[Dailydave] luckily, there are no dumb questions

[Joanna Rutkowska]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dan at geer.org wrote:
> Luckily, there are no dumb questions or this would
> likely be one.
> 
> How is it so that MS Windows uses only Rings 0 & 3?
> An engineering answer, a marketing answer, and/or
> an historical answer would be welcome.  Don't know
> why I never thought to ask before, but I'm asking
> now.  (And if I'm really wrong, please tell me what
> uses 1|2.)
> 

There is no advantage of using any more rings on current IA32 platforms,
as we do not have something called IOMMU, which means that even if we
decided to e.g. kept all device drivers in ring 1, then they could still
compromise the (micro)kernel memory (i.e. ring0 thing) using DMA.

The other question is -- even if we had IOMMU, would it be really
profitable to keep device drivers in ring 1, while all the rest of the
code (usermode apps + services) in ring 3? I'm not sure, probably it
would be equally possible (i.e. from the performance point of view) to
keep everything in ring 3. (Somebody can please correct me on this?)

AFAIK this is what MINIX3 does (i.e. all drivers and system services are
kept in separated address spaces in ring 3). Even though today it
doesn't offer too much of security (due to lack of IOMMU -- see above),
but IOMMU is coming to everybody houses in 2008 or so!

joanna.
-----BEGIN PGP SIGNATURE-----

iQEVAwUBRmkU58wG7MOLAMOlAQJOywf/ckpmgCZpS+aYXDJ9vMthiNmUBYO4Vf9L
cDRwwZHSk1eq2sS6iNjD0/ARQ+3/UKtYWQBLBR3q8tLmuWtEmUHUz85wVbjQU69/
2f802dlP6XeoeHjljCrzhdmSEu7J1Y80UjFmFbYeP8FbZBIQlVZJK7IDqw+1WskO
fEJlmz1TeXM+br5+NRNyjeD/nRxQ497C8ASStmozg1062bwzfgKUPnl2YydtPmOW
qK60zXd6Q0usUTInNud4Za7+PzQ/MADDCzI+3VLlOJahBWxgxGqCMA/VfE1/aAyW
qoBTjQhFz/0aV/g0whovYXQInoBsy5vTyxizr6MfomDwzzlH9z1odw==
=ENC0
-----END PGP SIGNATURE-----