OSDev.org

It would allow me to set the IOPL above ring 3, permanently -- just to provide that much extra security between userland and things it shouldn't have access to.

jal wrote:The guest OS is running in ring 1. And I suppose the guest code is still running in ring 3, supposing also that the guest OS uses only ring 0 (now 1) and 3.

You didn't understand what I was asking. I got that guest ring 0 stuff goes at ring 1 on the physical machine. But if the guest OS also uses ring 1, where does that go? Ring 1 (that could trash the guest OS), ring 2 (that would be bad as the guest machine wouldn't have as many rings if you tried to run Virtual PC in Virtual PC; you'd run out of rings) or ring 3 (would that work?)?

About the only practical use I see for Ring 1-2 is in a microkernel if you wish to place memory management completely outside of the kernel.

But in the majority of microkernels, even the device drivers can run in ring 3 because you can grant access to certain IO ports in ring 3, and with with sufficient IPC (messenges, pipes, and/or shared memory) you have everything required for a device to communicate with the hardware and with user applications. Then it is up to your kernel what processors are given driver (IO, DMA mapping, etc) privileges and the like.

MessiahAndrw wrote:About the only practical use I see for Ring 1-2 is in a microkernel if you wish to place memory management completely outside of the kernel.

Memory managers can be implemented in userspace without any problems. You only need 2 API calls in the kernel: one for granting pages and one for flushing them. If you're looking for something a bit more complex, you could add a third - for mapping pages from one process to another (shared pages, anyone?).

I know, I was trying to find a reason to use Ring 1/2.

Love4Boobies wrote:You didn't understand what I was asking.

I did, you just didn't understand my answer :).

I got that guest ring 0 stuff goes at ring 1 on the physical machine. But if the guest OS also uses ring 1, where does that go? Ring 1 (that could trash the guest OS)

Still ring 1, most likely. Yes, that could theoretically trash the guest OS, but only rather theoretically. Besides, ring 1 is not used anyway by any main OS, so who cares?


JAL

OS/2 uses ring 1 and 2 (I don't have a clue what for).

It dies on almost every emulator because none of them implement them, as nothing else uses them

Drivers and service in Windows run in ring 0 to lower the switching overhead.

quanganht wrote:Drivers and service in Windows run in ring 0 to lower the switching overhead.

That's what's called a monolithic kernel. Your point?

P.S: for anyone who's gonna start saying anything about hybrid kernels, that's BS IMO

quanganht wrote:Drivers and service in Windows run in ring 0 to lower the switching overhead.

... but thats just not true...

in windows, most drivers run in ring3 not ring0...

and MS has been fighting with the driver writers to get them all in ring3... but 3rd party developers arnt very good at cooperating... (actually, these days, its mostly just old drivers which are still running in ring0)

MS does use a ring0 disk driver for accessing the swap file though, iirc

JAAman wrote:in windows, most drivers run in ring3 not ring0...

Well, since you brought it up, yeah, there are two types of drivers in windows: kernel-mode drivers and user-mode drivers. My guess is that kernel-mode drivers are here to stay for a while, unfortunately.

JAAman wrote:MS does use a ring0 disk driver for accessing the swap file though, iirc

AFAIK, all file system, fixed disk, and network drivers run in ring 0 for performance reasons. Plus, there is at least part of the video driver framework that runs in ring 0.

This applies only to Vista and (I think) Windows Server 2008. Older versions run nearly all drivers in ring 0.

Love4Boobies wrote:P.S: for anyone who's gonna start saying anything about hybrid kernels, that's BS IMO

Perhaps saying that Windows has a microkernel design but built as a monolithic kernel is better then saying it has a "hybrid" kernel.

neon wrote:

Love4Boobies wrote:P.S: for anyone who's gonna start saying anything about hybrid kernels, that's BS IMO

Perhaps saying that Windows has a microkernel design but built as a monolithic kernel is better then saying it has a "hybrid" kernel.

That would be a true statement if you're talking about Mac OS X, but not so much about Windows. Other than the "sub-system servers" that allowed for different OS personalities, the original NT design was modeled after VMS, which is definitely not a microkernel.

As I see it, rings 1 and 2 were designed to run code at a privilege level that could have absolute power over ring 3 processes but keeping the kernel protected from it. But if you're going to run drivers outside ring 0, then it's worth providing a simple API to the kernel rather than letting ring 1 code mess around with ring 3 bits itself.

With paging, there's probably only one privilege bit because rings 1 and 2 were so rarely used. Now, if page table entries had a user-id-like field, and a switchable current-user-id, that'd be good news for microkernels: several small user processes can remain in the same address space, without being able to tamper with other processes. It means that same-privilege processes could communicate with each other with no page directory switches. I haven't a clue how complex that'd be to implement in hardware though.