Why is masking off an interrupt a privileged instruction?

Question

anonymous · Answer

@e.mccormick Any help? :D

e.mccormick · Answer

Well, first, do you know what a privileged instruction is?

anonymous · Answer

An instruction that cannot be executed in the user mode, i.e. it must be executed in the kernel mode?!

e.mccormick · Answer

Well, that is part of it.  Hmm.  It has to do with the power it has.

e.mccormick · Answer

For example, as you said, it can modify the kernel space.  Ever heard of a rook kit?  Know how those type of viruses can do such nasty damage?  Well, they would live in the deepest parts of things and hide.  That is a kernel space type operation.

e.mccormick · Answer

root, not rook.  Anyhow, you also have direct access to I/O, so the ability to send things to memory, video, the hard drive, etc.

anonymous · Answer

Hmm... I thought all I/O instructions are privileged instructions...
In that case, what is a privileged instruction in exact?

e.mccormick · Answer

That is what I am saying.  It gives direct access to those things when something are working as a privileged instruction.  It is when you have absolute and direct control over all those things.  You arte effectivly the operating system when you do this, even if you are not.  That is why I brought up root kits.  Those were programs that modified the kernel spaces so that when virus checking programs loooked for them, they would give fake responses and hide from the AV program.  They were able to do this because these were viruses operating with privileged instructions.

e.mccormick · Answer

It seems you have the basics of privileged instruction: direct control of I/O and the kernel. Now for masking off an interrupt.  Do you know what happens there?

anonymous · Answer

Wait... What is the "AV program" you've just mentioned? Also, how can those programmes modify the kernel space?

e.mccormick · Answer

Anti-Virus.

Root kits are a book sized topic.  Also, computers were not as protected as they are now.  The operating systems used to easily allow elevation into the kernel spaces.  They closed a lot of that due to how that was used to cause so many people grief.  Root kits still exist, but they are far more rare and it is a lot harder to get that level of control without proper permission.

anonymous · Answer

Okay...
Masking off an interrupt - to temporary "hide" the interrupt so that the programme can "ignore" the interrupt for a while. However, later at some point of the execution, it will have to handle the interrupt.

e.mccormick · Answer

Yes.  You can effectively make a piece of hardware unavailable to the system.  Lets say access to some key piece of hardware were to be take over by a random program.  That could happen if masking was $\textbf{not}$ privileged only.  Then nothing else could use it.  So if you allow random programs to do that level of control the end results are nasty.

e.mccormick · Answer

Some info on Root Kits: http://www.ouah.org/iRootkits.pdf http://www.symantec.com/avcenter/reference/windows.rootkit.overview.pdf Between those two you can get a good idea of how those have developed over the years. The sections on Kernel Mode Rootkits show how they relate to this topic. They are prime examples of "Why is masking off an interrupt a privileged instruction?" because they show what can happen when a malicious program has that level of power.

anonymous · Answer

I still don't understand why some key pieces of hardware would be taken over by a random program if masking was not privileged only...

e.mccormick · Answer

Well, lets say you masked off interrupts for the keyboard and basically took it over.  Made it so every keyboard call had to go through your program first.  If any program could mask the KB I/O, that would be possible.  However, by making it so that people have to go to the privileged spaces first, which means going through the OS, you prevent that sort of hijacking of hardware.

anonymous · Answer

In your example, what is the "random program" in "some key pieces of hardware would be taken over by a random program if masking was not privileged only"?

e.mccormick · Answer

Exactly what the words imply.  When something is random, you do not know what it is.  When it comes to full and unconditional control of basic I/O, you want to know what programs are doing it.  You want the kernel to supervise this.  You eliminate that requirement if you remove privileged instruction requirements from this process.

anonymous · Answer

Hmmm...
Suppose you are running while(1) sleep(3600), and you press Ctrl-C.
If you have masked off the interrupt and it is a privileged instruction, then the kernel will help you to take care of this interrupt by hiding for a while, say, set an alarm for it.
If it were not a privileged instruction, what would happen?

e.mccormick · Answer

Still on the keyboard example?  If no keyboard I/O happens because it is masked and the kernel was bypassed, then even though the break was hit, it would not get processed.

anonymous · Answer

Does "it would not get processed" mean it would not be terminated, or the interrupt would be completely ignored?

e.mccormick · Answer

While it is masked, it is ignored.  If it is ignored, well, then it depends on if there is something to record the events that occur, like a buffer, it goes by-by.

e.mccormick · Answer

no buffer = forgotten while ignored.

anonymous · Answer

Okay, thanks!

anonymous · Answer

@e.mccormick