Is there an advantage to putting x86 driver code in rings 1 and 2 instead of 0?
Asked Answered
F

1

6

Drivers for monolithic kernels can be in rings 0, 1, or 2 (with microkernels they will be in ring 3 - user ring).

Are there any advantages/disadvantages of putting driver code in ring 0 with the kernel or in the "slightly-less" privileged rings 1 and 2?

Rings 1 and 2 can still access supervisor pages, but they cannot run some special privileged instructions (if they do, they will raise a General Protection Fault - like with ring 3)

Footpace answered 20/8, 2014 at 14:38 Comment(0)
B
5

The most obvious advantage to using rings 1 and 2 would be an architectural separation that could protect the kernel from a faulty device driver. In theory, a correctly written kernel would allow for a graceful failure when a driver in an outer ring has a catastrophic failure. Running a driver in ring 0 could potentially allow it to take down the entire kernel if it fails.

A disadvantage to moving drivers into rings 1 and 2 would be performance overhead related to the constant need for ring transitions between the kernel and the drivers. Of course, in a microkernel system, this is necessary and could be sufficiently fast depending on your needs. With the proper optimizations, separating the kernel from its services can have a very small performance hit. With that being said, the Intel SYSENTER/SYSEXIT (and equivalent AMD SYSCALL/SYSRET) instructions used for fast context switching only allow transitions between rings 0 and 3; in order to perform a context switch into or out of rings 1 or 2, a full interrupt is required.

One more disadvantage to consider is that because many other architectures only have supervisor and user modes (or equivalent) any platform architecture you write that manages what level elements of your code run at will have to both:

  • be written differently depending on whether the platform has rings 1 and/or 2 and
  • make a different decision about what privilege level the code has depending on the platform.

If you're planning on building a system that will be built for different architectures, this could lead to some difficulties.

Berri answered 20/8, 2014 at 16:53 Comment(1)
Also note that paging only has "user" and "supervisor". Any ring 1 or ring 2 code can access "supervisor" pages (e.g. trash ring 0 kernel pages); and therefore there's either little point using ring 1 or ring 2, or you have to use segmentation to ensure protection and not paging (which is a very bad idea for performance)Lovering

© 2022 - 2024 — McMap. All rights reserved.