Skip to content

Page098

The Ring Model

The ring model is a form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other. Many CPUs, such as the Intel ×86 family, have four rings, ranging from ring 0 (kernel) to ring 3 (user), shown in Fig. 4.7. The innermost ring is the most trusted, and each successive outer ring is less trusted.

FIG. 4.7 The ring model.

The rings are (theoretically) used as follows:

  • Ring 0: Kernel
  • Ring 1: Other OS components that do not fit into Ring 0
  • Ring 2: Device drivers
  • Ring 3: User applications

Processes communicate between the rings via system calls, which allow processes to communicate with the kernel and provide a window between the rings. A user running a word processor in ring 3 presses "save": a system call is made into ring 0, asking the kernel to save the file. The kernel does so, and reports the file is saved. System calls are slow (compared to performing work within one ring), but provide security. The ring model also provides abstraction: the nitty-gritty details of saving the file are hidden from the user, who simply presses the "save" button.

While ×86 CPUs have four rings and can be used as described above, this usage is considered theoretical because most ×86 operating systems, including Linux and Windows, use rings 0 and 3 only. Using our "save" file example with four rings, a call would be made from ring 3 to ring 2, then from ring 2 to ring 1, and finally from ring 1 to ring 0. This is secure, but complex and slow, so most modern operating systems opt for simplicity and speed.

A newer mode called hypervisor mode (and informally called "ring -1") allows virtual guests to operate in ring 0, controlled by the hypervisor one ring "below." The Intel VT (Intel Virtualization Technology, aka "Vanderpool") and AMD-V (AMD Virtualization, aka "Pacifica") CPUs support a hypervisor.

Open and Closed Systems

An open system uses open hardware and standards, using standard components from a variety of vendors. An IBM-compatible PC is an open system, using a standard motherboard, memory, BIOS, CPU, etc. You may build an IBM-compatible PC by purchasing components from a multitude of vendors. A closed system uses proprietary hardware or software.

Note "Open System" is not the same as "Open Source." An open system uses standard hardware and software. Open Source software makes source code publicly available.