ARM modes: User and System

Question

Can you explain how the ARM mode get changed in case of a system call handling? I heard ARM mode change can happen only in privileged mode, but in case of a system call handling while the ARM is in user mode (which is a non-privileged mode), how does the ARM mode change?

Can anybody explain the whole action flow for the user mode case, and also more generally the system call handling (especially how the ARM mode change)?

Thanks in advance.

Answer 1

When an SVC instruction is encountered by the PC, the following behaviour takes place:

• The current status (CPSR) is saved (to the supervisor SPSR)
• The mode is switched to supervisor mode
• Normal (IRQ) interrupts are disabled
• ARM mode is entered (if not already in use)
• The address of the following instruction (the return address) is saved into the link register (R14) - It's worth noting that this is the link register that belongs to the supervisor mode
• The PC is altered to jump to address 0x00000008

An exception vector (just a branch instruction) should be at the address 0x0000008, which will branch the program to another area of code used to determine which supervisor call has been made.

Determining which supervisor call has been made is usually accomplished by loading the SVC instruction into a register (by offsetting the LR by one word - since the LR is still pointing to the instruction next to the supervisor call), bit clearing the last 8 bits and using the value in the remaining 24 bits of the register to calculate an offset in a jump table, to branch to the corresponding SVC code.

When the supervisor call code wishes to return to the user application, the processor needs to context switch back into user mode and return to the address contained within the LR (which is only available in supervisor mode, since certain registers are banked for both modes). This problem is overcome using the MOVS instruction, as illustrated below:

(consider this to also be your explanation on how to change mode)

 MRS    R0, CPSR          ; load CPSR into R0
 BIC    R0, R0, #&1F      ; clear mode field
 ORR    R0, R0, #&10      ; user mode code
 MSR    SPSR, R0          ; store modified CPSR into SPSR

 MOVS   PC, LR            ; context switch and branch

The MRS and MSR instructions are used to transfer content between an ARM register and the CPSR or SPSR.

The MOVS instruction is a special instruction, which operates as a standard MOV instruction, but also sets the CPSR equal to the SPSR upon branching. This allows the processor to branch back (since we're moving the LR into the PC) and change mode to the mode specified by the SPSR.

Answer 2

"I heard ARM mode change can happen only in privileged mode". You are partly right here. By partly I mean the control field of the CPSR register can be manually modified (manually modified means through code) in the privileged modes only not in the unprivileged mode (i.e. user mode). When a system call happens in the user mode it happens because of SWI instruction. An SWI instruction has inbuilt mechanism to change the mode to supervisor mode.

So to conclude , there are two ways to change the mode:

1) Explicitly through code. Only allowed in a privileged mode. 2) Implicitly through IRQ, FIQ, SWI, RESET, undefined instruction encountered, data abort, prefetch abort. This is allowed in all the modes.

Answer 3

I quote from the ARM documentation available here:

http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.dui0471c/BABDCIEH.html

When an exception is generated, the processor performs the following actions:

1. Copies the CPSR into the appropriate SPSR. This saves the current mode, interrupt mask, and condition flags.
2. Switches state automatically if the current state does not match the instruction set used in the exception vector table.
3. Changes the appropriate CPSR mode bits to:
   • Change to the appropriate mode, and map in the appropriate banked out registers for that mode.
   • Disable interrupts. IRQs are disabled when any exception occurs. FIQs are disabled when an FIQ occurs and on reset.
4. Sets the appropriate LR to the return address.
5. Sets the PC to the vector address for the exception.

where, CPSR refers to Current Program Status Register and SPSR to Saved Program Status register used to restore the state of the process that was interrupted. Thus, as seen in point 3, the processor circuitry is designed in a way that the hardware itself changes the mode when user mode executes a Supervisor call instruction.

Answer 4

You need to get a copy of the ARM ARM (Architectural Reference Manual).

http://infocenter.arm.com -> ARM Architecture -> Reference Manuals -> ARMv5 Architectural Reference Manual then download the pdf.

It used to be a single ARM ARM for the ARM world but there are too many cores and starting to diverge so they split off the old one as ARMv5 ARM and made new Architectural Reference Manuals for each of the major ARM processor families.

In the Programmers Model chapter it talks about the modes, it says that you can change freely among the modes other than user. ARM startup code will often go through a series of mode changes so that the stack pointers, etc can be configured. Then as needed go back to System mode or User mode.

In that same chapter look at the Exceptions section, this describes the exceptions and what mode the processor switches to for each exception.

The Software interrupt exception which happens when an SWI instruction is executed, is a way to implement system calls. The processor is put in Supervisor mode and if in thumb mode switches to arm mode.

There needs to be code to support that exception handler of course. You need to verify with the operating system, if any, you are running, what is supported and what the calling convention is, etc.

Not all ARM processors work this way. The Cortex-M (ARMv7-M) does not have the same modes and same exception table, etc. As with any time you are using an ARM (at this level) you need to get the ARM ARM for the family you are using and you need to get the TRM (Techincal Reference Manual) for the core(s) you are using, ideally the exact revision, even if ARM marks the TRM as having been replaced by a newer version the chip manufacturer has purchased and uses a specific rev of the core and there can be enough differences between revs that you will want the correct manual.

Answer 5

In the case of system calls on ARM, normally the system call causes a SWI instruction to be executed. Anytime the processor executes a SWI (software interrupt) instruction, it goes into SVC mode, which is privileged, and jumps to the SWI exception handler. The SWI handler then looks at the cause of the interrupt (embedded in the instruction) and then does whatever the OS programmer decided it should do. The other exceptions - reset, undefined instruction, prefetch abort, data abort, interrupt, and fast interrupt - all also cause the processor to enter privileged modes.

How file handling works is entirely up to whoever wrote your operating system - there's nothing ARM specific about that at all.