OSDev.org

Hi everybody,
Does anybody actually use privilege levels 1 and 2? On the web I found that they are hardly ever used, but I'd like to see some examples of where they are.

Roel

Hobbes wrote:Hi everybody,
Does anybody actually use privilege levels 1 and 2? On the web I found that they are hardly ever used, but I'd like to see some examples of where they are.

I seriously doubt anyone has ever used them. Theoretically, one could run the kernel in 0, drivers in 1, daemons/services in 2 and user processes in 3.


JAL

jal wrote:Theoretically, one could run the kernel in 0, drivers in 1, daemons/services in 2 and user processes in 3.

True. It seems however that drivers and services are always also running in ring 0 or 3. This made me wonder whether there is any use for rings 1 and 2 at all.

Roel

Are there any advantages in using them? I'm aware of the disadvantages (kernel becomes less portable), but why were they introduced in the first place?

intel thought it would be a good idea but in practice they didnt turn out to be any more useful than 2 privledge levels.

What I mean... Why would it be good practice? Does anyone actually have an example where more than 2 rings would come in handy?

yemista wrote:intel thought it would be a good idea but in practice they didnt turn out to be any more useful than 2 privledge levels.

Perhaps this is why page table entries have a single U/S-bit, instead of a privilege level bitfield like descriptors do.

Roel

Hobbes wrote:Perhaps this is why page table entries have a single U/S-bit, instead of a privilege level bitfield like descriptors do.

Roel

I think if page table entries had two bits for all four privilege levels, then all four levels would be used, not just ring zero and three. This way monolithic kernels (or any kernel where drivers run in ring zero) would be much safer from a security viewpoint - you couldn't inject a malicious driver and have it take over the kernel.

As far as I know, IA64 can specify all four privilege levels for its page tables. Unfortunately IA64 has other issues, and is not widespread.

MS Virtual PC runs the "kernel mode" of guest OSes in ring 1 on 32-bit CPUs that don't support the VT extensions. This is called "ring compression".

Colonel Kernel wrote:MS Virtual PC runs the "kernel mode" of guest OSes in ring 1 on 32-bit CPUs that don't support the VT extensions. This is called "ring compression".

How's that possible? Virtual PC runs at ring 3, how can it run someting at ring 1?

The VPC GUI runs at ring 3. It installs a kernel-mode driver that forces the guest OS to run in ring 1 whenever it tries to enter ring 0. It also traps all interrupts and exceptions and handles them appropriately.

The details are all here.

I see. And if the guest code is supposed to run at ring 1 on such a system, will that also mean ring 1 on the host?

Love4Boobies wrote:I see. And if the guest code is supposed to run at ring 1 on such a system, will that also mean ring 1 on the host?

The guest OS is running in ring 1. And I suppose the guest code is still running in ring 3, supposing also that the guest OS uses only ring 0 (now 1) and 3.


JAL

I have thought many times about trying to use Ring 1 for my OS.

Wishful thinking:
I'd like my Kernel and trusted drivers and mangers/executives to be running in Ring 0 -- where Ring 0 runs in physical memory only, with all paging turned off. I want to be able to transition to Ring 0 (physical mem mode) without trashing the TLB. All of these programs would be written to be position-independent. (However, the TLB part of that doesn't work, and you can't even turn off paging in Long mode -- which is why this is wishful thinking.)

Then, untrusted drivers (or drivers that need VMEM paging) would run in Ring 1. So the differences between Ring 0 and 1 would be paging, address space limitations, plus being able to use Task structures to limit IO ports. And I wouldn't need to handle any of that crap for Ring 0 apps.

Then Ring 3 as normal, of course.

Colonel Kernel wrote:MS Virtual PC runs the "kernel mode" of guest OSes in ring 1 on 32-bit CPUs that don't support the VT extensions. This is called "ring compression".

Sounds like a sensible use of ring 1 to me.

bewing wrote:Then, untrusted drivers (or drivers that need VMEM paging) would run in Ring 1. So the differences between Ring 0 and 1 would be paging, address space limitations, plus being able to use Task structures to limit IO ports.

Sounds sensible too, but can't that be done in ring 3 just as well?

Roel

(Typo corrected)