OSDev.org

I've noticed that no one uses ring1 and ring2 in their OSs. People seem to always talk about kernel mode and user mode. What's the use of rings 1 and 2?

i think that it's just those are two categories everything could fit under. i don't think that there's any actual requirement (except that the lower rings are allowed by the cpu to do more) to how you use the rings, though. i once read an example where 0 was the kernel, 1 was drivers, 2 was.. something, and 3 was user processes. the os i'm working on right now uses the rings like you describe it, though. i think that it's just simpler.

Paging only got only user and kernel mode.
I think this even means that you can't use Ring 1 & 2 in any meaningful way when combined with paging.

What about those rings ????? only heared about ring0.... does someone know's a nice tutorial, source or something about there rings? Really like to know.

Check out the intel docs. They explain everything very well.

The only difference between the rings is that lowered numbered rings have more privelage than the higher numbered rings. Within the CPU there is a few parameters that you can set that indicate which rings can be used to do what. For example, you can set the IOPL (Input/Output Privelage Level) register to indicate which ring can do IO. Any program running in that ring and below can do IO.

The intel docs are somewhat confusing because of the way they word their statments. Instead of referring to programs with "higher privelage", they refer to progams with "a lower CPL" (Current Privelage Level). Once you get your head around that the intel docs are pretty easy to understand.

It seems that the only real use for rings 1/2 and the extra privilege levels is for segmentation. I don't think that there's any other use for them other than complicating a design.

It is possible, however, to emulate privilege levels inside the kernel. Drivers/apps/services run in ring3, but may have different emulated privilege levels. On a fault, the processor could trap into the exception handler, do a privilege check, perform the privileged operation if the check was ok or complain if the check failed. This way, a driver will be able to do I/O and write to certain areas of memory while an app can't, although they are both running in user mode on the processor.

no, it is posible to use ring1&2 with just paging (no segmentation), but you don't have page restrictions (they both are considered USER for paging purposes), but you can have calling restrictions: under windows, user processes are not allowed to make syscalls, however this is not enforced, it could be by making syscalls only callable from ring1 or 2, and only the (user mode) library is callable from ring3 (but it is in ring1 or 2, and can make syscalls as necessary)

windows tries to do this, but they don't enforce it, alowing anyone who knows the syscall interface (not publicly documented) to make syscalls from ring3, and cannot change this since the winAPI is located in ring3, and is called directly, instead of through a gate

The intel docs barely even mention ring 1 and 2, it just says there uses like everything else does

The intel docs use a terminology called "Current Privelage Level", rather than "ring 1,2..etc".

Privelage levels can be used for page level protection as well as segment level protection. For each entry in the page tables, you can set whether the page is a kernel page or a user page. Only programs in CPL0 (ring 0) can use kernel pages, and anything can use user pages.

However segmentation and privelage level are directly linked. The idea is that the kernel sits in a seperate memory space to the user programs (for extra protection), but the system is flexible enough to allow any configuration of memory space.