CPU rings are the most clear distinction Show In x86 protected mode, the CPU is always in one of 4 rings. The Linux kernel only uses 0 and 3:
This is the most hard and fast definition of kernel vs userland. Why Linux does not use rings 1 and 2: CPU Privilege Rings: Why rings 1 and 2 aren't used? How is the current ring determined? The current ring is selected by a combination of:
What can each ring do? The CPU chip is physically built so that:
How do programs and operating systems transition between rings?
What is the point of having multiple rings? There are two major advantages of separating kernel and userland:
How to play around with it? I've created a bare metal setup that should be a good way to manipulate rings directly: https://github.com/cirosantilli/x86-bare-metal-examples I didn't have the patience to make a userland example unfortunately, but I did go as far as paging setup, so userland should be feasible. I'd love to see a pull request. Alternatively, Linux kernel modules run in ring 0, so you can use them to try out privileged operations, e.g. read the control registers: How to access the control registers cr0,cr2,cr3 from a program? Getting segmentation fault Here is a convenient QEMU + Buildroot setup to try it out without killing your host. The downside of kernel modules is that other kthreads are running and could interfere with your experiments. But in theory you can take over all interrupt handlers with your kernel module and own the system, that would be an interesting project actually. Negative rings While negative rings are not actually referenced in the Intel manual, there are actually CPU modes which have further capabilities than ring 0 itself, and so are a good fit for the "negative ring" name. One example is the hypervisor mode used in virtualization. For further details see:
ARM In ARM, the rings are called Exception Levels instead, but the main ideas remain the same. There exist 4 exception levels in ARMv8, commonly used as:
The ARMv8 Architecture Reference Model DDI 0487C.a - Chapter D1 - The AArch64 System Level Programmer's Model - Figure D1-1 illustrates this beautifully: The ARM situation changed a bit with the advent of ARMv8.1 Virtualization Host Extensions (VHE). This extension allows the kernel to run in EL2 efficiently: VHE was created because in-Linux-kernel virtualization solutions such as KVM have gained ground over Xen (see e.g. AWS' move to KVM mentioned above), because most clients only need Linux VMs, and as you can imagine, being all in a single project, KVM is simpler and potentially more efficient than Xen. So now the host Linux kernel acts as the hypervisor in those cases. Note how ARM, maybe due to the benefit of hindsight, has a better naming convention for the privilege levels than x86, without the need for negative levels: 0 being the lower and 3 highest. Higher levels tend to be created more often than lower ones. The current EL can be queried with the ARM does not require all exception levels to be present to allow for implementations that don't need the feature to save chip area. ARMv8 "Exception levels" says:
QEMU for example defaults to EL1, but EL2 and EL3 can be enabled with command line options: qemu-system-aarch64 entering el1 when emulating a53 power up Code snippets tested on Ubuntu 18.10. What does Windows create every time an application is started in userWhen you start a user-mode application, Windows creates a process for the application. The process provides the application with a private virtual address space and a private handle table. Because an application's virtual address space is private, one application can't alter data that belongs to another application.
How many unique address spaces are used by applications running in userThe virtual address space for a user-mode process is called user space. In 32-bit Windows, the total available virtual address space is 2^32 bytes (4 gigabytes). Usually the lower 2 gigabytes are used for user space, and the upper 2 gigabytes are used for system space.
What is Microsoft Windows used for?Windows is an operating system designed by Microsoft. The operating system is what allows you to use a computer. Windows comes preloaded on most new personal computers (PCs), which helps to make it the most popular operating system in the world.
What are the main features of Windows?You can change settings for printers, video, audio, mouse, keyboard, date and time, user accounts, installed applications, network connections, power saving options, and more. In Windows 10, the Control Panel is located in the Start menu, under Windows System. You can also start the Control Panel from the Run box.
|