As I understand it, there are two privilege rings in most operating systems: kernel mode and user mode. Could an operating system developer create additional privilege rings, like a middleware mode or a kernel module mode?
Asked
Active
Viewed 55 times
1 Answers
0
It depends on the processor architecture. IA-32 (and AMD64 too) actually support four privilege levels (rings) – ring 3 (usermode) and ring 0 (kernelmode). You can execute code on other rings (1 or 2) by manipulating the global/local descriptor table (GDT/LDT).
IMHO, hypervisors take advantage of the other ring levels for performance reasons (the virtual machine kernel executes on ring 1 instead of 0 and only privileged instructions that can be executed only on ring 0 are emuleated).
Martin Drab
- 667
- 4
- 6
-
I asked about creating more privilege rings through software. – Melab Aug 20 '16 at 00:39
-
It depends on what privileges you wish to limit by such a soft-ware-created ring. The termps "middleware mode" or "kernel module mode" are not clear enough. I believe the ring 1 and ring 2 levels were intended for such scenarios but are not used due to performance reasons. You definitely can use hardware-assisted virtualization to "create" your own "ring level" (e.g. disallowing certain privileged instructions). – Martin Drab Aug 20 '16 at 15:21