Supervisor call instruction

From Wikipedia, the free encyclopedia

In IBM mainframe computers such as S/360, and all its successors up to contemporary zSeries, a supervisor call instruction (SVC) is a processor's instruction requesting a function from a supervisor (usually a kernel).

IBM mainframes operate in either of two states: problem state and supervisor state. Problem state does not relate to difficulties, but to the state in which the computer is supposed to solve the user's problem, such as administration or text processing. In supervisor state, programs have privileges to perform management tasks.

Technically, the switch from problem state to supervisor state is accomplished using a special hardware instruction, a supervisor call instruction (SVC). This instruction not only alters the system state, but also invokes a program residing in the supervisor (in the operating system's kernel). General users thus can invoke only specific supervisor functions, controlled by the operating system. This warrants system integrity. New supervisor functionality can only be installed by a system programmer with an authorization.

A popular pastime of hackers of the past was to try to reach supervisor state from an ordinary program (and to do naughty things then, such as accessing password files). Initially, it was a well known fact that there were loopholes in the system allowing such hacking endeavours to succeed. Only when IBM released its high-end OS/VS2 operating system in the 1970s, it warranted all such loopholes to be fixed. But systems still are vulnerable to such hacking efforts as the installation of third party systems software (e.g. middleware such as database systems and transaction monitors) often requires 'user SVCs' to be installed. While the installation of such SVCs of course is only permitted to authorized system programmers, the code of user SVCs may not be watertight against abuse. And of course technical measures never can prevent social engineering.