Bit confused about CPU protection rings.
I know Linux and Windows both just use Ring 0 and Ring 3 for kernel and user space respectivly.
Are the rings predefined with their level of access/functionality or is this something that the kernel itself would set?
If they are predefined what do each of the 4 rings give you?
If they're not how do you set them for different levels of access?
Finally how do you actually switch things into other rings?
Protection Rings
-
João Jerónimo
Re:Protection Rings
AFAIK you can configure IO permissions at your choice... I think you can disable the IO protection on Ring3 completely if you want...elaverick wrote: Are the rings predefined with their level of access/functionality or is this something that the kernel itself would set?
I think that all that is predefined is the fact that you can't make some types of inter-ring segment switches...If they are predefined what do each of the 4 rings give you?
It has to do with the EFLAGS.IOPL and also with the IO permissions bitmap in TSSs...If they're not how do you set them for different levels of access?
You need Special descriptors called Gates, but I cannot give you much more information since I've not ran any code in any other ring than 0 yet... I've read the chapter about segment protection but it's very confusing so it's not something I plan to learn by heart!Finally how do you actually switch things into other rings?
Read the manuals...
JJ
-
Kemp
Re:Protection Rings
A lot of instructions that only an OS should need to use (rather than userland programs) are restricted at the processor level, there are some that the OS can explicitly allow access too though.
-
Kevin McGuire
- Member
- Posts: 843
- Joined: Tue Nov 09, 2004 12:00 am
- Location: United States
- Contact:
Re:Protection Rings
I found a lot of my information in:
"Intel Architecture Software Developer?s Manual Volume 3 System Programming"
Under Chapter 4.5 "Priviledge Levels". (which I _just_ looked up)
I found a page on intel using google that hosts the i386 documentation. I noticed there is combined IA32 and IA64 literature out there. That could be more information than you need as so to complicate matters. So I deliberatly searched for the documentaton that is older and does not include the 64 bit stuff.
http://www.intel.com/design/intarch/intel386/index.htm
Clicking Technical Documents, and scrolling down to Manuals -- you will see the PDFs.
"Intel Architecture Software Developer?s Manual Volume 3 System Programming"
Under Chapter 4.5 "Priviledge Levels". (which I _just_ looked up)
You can find the answer there, which is at least clued in the first couple of paragraphs.Finally how do you actually switch things into other rings?
I found a page on intel using google that hosts the i386 documentation. I noticed there is combined IA32 and IA64 literature out there. That could be more information than you need as so to complicate matters. So I deliberatly searched for the documentaton that is older and does not include the 64 bit stuff.
http://www.intel.com/design/intarch/intel386/index.htm
Clicking Technical Documents, and scrolling down to Manuals -- you will see the PDFs.