CPU Privilege Rings: Why rings 1 and 2 aren't used?

user541686 picture user541686 · Jul 15, 2011 · Viewed 32.4k times · Source

A couple of questions regarding the x86 CPU privilege rings:

  • Why aren't rings 1 and 2 used by most operating systems? Is it just to maintain code compatibility with other architectures, or is there a better reason?

  • Are there any operating systems which actually use those rings? Or are they completely unused?

Answer

Evan Teran picture Evan Teran · Jul 15, 2011

As a hobbyist operating system writer, I found that because paging (a major part of the modern protection model) only has a concept of privileged (ring 0,1,2) and unprivileged, the benefit to rings 1 and 2 were diminished greatly.

The intent by Intel in having rings 1 and 2 is for the OS to put device drivers at that level, so they are privileged, but somewhat separated from the rest of the kernel code.

Rings 1 and 2 are in a way, "mostly" privileged. They can access supervisor pages, but if they attempt to use a privileged instruction, they still GPF like ring 3 would. So it is not a bad place for drivers as Intel planned...

That said, they definitely do have use in some designs. In fact, not always directly by the OS. For example, VirtualBox, a Virtual Machine, puts the guest kernel code in ring 1. I am also sure some operating systems do make use of them, I just don't think it is a popular design at the moment.