I need to find an example of an Operating System using all privilege levels supported by a processor (not only ring 0 and 3). I searched on the Internet and I couldn’t find any. Does such Operating System exist ?
Regards,
Lukasz
Yes. Search again.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-581872-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: 01 May 2015 13:04
To: Windows System Software Devs Interest List
Subject: [ntdev] Is there an Operating system using 4 privilege levels?I need to find an example of an Operating System using all privilege
levels supported by a processor (not only ring 0 and 3). I searched on
the Internet and I couldn’t find any. Does such Operating System exist
?Regards,
Lukasz
This email message has been delivered safely and archived online by Mimecast.
For more information please visit http://www.mimecast.com
Look at the Granddaddy of the UNIX line: Multics. http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch3.pdf as that’s where privilege levels (“rings”) were first really implemented and used.
They had 64 levels of protection (though some hardware supported fewer and they simulated the rest in software).
OS/2 apparently used three privilege levels (0, 2,3): http://en.wikipedia.org/wiki/Protection_ring
These days, virtualization basically works with three privilege levels: the VMM privilege level, the guest OS kernel privilege level, and the guest application privilege level. So you could argue that any hypervisor is essentially a three privilege level OS (Hyper-V, ESX Server, Xen, etc.)
Tony
OSR
As Tony said, Multic’s did it. Data General has AOS/VS that used all for
rings. Ironically, the whole ring concept and more than two levels was
attacked strongly by a number of the Multic’s developers a few years after
the OS came out, they found that there was too many cases where a level N
operation needed to go to a different level (either up or down) and causing
questionable security. At least that is what I was taught by a number of
these folks in in-house classes when I started full time in the industry in
1978.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Friday, May 01, 2015 8:39 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Is there an Operating system using 4 privilege levels?
Look at the Granddaddy of the UNIX line: Multics.
http://www.cse.psu.edu/~trj1/cse443-s12/docs/ch3.pdf as that’s where
privilege levels (“rings”) were first really implemented and used.
They had 64 levels of protection (though some hardware supported fewer and
they simulated the rest in software).
OS/2 apparently used three privilege levels (0, 2,3):
http://en.wikipedia.org/wiki/Protection_ring
These days, virtualization basically works with three privilege levels: the
VMM privilege level, the guest OS kernel privilege level, and the guest
application privilege level. So you could argue that any hypervisor is
essentially a three privilege level OS (Hyper-V, ESX Server, Xen, etc.)
Tony
OSR
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> I need to find an example of an Operating System using all privilege levels
supported by a processor (not only ring 0 and 3).
IIRC,32-bit XEN version uses ring 1 to run the guest kernel, but XEN is a hypervisor,rather than the OS…
Please note that your requirement applies only to 32-bit x86 processors - 64-bit ones dropped the support for rings 1 and 2 exactly for the reason that no major OS ever made use of these(along with segmentation and call gates that did not find any practical use either) . Although the additional protection layer may be useful for paravirtualization, 64-bit processors offer hardware support for virtualization, which happens to be much more efficient option, compared to extra protection level.
A usual question to ask in this situation is why you need and example of such an OS. Probably, we could suggest some better alternative - for example, capability-based OS like CAPROS and/or its predecessors like EROS and KeyKOS, or an OS running on top of microkernel like Wombat that runs paravirtualized Linux on top of L4 microkernel, or “true” microkernel-based OS architecture (i.e.the OS as a collection of relatively unprivileged servers running on op of microkernel) like MINIX3…
Anton Bassov
VMS running on VAX hardware. (I believe VMS on Alpha only used 2 though). It used 4 rings: Kernel, Executive, Supervisor and User.
I might point out the architect of Windows NT (Dave Cutler) was one of, if not THE, main architect of VMS as well.
Greg
— xxxxx@gmail.com wrote:
From: xxxxx@gmail.com
To: “Windows System Software Devs Interest List”
Subject: [ntdev] Is there an Operating system using 4 privilege levels?
Date: Fri, 1 May 2015 08:04:16 -0400 (EDT)
I need to find an example of an Operating System using all privilege levels supported by a processor (not only ring 0 and 3). I searched on the Internet and I couldn’t find any. Does such Operating System exist ?
Regards,
Lukasz
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Perhaps even more ironically, few years later the concept of " An OS as a collection of servers" architecture came into the existence, and even more ironically than that, the supposed security that such an architecture allegedly offers happens to be one of its chief advantages. If you look at it more carefully, you will realize that conceptually the whole thing is nothing more than just a multilevel protection implemented in a software with the additional complications, as well as IPC overhead. Apparently,“microkernel aficinadoes” like Tannenbaum did not attend these classes, did they…
To make it even funnier, this concept is still alive today - unlike MULTICs guys, these"microkernel aficinadoes" don’t seem to be learning from their mistakes and still looking for the best glue to stick the wings to a pig that they want to fly like a bird. Although a concept of microkernel in itself may have its valid use (like,for example, hard real-time scheduling of RTOS that runs alongside paravirtualized GPOS on top of microkernel) , " An OS as a collection of servers" concept does not seem to an example of such use…
Anton Bassov
xxxxx@gmail.com wrote:
I need to find an example of an Operating System using all privilege levels supported by a processor (not only ring 0 and 3). I searched on the Internet and I couldn’t find any. Does such Operating System exist ?
Besides Multics, the very slick but little known NOS/VE operating system
for the Control Data Cyber 180 mainframes also used the 16 rings
provided by the hardware. It was a Multics-inspired design.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Thank you very much! Your answers are very helpful for me