[Info-vax] VMS port to x86
Marven Lee
marven10 at gmail.com
Sat Mar 24 11:49:32 EDT 2012
Sprag wrote:
>Bob Koehler wrote:
>> Intel. 64 and IA-32 Architectures
>> Software Developer.s Manual
>> Volume 3A:
>> System Programming Guide, Part 1
>>
>> "The processor.s segment-protection mechanism recognizes 4 privilege
>> levels, numbered from 0 to 3."
>
> Yep, for segemented 32 bit mode x86 has 4 levels. They don't map
> directly to the vax levels, but there are 4 of them. In any case, in
> x86-64 there are two levels because it doesn't use segmentation --
> just page-level protection.
It's possible to implement more than 2 privilege levels in software
on systems that have only 2 privilege levels using a form of ring
compression and multiple page directories.
Let's say you had an address space with 4 rings.
--- 4gb
kernel
--- 3gb
ring 1
--- 2gb
ring 2
--- 1gb
ring 3
--- 0gb
Using 3 page directories you can have them mapped as:
Page Dir 1 - maps kernel (supervisor) + rings 1,2,3 (user)
Page Dir 2 - maps kernel (supervisor) + rings 2,3 (user)
Page Dir 3 - maps kernel (supervisor) + ring 3 (user)
In effect rings 1, 2 and 3 always run in user-mode, compressed
into a single hardware protection ring.
2 system calls in the kernel, call() and return() are used
to call into an return from a more privileged ring, implementing
a call-gate like mechanism and performing permission checks
before switching page directories and returning into the new
ring.
Of course it is more expensive than doing it in hardware,
you have the cost of entering and leaving the kernel each
time a call() and reply() system call is made as well as the
overhead of switching page directories.
--
Marv
More information about the Info-vax
mailing list