack. Execution uses MSP after return. 0xFFFFFFFD Return to Thread mode. Exception return gets state from the process stack. Execution uses PSP after return.
Handler mode always uses the MSP, so the processor ignores explicit writes to the active stack pointer bit of the CONTROL register when in Handler mode. The exception entry and return mechanisms automatically update the CONTROL register based on the EXC_RETURN value
In an OS environment, ARM recommends
the kernel and exception handlers use the main stack.
the threads running in Thread mode use the process stack.
By default, Thread mode uses the MSP.
To switch the stack pointer used in Thread mode to the PSP
(1) use the MSR instruction to set the Active stack pointer bit to 1, CONTROL[1] = 1
(2) perform an exception return to Thread mode with the appropriate EXC_RETURN value
When changing the stack pointer, software must use an ISB instruction immediately after the MSR instruction. This ensures that instructions after the ISB instruction execute using the new stack pointer.
Processor mode and privilege levels for software execution
The processor modes are:
- Thread mode
-
Used to execute application software.
The processor enters Thread mode when it comes out of reset. - Handler mode
-
Used to handle exceptions.
The processor returns to Thread mode when it has finished all exception processing.
The privilege levels for software execution are:
- Unprivileged
-
The software:
-
has limited access to the
MSRandMRSinstructions, and cannot use theCPSinstruction -
cannot access the system timer, NVIC, or system control block
-
might have restricted access to memory or peripherals.
Unprivileged software executes at the unprivileged level.
-
- Privileged
-
The software can use all the instructions and has access to all resources.
Privileged software executes at the privileged level.
In Thread mode, the CONTROL register controls whether software execution is privileged or unprivileged, see CONTROL register.
In Handler mode, software execution is always privileged.
Only privileged software can write to the CONTROL register to change the privilege level for software execution in Thread mode.
Unprivileged software can use the SVC instruction to make a supervisor call to transfer control to privileged software.
