113

A couple of questions regarding the x86 CPU privilege rings:

  • Why aren't rings 1 and 2 used by most operating systems? Is it just to maintain code compatibility with other architectures, or is there a better reason?

  • Are there any operating systems which actually use those rings? Or are they completely unused?

hippietrail
  • 13,703
  • 15
  • 87
  • 133
user541686
  • 189,354
  • 112
  • 476
  • 821

3 Answers3

125

As a hobbyist operating system writer, I found that because paging (a major part of the modern protection model) only has a concept of privileged (ring 0,1,2) and unprivileged, the benefit to rings 1 and 2 were diminished greatly.

The intent by Intel in having rings 1 and 2 is for the OS to put device drivers at that level, so they are privileged, but somewhat separated from the rest of the kernel code.

Rings 1 and 2 are in a way, "mostly" privileged. They can access supervisor pages, but if they attempt to use a privileged instruction, they still GPF like ring 3 would. So it is not a bad place for drivers as Intel planned...

That said, they definitely do have use in some designs. In fact, not always directly by the OS. For example, VirtualBox, a Virtual Machine, puts the guest kernel code in ring 1. I am also sure some operating systems do make use of them, I just don't think it is a popular design at the moment.

Evan Teran
  • 80,654
  • 26
  • 169
  • 231
  • 31
    wHOA VirtualBox uses ring 1?! That's pure awesomeness!! Thanks a lot for the info, that's a great answer! +1 – user541686 Jul 15 '11 at 17:41
  • 10
    OS/2 used Ring 2 extensively for I/O code. This is why it is so hard to virtualise. – kinokijuf Feb 15 '14 at 22:50
  • From https://superuser.com/questions/1402537/why-do-virtualbox-guest-kernels-run-in-ring-1-instead-of-ring-3: "Running ring 0 code in ring 1 causes a lot of additional instruction faults, as ring 1 is not allowed to execute any privileged instructions, of which guest's ring-0 contains plenty. With each of these faults, the VMM must step in and emulate the code to achieve the desired behavior. While this works, emulating thousands of these faults is very expensive and severely hurts the performance of the virtualized guest." – Dustin Oprea Apr 11 '20 at 19:20
25

From the perspective of OS design, having multiple privileged rings is an oddity of x86 -- most other CPUs only have two modes (supervisor and user). As such, designing an OS to require multiple privileged modes will immediately prevent it from being ported to any other CPU. Additionally, many modern virtualization packages don't correctly emulate privilege levels other than 0 and 3, making OSes that use these levels much more difficult to test.

duskwuff -inactive-
  • 171,163
  • 27
  • 219
  • 269
7

According to Wikipedia’s page on Ring Security, rings 1 and 2 are used for drivers(ring 1), guest operating systems(ring 1), and i/o privileged code(ring 2), hypervisors sit in -1/0 (depending on the hyper-visor) not 1 as I previously stated.

However, the extra two rings never really helped and thus became rarely used. TBH, most code using rings 1 and 2 these have semi-repurposed them from their original use (such as the hypervisors). Most windows code these days seems to treat the system as only having two levels (kernel and user), probably due to the overhead associated with entering and leaving kernel land.

Andrew Marshall
  • 89,426
  • 20
  • 208
  • 208
Necrolis
  • 24,554
  • 3
  • 57
  • 98
  • 2
    I think you missed a `-` somewhere. Are you sure hypervisors use ring 1? – user541686 Jul 15 '11 at 17:42
  • 1
    Heh, wasn't thinking, should be hyper-visors in -1 and guest OSes in 1, will update that quick – Necrolis Jul 15 '11 at 18:35
  • 4
    Windows only uses two rings because it was designed to run on other processors (now defunct) which only had two. – David Feb 15 '14 at 12:33
  • In my mind, there is little overhead to switching modes. From what I understand, only hardware could assign more privileged privileges to the cpu (like if an IO-finished interrupt occurred). If this privilege switching happens in hardware, I doubt that it's non-trivial to switch rings. I think Windows, Linux, or MacOS only use the two most extreme of the rings because the architects reserve the middle rings for things like os-hosted virtualization. – Nate Symer Feb 20 '20 at 02:34