flat assembler
Message board for the users of flat assembler.
Index
> OS Construction > Privilege Levels 1 and 2 and Page Translation |
Author |
|
Bargest 12 Jun 2012, 20:32
IA-32 is very... strange architecture. There is no reason for using 1 and 2 rings. Windows, Linux don't use them at all. There is no sense in using them just because if driver has access to I/O ports (it must have), it controlls system. For example, system memory can be overwritten using DMA-mode of different devices.
I wanted to use protection, based on read-only pages (read-only protection checks for supervisor is controlled by a bit WP in CR0, this register can be changed only from 0-ring), but I realized it is too slow: frequently switching CR0 will kill performance. |
|||
12 Jun 2012, 20:32 |
|
Nistix 12 Jun 2012, 21:27
Oops. This bug completely destroys my dreams. I've already made so much in my own system, but too late noticed it.
|
|||
12 Jun 2012, 21:27 |
|
revolution 13 Jun 2012, 01:20
It is always possible that external hardware can bypass the internal CPU privilege checks. Search for firewire hacks to see it in full force. But this is no fault of the CPU.
Rings 1 and 2 were designed for a different era of OSes. The (now) old 80286 was the first x86 CPU to incorporate protection and at that time rings 0-3 made sense for the type of uses that the CPU was being used for. Today things are different. |
|||
13 Jun 2012, 01:20 |
|
edfed 13 Jun 2012, 08:20
the reason for os to don't use rings 1 & 2 can be more the fact that not every cpu architectures support them, and maybe because OS companies don't design their systems with the same security model than intel does.
then, if you want, you can try to design using the 4 levels. i think it will give pretty good security results if it is well made. |
|||
13 Jun 2012, 08:20 |
|
Nistix 13 Jun 2012, 10:07
Using 4 privilege levels has a reason only in 32-bit Protected Mode, because we can use DPL field in code and data-segment descriptors, also we can set base address and limit for this descriptors.
But ! AMD64 Architecture complety removes segmentation: "A data-segment-descriptor DPL field is ignored in 64-bit mode, and segment-privilege checks are not performed on data segments." (http://support.amd.com/us/Processor_TechDocs/24593_APM_v2.pdf , page 89) We cannot set Base, Limit, DPL for any data descriptor in 64-bit Long Mode ! All processes in Long Mode (64-bit) use only one selector, because there are no differences in its content. That's why no reason use CPL=1 or 2 in fully 64-bit OS. Code with CPL=1,2 will use the same data-descriptor as code CPL=0, so access to pages while translation will be identical. |
|||
13 Jun 2012, 10:07 |
|
shutdownall 13 Jun 2012, 13:14
Nistix wrote:
I think, that's what you wanted. Nistix wrote:
But only why you have choosen CPL2 for your system/kernal. Any Task with DPL <= CPL can access ressources. That's the sense of it. You need a more hierachical structure. If you choose to start your system (kernel) with CPL0 the tasks with CPL1 or CPL2 will have no more access to it. Nistix wrote:
Just a convention what supervisor mode is. The rule is, DPL <= CPL for access. Nistix wrote:
Not any driver can access CPL0. CPL1 or CPL2 can not. Intel could have been more clear in the documents. The reason for Level 0-3 is a finer granularity in the system software. So could do a concept like this: CPL0 => Kernel CPL1 => General System Services CPL2 => More Specific System Drivers CPL3 => User tasks/programs But up to you. Can also use only CPL0 and CPL3. Or CPL1 and CPL2. I can advise following book for planing operating systems based on x86 architecture: Echtzeit-Multitasking - Memory Management und System Design im Protected Mode der x86/Pentium-Architektur from Klaus-Dieter Thies But is in german language written. |
|||
13 Jun 2012, 13:14 |
|
Bargest 13 Jun 2012, 15:02
Some systems have User-mode drivers. For exmaple, in Win8 some long-lasting drivers moved from the kernel-mode to user-mode. These dirivers have special interface for reading/writing system structures. This provides more security and easier way of writing drivers (system does not crash after any small bug occurs).
But many small and time-critical drivers still in 0-ring. |
|||
13 Jun 2012, 15:02 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.