ARM CortexM3 操作模式和特权级别

Cortex-M3处理器支持两种处理器的操作模式，还支持两级特权操作。 

两种操作模式分别为：处理者模式和线程模式（thread mode）。
引入两个模式的本意，是用于区别普通应用程序的代码和异常服务例程的代码——包括中断服务例程的代码。 

两级特权操作分别为：特权级和用户级。
这可以提供一种存储器访问的保护机制，使得普通的用户程序代码不能意外地，甚至是恶意地执行涉及到要害的操作。
处理器支持两种特权级，这也是一个基本的安全模型。

主应用程序（线程模式），既可以使用特权级，也可以使用用户级；
异常服务例程(处理者模式)必须在特权级下执行。

通过引入特权级和用户级，就能够在硬件水平上限制某些不受信任的或者还没有调试好的程序，

不让它们随便地配置涉及要害的寄存器，因而系统的可靠性得到了提高。

控制寄存器（CONTROL）
CONTROL[0]=1，用户级的线程模式
CONTROL[0]=0，特权级的线程模式
CONTROL[1]=1，选择使用PSP
CONTROL[1]=0，选择使用MSP

复位后，处理器默认进入线程模式，特权极访问 ( 使用 MSP 作为堆栈指针 )

EXC_RETURN    Description
0xFFFFFFF1    Return to Handler mode. Exception return gets state from the main stack. Execution uses MSP after return.
0xFFFFFFF9    Return to Thread mode. Exception Return get state from the main stack. Execution uses MSP after return.
0xFFFFFFFD    Return to Thread mode. Exception return gets state from the process stack. Execution uses PSP after return.

Handler mode always uses the MSP, so the processor ignores explicit writes to the active stack pointer bit of the CONTROL register when in Handler mode. The exception entry and return mechanisms automatically update the CONTROL register based on the EXC_RETURN value

In an OS environment, ARM recommends
the kernel and exception handlers use the main stack.
the threads running in Thread mode use the process stack.

By default, Thread mode uses the MSP.
To switch the stack pointer used in Thread mode to the PSP
(1) use the MSR instruction to set the Active stack pointer bit to 1, CONTROL[1] = 1
(2) perform an exception return to Thread mode with the appropriate EXC_RETURN value

When changing the stack pointer, software must use an ISB instruction immediately after the MSR instruction. This ensures that instructions after the ISB instruction execute using the new stack pointer. 

Processor mode and privilege levels for software execution

The processor modes are:

Thread mode

Used to execute application software.
The processor enters Thread mode when it comes out of reset.

Handler mode

Used to handle exceptions.
The processor returns to Thread mode when it has finished all exception processing.

The privilege levels for software execution are:

Unprivileged

The software:

• has limited access to the MSR and MRS instructions, and cannot use the CPS instruction

• cannot access the system timer, NVIC, or system control block

• might have restricted access to memory or peripherals.

Unprivileged software executes at the unprivileged level.

Privileged

The software can use all the instructions and has access to all resources.

Privileged software executes at the privileged level.

In Thread mode, the CONTROL register controls whether software execution is privileged or unprivileged, see CONTROL register.
In Handler mode, software execution is always privileged.

Only privileged software can write to the CONTROL register to change the privilege level for software execution in Thread mode.
Unprivileged software can use the SVC instruction to make a supervisor call to transfer control to privileged software.