Quotes of the week

Posted May 31, 2017 13:31 UTC (Wed) by nix (subscriber, #2304)
In reply to: Quotes of the week by viro
Parent article: Quotes of the week

Even if it were, Ring 1 on x86 is almost the same as ring 3: the only real difference is that page protections can differ. In particular, all the privileged instructions that trap in ring 3 also trap in ring 1, requiring expensive privilege transitions to service: that includes, uh, direct hardware access, i.e. the sort of thing device drivers tend to do a lot.

There's a reason not many OS vendors used rings 1 and 2 for anything. (What were they originally intended for? I seem to recall IBM using ring 1 for something in OS/2: did they ask Intel to add more than the usual two rings? Were they inherited from some ancient computer that predates my parents' birth? :) )

Quotes of the week

Posted Jun 4, 2017 22:14 UTC (Sun) by flussence (guest, #85566) [Link]

I have an old 486 programming book that describes ring 1 as for “system services” and ring 2 for “custom extensions”, whatever that means. Going off those labels I could imagine it being used by a microkernel or hypervisor system. It doesn't name any real world examples unfortunately.

Reading some more of it, it sounds like these function more like ring 0 subsets than ring 3: only the latter gets page table entries with the user mode bit set, the rest don't and also have less restrictions on calling into each other's code. Most of these details go over my head but I get the general gist of it.

In a modern system, we have a different three-ring security circus: ring 1 was replaced by Docker and ring 2 by Electron.