Procesess in Ring 0

[jerryleecooper]

edited out the nonsense.

[ucosty]

Not really, because you only have two levels of memory protection - Supervisor and User.

[jerryleecooper]

Not really, because you only have two levels of memory protection - Supervisor and User.

Yes, and I wanted to write an article on paging
That would make a better system if there was more than two level though.
Now I remember, the |4 I put with the |3.

[pcmattman]

At the moment I run all tasks in ring0 (which is insanely fast), but very soon I'm going to switch all userspace tasks (ie, the shell, and anything started by execve) to ring3.

It depends on whether you want protection with a minor speed hit or an easily hacked OS.

[Dex]

At the moment I run all tasks in ring0 (which is insanely fast), but very soon I'm going to switch all userspace tasks (ie, the shell, and anything started by execve) to ring3.

It depends on whether you want protection with a minor speed hit or an easily hacked OS.

I think your missing the point, if you want a desktop OS for every day use and you do not want to use a good and free desktop OS like linux, and you have a spare 600 year's or 600 good coder's with a year to spare.
Then you should use ring3, or on the other hand maybe you do not want a desktop OS, but a OS you have full controll over, that run's a single program as fast as possible.
Then stick with ring0.

[pcmattman]

on the other hand maybe you do not want a desktop OS, but a OS you have full controll over, that run's a single program as fast as possible.
Then stick with ring0.

Good point Dex, I didn't think of the possibility of a non-desktop OS.

[Masterkiller]

If the process is in the level 0 it owns the system just like OS does. As I know four-levels are:
0: Operating system level
1: Device drivers level
2: Developer environment level
3: User-mode level
So ring/level 1 means that process can in/out to all ports in the system, but cannot execute Privilege level 0 instruction like LGDT and so on.
And what about rings 2 and 3. What a ring 2 processes can do more than ring 3 process?
Sorry but for me it seems the only topic where it is logical to ask such question without posting new topic

[jerryleecooper]

Probably ring2 can issue interrupts that are dpl 0?
Or is it that the dpl of an interrupt can be between 0-3? I dont remember.
It must be about the debugger? Also there's the playing with the data segment, code segment, they are always present. so you can give a different segment for ring2 but now my thinking isnt clear.
http://en.wikipedia.org/wiki/Ring_(computer_security)
ring 0 -3? there's also ring -1, the hypervisor

[Combuster]

If the process is in the level 0 it owns the system just like OS does. As I know four-levels are:
0: Operating system level
1: Device drivers level
2: Developer environment level
3: User-mode level
So ring/level 1 means that process can in/out to all ports in the system, but cannot execute Privilege level 0 instruction like LGDT and so on.
And what about rings 2 and 3. What a ring 2 processes can do more than ring 3 process?
Sorry but for me it seems the only topic where it is logical to ask such question without posting new topic

The four rings only make sense in a segmented memory model. If you use a flat memory model with paging, you can't isolate more than two rings since each page table entry only has one bit for this: the U/S (user-supervisor). Should you be in ring 2, you could freely modify memory that belongs to ring 1.

There are the IOPL bits in EFLAGS that tell the processor what rings can execute I/O instructions. Normally one would set it to ring-0 only, but you can even allow ring 3 to freely access I/O ports.

[tjhastings]

Nobody has mentioned this yet:

To run processes in ring0 and have some level of protection one can scan the executable for protected instructions (in, out, lgdt, etc.) before it is executed. The scanning would have to be pretty sophisticated because there are a number of tricks to fool simple scanners, but it is possible.

- TJ

[Dex]

Nobody has mentioned this yet:

To run processes in ring0 and have some level of protection one can scan the executable for protected instructions (in, out, lgdt, etc.) before it is executed. The scanning would have to be pretty sophisticated because there are a number of tricks to fool simple scanners, but it is possible.

- TJ

This would be much slower then just using ring3 etc, also you would still be able to over write any memory address.

[tjhastings]

This would be much slower then just using ring3 etc, also you would still be able to over write any memory address.

Yes, scanning does take time but only when an application is loaded. Small applications that are ran frequently can be cached in memory and thus do not have to be scanned every time they are executed. Applications that run for a long time (such as database/web/mail servers) will not notice any slowdown except for the initial scan.

Processes can run in ring0 and still have seperate address spaces using paging or segmentation. Because no process is allowed to run if it contains instructions which modifies the page directories/tables or GDT/LDT then it cannot break out of it's own address space and thus cannot harm anything else in the system.

- TJ

[Korona]

Ring0 processes would be able to crash the kernel even if they are separated by paging. Scanning executables for unsafe instructions is often not possible. Imagine a function that takes a pointer as an argument and does some kind of operation to the memory pointed to by the pointer. It is often impossible for a scanner to analyze which pointer is passed to that function. Self modifying code would also be difficult to analyze. One way to handle this would be using a virtual machine that "emulates" or just-in-time compiles the application.

[Combuster]

Have you all read about "Singularity"? That's one real OS that can run entirely in ring 0.

[bewing]

The four rings only make sense in a segmented memory model. If you use a flat memory model with paging, you can't isolate more than two rings ...

Well, you can perhaps do a little better than that, if you only use segmentation on Ring1, in physical memory, say -- for drivers.