795:
unrestricted environment of kernel mode, and then, in paradigmatic designs, only when absolutely necessary. All other software executes in one or more user modes. If a processor generates a fault or exception condition in a user mode, in most cases system stability is unaffected; if a processor generates a fault or exception condition in kernel mode, most operating systems will halt the system with an unrecoverable error. When a hierarchy of modes exists (ring-based security), faults and exceptions at one privilege level may destabilize only the higher-numbered privilege levels. Thus, a fault in Ring 0 (the kernel mode with the highest privilege) will crash the entire system, but a fault in Ring 2 will only affect Rings 3 and beyond and Ring 2 itself, at most.
49:
519:... it eventually became clear that the hierarchical protection that rings provided did not closely match the requirements of the system programmer and gave little or no improvement on the simple system of having two modes only. Rings of protection lent themselves to efficient implementation in hardware, but there was little else to be said for them. The attractiveness of fine-grained protection remained, even after it was seen that rings of protection did not provide the answer... This again proved a blind alley...
278:
106:
177:. Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as certain CPU functionality (e.g. the control registers) and I/O controllers.
423:
modifying registers for various descriptor tables, or performing operations such as disabling interrupts. The idea of having two different modes to operate in comes from "with more power comes more responsibility" – a program in supervisor mode is trusted never to fail, since a failure may cause the whole computer system to crash.
776:
features may still be left unexploited), but when the OS is designed to be compatible with multiple, different CPU architectures, a large part of the CPU mode features may be ignored by the OS. For example, the reason
Windows uses only two levels (ring 0 and ring 3) is that some hardware architectures that were supported in the past (such as
794:
Ultimately, the purpose of distinct operating modes for the CPU is to provide hardware protection against accidental or deliberate corruption of the system environment (and corresponding breaches of system security) by software. Only "trusted" portions of system software are allowed to execute in the
618:
controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the
426:
Supervisor mode is "an execution mode on some processors which enables execution of all instructions, including privileged instructions. It may also give access to a different address space, to memory management hardware and to other peripherals. This is the mode in which the operating system usually
422:
is a hardware-mediated flag that can be changed by code running in system-level software. System-level tasks or threads may have this flag set while they are running, whereas user-level applications will not. This flag determines whether it would be possible to execute machine code operations such as
802:
when the transition is from a level of high privilege to one of low privilege (as from kernel to user modes), but transitions from lower to higher levels of privilege can take place only through secure, hardware-controlled "gates" that are traversed by executing special instructions or when external
790:
was an operating system designed specifically for a special CPU architecture (which in turn was designed specifically for
Multics), and it took full advantage of the CPU modes available to it. However, it was an exception to the rule. Today, this high degree of interoperation between the OS and the
394:
Effective use of ring architecture requires close cooperation between hardware and the operating system. Operating systems designed to work on multiple hardware platforms may make only limited use of rings if they are not present on every supported platform. Often the security model is simplified to
372:
in many operating systems that use the ring architecture. The hardware restrictions are designed to limit opportunities for accidental or malicious breaches of security. In addition, the most privileged ring may be given special capabilities (such as real memory addressing that bypasses the virtual
553:
section which contains functions that would normally require a system call, i.e. a ring transition. Instead of doing a syscall these functions use static data provided by the kernel. This avoids the need for a ring transition and so is more lightweight than a syscall. The function gettimeofday can
379:
version 7 architecture implements three privilege levels: application (PL0), operating system (PL1), and hypervisor (PL2). Unusually, level 0 (PL0) is the least-privileged level, while level 2 is the most-privileged level. ARM version 8 implements four exception levels: application (EL0),
775:
that they normally run. Proper use of complex CPU modes requires very close cooperation between the operating system and the CPU, and thus tends to tie the OS to the CPU architecture. When the OS and the CPU are specifically designed for each other, this is not a problem (although some hardware
180:
Special mechanisms are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources
592:
allows the guest to run under Ring 0. VT-x introduces VMX Root/Non-root
Operation: The hypervisor runs in VMX Root Operation mode, possessing the highest privilege. Guest OS runs in VMX Non-Root Operation mode, which allows them to operate at ring 0 without having actual hardware
593:
privileges. VMX non-root operation and VMX transitions are controlled by a data structure called a virtual-machine control. VT-x allows the hypervisor and the guest OS to both run under ring 0, rendering "Trap and
Emulate" obsolete, improving virtualization performance.
258:, the kernel, drivers and applications typically run on ring 3 (however, this is exclusive to the case where protected-mode drivers or DOS extenders are used; as a real-mode OS, the system runs with effectively no protection), whereas 386 memory managers such as
673:), whereas applications running on the guest OS in a virtual machine or container could use the lowest level of privileges in user mode. The virtual machine and guest OS kernel could themselves use an intermediate level of instruction privilege to invoke and
619:
kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to levels 0 to n, so the privilege levels are rings. When a lesser privileged process tries to access a higher privileged process, a
359:
The hardware severely restricts the ways in which control can be passed from one ring to another, and also enforces restrictions on the types of memory access that can be performed across rings. Using x86 as an example, there is a special
468:
into supervisor mode or even to the kernel space where trusted code of the operating system will perform the needed task and return the execution back to the userspace. Additional code can be added into kernel space through the use of
355:
served as the ring register. Thus code executing with the virtual PC set to 0xE200000, for example, would automatically be in ring 7, and calling a subroutine in a different section of memory would automatically cause a ring transfer.
713:, it shows the I/O privilege level of the current program or task. The Current Privilege Level (CPL) (CPL0, CPL1, CPL2, CPL3) of the task or program must be less than or equal to the IOPL in order for the task or program to access
495:
with the system, and code that runs in Ring 3 should be able to fail at any time without impact to the rest of the computer system. Ring 1 and Ring 2 are rarely used, but could be configured with different levels of access.
253:
does, to some extent, use three rings: ring 0 for kernel code and device drivers, ring 2 for privileged code (user programs with I/O access permissions), and ring 3 for unprivileged code (nearly all user programs). Under
585:, guest operating systems ran under ring 1. Any attempt that requires a higher privilege level to perform (ring 0) will produce an interrupt and then be handled using software, so called "Trap and Emulate".
220:, implemented them in hardware, with support for eight rings; Protection rings in Multics were separate from CPU modes; code in all rings other than ring 0, and some ring 0 code, ran in slave mode.
523:
To gain performance and determinism, some systems place functions that would likely be viewed as application logic, rather than as device drivers, in kernel mode; security applications (
216:("Appending Unit"), but that was not sufficient to provide full support for rings in hardware, so Multics supported them by trapping ring transitions in software; its successor, the
505:, to cost 1000–1500 cycles on most machines. Of these just around 100 are for the actual switch (70 from user to kernel space, and 40 back), the rest is "kernel overhead". In the
483:
is loaded), as well as other simple operating systems and many embedded devices run in supervisor mode permanently, meaning that drivers can be written directly as user programs.
185:
running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for
658:
uses the two-level system. The real mode programs in 8086 are executed at level 0 (highest privilege level) whereas virtual mode in 8086 executes all programs at level 3.
1365:
212:
mainframe computer did have some hardware access control, including the same two modes that the other GE-600 series machines had, and segment-level permissions in its
1163:
1552:
1512:
339:
The original
Multics system had eight rings, but many modern systems have fewer. The hardware remains aware of the current ring of the executing instruction
391:
versus slave/unprivileged/user mode) in some systems. Operating systems running on hardware supporting both may use both forms of protection or only one.
499:
In most existing systems, switching from user mode to kernel mode has an associated high cost in performance. It has been measured, on the basic request
192:
X86S, a recently published Intel architecture, has only ring 0 and ring 3. Ring 1 and 2 will be removed under X86S since modern OSes never utilize them.
994:
542:, has been developed specifically for kernel mode deployment, to provide a local database for kernel-based application functions, and to eliminate the
189:. Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring.
1802:
1677:
1617:
578:(codenamed "Pacifica") allow a guest operating system to run Ring 0 operations natively without affecting other guests or the host OS.
368:
instruction that transfers control in a secure way towards predefined entry points in lower-level (more trusted) rings; this functions as a
473:, but only by a user with the requisite permissions, as this code is not subject to the access control and safety limitations of user mode.
1749:
1528:
17:
1583:
227:
than that. For example, Windows 7 and
Windows Server 2008 (and their predecessors) use only two rings, with ring 0 corresponding to
549:
Functions are also sometimes moved across rings in the other direction. The Linux kernel, for instance, injects into processes a
143:
Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical
1570:
Paul Barham; Boris
Dragovic; Keir Fraser; Steven Hand; Tim Harris; Alex Ho; Rolf Neugebauer; Ian Pratt; Andrew Warfield (2003).
2078:
2049:
1393:
1136:
1111:
321:
2274:
1236:
464:
are three operating systems that use supervisor/user mode. To perform specialized functions, user mode code must perform a
1072:
1167:
1559:
1433:
2269:
1143:
The reason
Windows uses only two levels is that some hardware architectures that were supported in the past (such as
970:
929:
92:
70:
63:
2264:
1853:
1797:
582:
1516:
575:
1772:
1742:
760:
1965:
1863:
1658:
531:, etc.) and operating system monitors are cited as examples. At least one embedded database management system,
732:
2243:
1792:
1777:
297:
1486:
491:-processors have four different modes divided into four different rings. Programs that run in Ring 0 can do
1838:
1823:
1782:
864:
348:
281:
While x86 has 4 protection rings, it is more common for architectures to only have two. Even on x86, most
2004:
1951:
853:
842:
267:
223:
However, most general-purpose systems use only two rings, even if the hardware they run on provides more
1637:"Integrating segmentation and paging protection for safe, efficient and transparent software extensions"
380:
operating system (EL1), hypervisor (EL2), and secure monitor / firmware (EL3), for AArch64 and AArch32.
2019:
1858:
1735:
1643:. Section 3: Protection hardware features in Intel X86 architecture; subsection 3.1 Protection checks.
662:
647:
546:
that would otherwise occur when kernel functions interact with a database system running in user mode.
235:, because earlier versions of Windows NT ran on processors that supported only two protection levels.
2054:
1873:
1833:
1828:
1787:
1684:
1495:
1024:
809:
operating systems attempt to minimize the amount of code running in privileged mode, for purposes of
434:, the operating system runs in supervisor mode and the applications run in user mode. Other types of
431:
2097:
1984:
1848:
1618:"Intel Architecture Software Developer's Manual Volume 3: System Programming (Order Number 243192)"
791:
hardware is not often cost-effective, despite the potential advantages for security and stability.
654:
mechanism with only one bit to specify the privilege level as either
Supervisor or User (U/S Bit).
620:
274:
uses four modes called (in order of decreasing privileges) Kernel, Executive, Supervisor and User.
57:
1624:
1843:
756:
160:
35:
661:
Potential future uses for the multiple privilege levels supported by the x86 ISA family include
2231:
2170:
2059:
2039:
1988:
1946:
858:
752:
748:
589:
470:
213:
74:
1164:"Presentation Device Driver Reference for OS/2 – 5. Introduction to OS/2 Presentation Drivers"
2014:
1980:
1882:
1818:
1718:
602:
163:
152:
31:
532:
2211:
2185:
1601:
914:
An
Augmented Capability Architecture to Support Lattice Security and Traceability of Access
528:
1590:
200:
Multiple rings of protection were among the most revolutionary concepts introduced by the
8:
2180:
2132:
2009:
1212:
1189:
1103:
1096:
831:
1571:
2117:
2024:
1664:
1328:
976:
935:
848:
799:
563:
501:
340:
329:
1513:"Relearning "Trusted Systems" in an Age of NIIP: Lessons from the Past for the Future"
771:
Many CPU hardware architectures provide far more flexibility than is exploited by the
735:
in the TSS also take part in determining the ability of a task to access an I/O port.
570:
to control Ring 0 hardware access. Although they are mutually incompatible, both
2226:
2175:
2107:
2064:
1905:
1654:
1605:
1429:
1389:
1320:
1148:
1132:
1107:
966:
925:
826:
810:
781:
631:
461:
343:
at all times, with the help of a special machine register. In some systems, areas of
301:
282:
174:
137:
980:
939:
669:. A host operating system kernel could use instructions with full privilege access (
2206:
1758:
1668:
1644:
1636:
1634:
1539:
1499:
1310:
958:
953:
Binder, W. (2001). "Design and implementation of the J-SEAL2 mobile agent kernel".
917:
772:
698:
627:
509:, the minimization of this overhead reduced the overall cost to around 150 cycles.
435:
376:
121:
1332:
588:
To assist virtualization and reduce overhead caused by the reason above, VT-x and
2150:
2083:
1526:
1276:
666:
615:
384:
369:
352:
156:
133:
1678:"Exploiting Segmentation Mechanism for Protecting Against Malicious Mobile Code"
1581:
2236:
2160:
2122:
1994:
1569:
1294:
1254:
836:
706:
702:
543:
524:
512:
506:
408:
395:"kernel" and "user" even if hardware provides finer granularity through rings.
344:
313:
289:
A renewed interest in this design structure came with the proliferation of the
277:
217:
114:
962:
2258:
2145:
2102:
1941:
1895:
1529:"A Multi-threading Architecture for Multilevel Secure Transaction Processing"
1324:
186:
132:, are mechanisms to protect data and functionality from faults (by improving
1714:"Kernel Mode Databases: A DBMS technology for high-performance applications"
1641:
Proceedings of the seventeenth ACM symposium on Operating systems principles
1609:
1348:"Kernel Mode Databases: A DBMS Technology For High-Performance Applications"
1019:
2029:
453:
1675:
1649:
1315:
1298:
1051:
921:
2155:
2137:
1920:
1910:
1900:
1683:. Chapter 3 Implementation; section 3.2.1 Ring Protection. Archived from
1635:
Tzi-cker Chiueh; Ganesh Venkitachalam; Prashant Pradhan (December 1999).
806:
678:
670:
465:
443:
305:
1713:
1623:. Chapter 4 "Protection"; section 4.5 "Privilege levels". Archived from
1367:
Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3C
1347:
674:
655:
571:
567:
333:
325:
293:
246:
232:
1543:
1450:
1258:
2092:
1999:
1925:
1890:
1600:
1503:
1231:
1144:
710:
439:
404:
224:
171:
167:
1727:
2221:
1373:. Intel Cooperation (published September 2016). 2016. pp. 1–3.
1218:
1214:
Arm Architecture Reference Manual Armv8, for A-profile architecture
1195:
839: – available on x86-compatible 80286 CPUs and newer
814:
714:
347:
are instead assigned ring numbers in hardware. One example is the
1527:
Haruna R. Isa; William R. Shockley; Cynthia E. Irvine (May 1999).
1131:(6th ed.). Redmond, Washington: Microsoft Press. p. 17.
845:– an OS/2 directive to run DLL code at ring 2 instead of at ring 3
249:
operating system, like Unix, does not fully utilize this feature.
2216:
1915:
798:
Transitions between modes are at the discretion of the executing
787:
777:
271:
245:
architecture) include some form of ring protection, although the
201:
182:
1281:
Why aren't operating systems getting faster as fast as hardware?
884:
651:
480:
309:
263:
259:
209:
1676:
Takahiro Shinagawa; Kenji Kono; Takashi Masuda (17 May 2000).
1536:
Proceedings of the 1999 IEEE Symposium on Security and Privacy
1411:
Microprocessor 8086: Architecture, Programming and Interfacing
1263:
Proc. 15th ACM Symposium on Operating System Principles (SOSP)
626:
It is not necessary to use all four privilege levels. Current
2165:
1191:
ARM Architecture Reference Manual ARMv7-A and ARMv7-R edition
1080:. Honeywell Information Systems. June 1972. pp. 160–161.
639:
635:
457:
239:
105:
1582:
Marcus Peinado; Yuqun Chen; Paul England; John Manferdelli.
995:"Envisioning a Simplified Intel Architecture for the Future"
1610:"A Hardware Architecture for Implementing Protection Rings"
1424:
Anderson, Thomas; Dahlin, Michael (21 August 2014). "2.2".
1283:. Usenix Summer Conference A. naheim, CA. pp. 247–256.
1093:
1020:"A Hardware Architecture for Implementing Protection Rings"
955:
Proceedings 2001 Symposium on Applications and the Internet
888:
744:
550:
250:
205:
1705:
A Practical Alternative to Hierarchical Integrity Policies
916:. 1984 IEEE Symposium on Security and Privacy. p. 2.
2201:
643:
612:
488:
476:
290:
255:
242:
204:
operating system, a highly secure predecessor of today's
110:
487:
Most processors have at least two different modes. The
266:' EMM386 3.xx can optionally run some modules (such as
681:
from the point of view of the guest operating system.
238:
Many modern CPU architectures (including the popular
1712:Gorine, Andrei; Krivolapov, Alexander (May 2008).
1383:
1346:Gorine, Andrei; Krivolapov, Alexander (May 2008).
1095:
30:Several terms redirect here. For other uses, see
1510:
743:In x86 systems, the x86 hardware virtualization (
728:only when the current privilege level is Ring 0.
2256:
1711:
1384:Russinovich, Mark E.; Solomon, David A. (2005).
1345:
1484:
1094:Russinovich, Mark E.; David A. Solomon (2005).
891:, some system tasks run in problem state key 0.
697:) flag is a flag found on all IA-32 compatible
181:intended for programs in another. For example,
1702:
1423:
1293:
1253:
479:(for as long as no 386 memory manager such as
159:. This is generally hardware-enforced by some
1743:
1451:"Hardware Virtualization: the Nuts and Bolts"
1388:(4th ed.). Microsoft Press. p. 16.
1089:
1087:
911:
1707:. 8th National Computer Security Conference.
1269:
1249:
1247:
912:Karger, Paul A.; Herbert, Andrew J. (1984).
1126:
766:
1750:
1736:
1550:
1426:Operating Systems: Principles and Practice
1275:
1207:
1205:
1084:
817:, but ultimately sacrificing performance.
763:are sometimes referred as "ring −3".
446:, do not necessarily share this behavior.
1648:
1413:(Eastern Economy ed.). PHI Learning.
1314:
1244:
784:) implemented only two privilege levels.
93:Learn how and when to remove this message
1408:
1151:) implemented only two privilege levels.
1102:(4 ed.). Microsoft Press. pp.
276:
104:
56:This article includes a list of general
1703:Boebert, William Earl; R. Kain (1985).
1299:"Operating systems in a changing world"
1202:
136:) and malicious behavior (by providing
27:Layer of protection in computer systems
14:
2257:
952:
1757:
1731:
751:) is referred as "ring −1", the
701:. It occupies bits 12 and 13 in the
562:Recent CPUs from Intel and AMD offer
383:Ring protection can be combined with
364:structure which is referenced by the
351:, in which the top three bits of the
1448:
1417:
388:
262:run at ring 0. In addition to this,
228:
42:
1572:"Xen and the Art of Virtualization"
1303:ACM SIGOPS Operating Systems Review
755:is referred as "ring −2", the
24:
1488:A framework for dynamic subversion
1477:
1473:Intel 80386 Programmer's Reference
1074:The Multics Virtual Memory, part 2
596:
557:
413:
320:design structure as part of their
195:
62:it lacks sufficient corresponding
25:
2286:
1538:. Oakland, CA. pp. 166–179.
1428:(2nd ed.). Recursive Books.
630:with wide market share including
623:exception is reported to the OS.
449:Some examples from the PC world:
208:family of operating systems. The
1854:Object-oriented operating system
738:
583:hardware-assisted virtualization
47:
1442:
1402:
1377:
1358:
1339:
1287:
1224:
1182:
877:
761:AMD Platform Security Processor
677:kernel-mode operations such as
126:hierarchical protection domains
1864:Supercomputer operating system
1584:"NGSCB: A Trusted Open System"
1156:
1120:
1065:
1044:
1012:
987:
946:
905:
720:The IOPL can be changed using
13:
1:
1485:David T. Rogers (June 2003).
898:
574:(codenamed "Vanderpool") and
155:within the architecture of a
1839:Just enough operating system
1824:Distributed operating system
865:Principle of least privilege
349:Data General Eclipse MV/8000
7:
2275:Operating system technology
1952:User space and kernel space
1386:Microsoft Windows Internals
1098:Microsoft Windows Internals
854:Supervisor Call instruction
843:IOPL (CONFIG.SYS directive)
820:
10:
2291:
1859:Real-time operating system
1511:William J. Caelli (2002).
1259:"On µ-Kernel Construction"
1127:Russinovich, Mark (2012).
600:
402:
387:(master/kernel/privileged/
29:
18:Descriptor Privilege Level
2194:
2131:
2077:
2055:Multilevel feedback queue
2050:Fixed-priority preemptive
2038:
1973:
1964:
1934:
1881:
1872:
1834:Hobbyist operating system
1829:Embedded operating system
1811:
1765:
1551:Ivan Kelly (8 May 2006).
1496:Naval Postgraduate School
1052:"Multics Glossary - ring"
1025:Communications of the ACM
963:10.1109/SAINT.2001.905166
803:interrupts are received.
2270:Computer security models
2098:General protection fault
1849:Network operating system
1803:User features comparison
1129:Windows Internals Part 1
870:
767:Use of hardware features
621:general protection fault
398:
109:Privilege rings for the
2265:Central processing unit
1844:Mobile operating system
757:Intel Management Engine
684:
471:loadable kernel modules
336:(formerly Vanderpool).
166:that provide different
77:more precise citations.
36:Ring 0 (disambiguation)
1947:Loadable kernel module
1553:"Porting MINIX to Xen"
859:System Management Mode
753:System Management Mode
554:be provided this way.
521:
286:
285:only use ring 0 and 3.
214:memory management unit
117:
2015:Process control block
1981:Computer multitasking
1819:Disk operating system
1650:10.1145/319151.319161
1316:10.1145/198153.198154
1149:Silicon Graphics MIPS
922:10.1109/SP.1984.10001
603:Privilege (computing)
517:
438:, like those with an
280:
270:) on ring 1 instead.
108:
32:Ring (disambiguation)
2186:Virtual tape library
1778:Forensic engineering
1630:on 19 February 2009.
1602:Michael D. Schroeder
1198:p. B1-1136.
733:I/O Port Permissions
353:program counter (PC)
2195:Supporting concepts
2181:Virtual file system
1240:. 15 February 1995.
832:Memory segmentation
695:I/O Privilege level
566:instructions for a
418:In computer terms,
170:at the hardware or
2118:Segmentation fault
1966:Process management
1719:Dr. Dobb's Journal
1565:on 27 August 2006.
1352:Dr. Dobb's Journal
957:. pp. 35–42.
849:Segment descriptor
731:Besides IOPL, the
564:x86 virtualization
373:memory hardware).
330:x86 virtualization
298:ongoing discussion
287:
118:
2252:
2251:
2108:Memory protection
2079:Memory management
2073:
2072:
2065:Shortest job next
1960:
1959:
1759:Operating systems
1690:on 10 August 2017
1606:Jerome H. Saltzer
1522:on 20 April 2015.
1449:De Gelas, Johan.
1395:978-0-7356-1917-3
1277:Ousterhout, J. K.
1257:(December 1995).
1232:"supervisor mode"
1138:978-0-7356-4873-9
1113:978-0-7356-1917-3
827:Call gate (Intel)
773:operating systems
632:Microsoft Windows
628:operating systems
436:operating systems
308:(particularly in
283:operating systems
138:computer security
103:
102:
95:
16:(Redirected from
2282:
2207:Computer network
1971:
1970:
1879:
1878:
1752:
1745:
1738:
1729:
1728:
1723:
1708:
1699:
1697:
1695:
1689:
1682:
1672:
1652:
1631:
1629:
1622:
1613:
1597:
1596:on 4 March 2005.
1595:
1589:. Archived from
1588:
1578:
1576:
1566:
1564:
1558:. Archived from
1557:
1547:
1533:
1523:
1521:
1515:. Archived from
1507:
1493:
1466:
1465:
1463:
1461:
1446:
1440:
1439:
1421:
1415:
1414:
1406:
1400:
1399:
1381:
1375:
1374:
1372:
1362:
1356:
1355:
1343:
1337:
1336:
1318:
1291:
1285:
1284:
1273:
1267:
1266:
1251:
1242:
1241:
1228:
1222:
1221:
1209:
1200:
1199:
1186:
1180:
1179:
1177:
1175:
1166:. Archived from
1160:
1154:
1153:
1124:
1118:
1117:
1101:
1091:
1082:
1081:
1079:
1069:
1063:
1062:
1060:
1058:
1048:
1042:
1041:
1039:
1037:
1016:
1010:
1009:
1007:
1005:
991:
985:
984:
950:
944:
943:
909:
892:
881:
727:
723:
667:virtual machines
663:containerization
544:context switches
504:
430:In a monolithic
324:initiative, and
130:protection rings
122:computer science
98:
91:
87:
84:
78:
73:this article by
64:inline citations
51:
50:
43:
21:
2290:
2289:
2285:
2284:
2283:
2281:
2280:
2279:
2255:
2254:
2253:
2248:
2190:
2151:Defragmentation
2136:
2127:
2113:Protection ring
2082:
2069:
2041:
2034:
1956:
1930:
1868:
1807:
1761:
1756:
1726:
1693:
1691:
1687:
1680:
1661:
1627:
1620:
1616:
1593:
1586:
1574:
1562:
1555:
1531:
1519:
1491:
1480:
1478:Further reading
1470:
1469:
1459:
1457:
1447:
1443:
1436:
1422:
1418:
1407:
1403:
1396:
1382:
1378:
1370:
1364:
1363:
1359:
1344:
1340:
1292:
1288:
1274:
1270:
1252:
1245:
1230:
1229:
1225:
1211:
1210:
1203:
1188:
1187:
1183:
1173:
1171:
1170:on 15 June 2015
1162:
1161:
1157:
1139:
1125:
1121:
1114:
1092:
1085:
1077:
1071:
1070:
1066:
1056:
1054:
1050:
1049:
1045:
1035:
1033:
1032:(3). March 1972
1018:
1017:
1013:
1003:
1001:
993:
992:
988:
973:
951:
947:
932:
910:
906:
901:
896:
895:
882:
878:
873:
823:
769:
741:
725:
721:
687:
616:instruction set
609:privilege level
605:
599:
597:Privilege level
560:
558:Hypervisor mode
500:
420:supervisor mode
416:
414:Supervisor mode
411:
401:
389:supervisor mode
385:processor modes
370:supervisor call
316:), Microsoft's
312:newsgroups and
198:
196:Implementations
157:computer system
134:fault tolerance
128:, often called
99:
88:
82:
79:
69:Please help to
68:
52:
48:
39:
28:
23:
22:
15:
12:
11:
5:
2288:
2278:
2277:
2272:
2267:
2250:
2249:
2247:
2246:
2241:
2240:
2239:
2237:User interface
2234:
2224:
2219:
2214:
2209:
2204:
2198:
2196:
2192:
2191:
2189:
2188:
2183:
2178:
2173:
2168:
2163:
2161:File attribute
2158:
2153:
2148:
2142:
2140:
2129:
2128:
2126:
2125:
2123:Virtual memory
2120:
2115:
2110:
2105:
2100:
2095:
2089:
2087:
2075:
2074:
2071:
2070:
2068:
2067:
2062:
2057:
2052:
2046:
2044:
2036:
2035:
2033:
2032:
2027:
2022:
2017:
2012:
2007:
2002:
1997:
1995:Context switch
1992:
1977:
1975:
1968:
1962:
1961:
1958:
1957:
1955:
1954:
1949:
1944:
1938:
1936:
1932:
1931:
1929:
1928:
1923:
1918:
1913:
1908:
1903:
1898:
1893:
1887:
1885:
1876:
1870:
1869:
1867:
1866:
1861:
1856:
1851:
1846:
1841:
1836:
1831:
1826:
1821:
1815:
1813:
1809:
1808:
1806:
1805:
1800:
1795:
1790:
1785:
1780:
1775:
1769:
1767:
1763:
1762:
1755:
1754:
1747:
1740:
1732:
1725:
1724:
1709:
1700:
1673:
1659:
1632:
1614:
1598:
1579:
1567:
1548:
1524:
1508:
1481:
1479:
1476:
1475:
1474:
1468:
1467:
1441:
1435:978-0985673529
1434:
1416:
1409:Sunil Mathur.
1401:
1394:
1376:
1357:
1338:
1297:(April 1994).
1295:Maurice Wilkes
1286:
1268:
1255:Jochen Liedtke
1243:
1223:
1201:
1181:
1155:
1137:
1119:
1112:
1083:
1064:
1043:
1011:
986:
971:
945:
930:
903:
902:
900:
897:
894:
893:
875:
874:
872:
869:
868:
867:
862:
856:
851:
846:
840:
837:Protected mode
834:
829:
822:
819:
768:
765:
740:
737:
707:protected mode
703:FLAGS register
686:
683:
601:Main article:
598:
595:
559:
556:
540:DB Kernel Mode
525:access control
513:Maurice Wilkes
507:L3 microkernel
485:
484:
474:
415:
412:
409:Protected mode
400:
397:
345:virtual memory
231:and ring 3 to
218:Honeywell 6180
197:
194:
187:device drivers
115:protected mode
101:
100:
55:
53:
46:
26:
9:
6:
4:
3:
2:
2287:
2276:
2273:
2271:
2268:
2266:
2263:
2262:
2260:
2245:
2242:
2238:
2235:
2233:
2230:
2229:
2228:
2225:
2223:
2220:
2218:
2215:
2213:
2210:
2208:
2205:
2203:
2200:
2199:
2197:
2193:
2187:
2184:
2182:
2179:
2177:
2174:
2172:
2169:
2167:
2164:
2162:
2159:
2157:
2154:
2152:
2149:
2147:
2144:
2143:
2141:
2139:
2134:
2130:
2124:
2121:
2119:
2116:
2114:
2111:
2109:
2106:
2104:
2103:Memory paging
2101:
2099:
2096:
2094:
2091:
2090:
2088:
2085:
2080:
2076:
2066:
2063:
2061:
2058:
2056:
2053:
2051:
2048:
2047:
2045:
2043:
2037:
2031:
2028:
2026:
2023:
2021:
2018:
2016:
2013:
2011:
2008:
2006:
2003:
2001:
1998:
1996:
1993:
1990:
1986:
1982:
1979:
1978:
1976:
1972:
1969:
1967:
1963:
1953:
1950:
1948:
1945:
1943:
1942:Device driver
1940:
1939:
1937:
1933:
1927:
1924:
1922:
1919:
1917:
1914:
1912:
1909:
1907:
1904:
1902:
1899:
1897:
1894:
1892:
1889:
1888:
1886:
1884:
1883:Architectures
1880:
1877:
1875:
1871:
1865:
1862:
1860:
1857:
1855:
1852:
1850:
1847:
1845:
1842:
1840:
1837:
1835:
1832:
1830:
1827:
1825:
1822:
1820:
1817:
1816:
1814:
1810:
1804:
1801:
1799:
1796:
1794:
1791:
1789:
1786:
1784:
1781:
1779:
1776:
1774:
1771:
1770:
1768:
1764:
1760:
1753:
1748:
1746:
1741:
1739:
1734:
1733:
1730:
1721:
1720:
1715:
1710:
1706:
1701:
1686:
1679:
1674:
1670:
1666:
1662:
1656:
1651:
1646:
1642:
1638:
1633:
1626:
1619:
1615:
1611:
1607:
1603:
1599:
1592:
1585:
1580:
1573:
1568:
1561:
1554:
1549:
1545:
1541:
1537:
1530:
1525:
1518:
1514:
1509:
1505:
1501:
1497:
1490:
1489:
1483:
1482:
1472:
1471:
1456:
1452:
1445:
1437:
1431:
1427:
1420:
1412:
1405:
1397:
1391:
1387:
1380:
1369:
1368:
1361:
1353:
1349:
1342:
1334:
1330:
1326:
1322:
1317:
1312:
1308:
1304:
1300:
1296:
1290:
1282:
1278:
1272:
1264:
1260:
1256:
1250:
1248:
1239:
1238:
1233:
1227:
1220:
1216:
1215:
1208:
1206:
1197:
1193:
1192:
1185:
1169:
1165:
1159:
1152:
1150:
1146:
1140:
1134:
1130:
1123:
1115:
1109:
1105:
1100:
1099:
1090:
1088:
1076:
1075:
1068:
1053:
1047:
1031:
1027:
1026:
1021:
1015:
1000:
996:
990:
982:
978:
974:
972:0-7695-0942-8
968:
964:
960:
956:
949:
941:
937:
933:
931:0-8186-0532-4
927:
923:
919:
915:
908:
904:
890:
886:
883:E.g., In IBM
880:
876:
866:
863:
860:
857:
855:
852:
850:
847:
844:
841:
838:
835:
833:
830:
828:
825:
824:
818:
816:
812:
808:
804:
801:
796:
792:
789:
785:
783:
779:
774:
764:
762:
758:
754:
750:
746:
739:Miscellaneous
736:
734:
729:
718:
716:
712:
708:
704:
700:
696:
692:
682:
680:
676:
672:
668:
664:
659:
657:
653:
650:mostly use a
649:
645:
641:
637:
633:
629:
624:
622:
617:
614:
610:
604:
594:
591:
586:
584:
579:
577:
573:
569:
565:
555:
552:
547:
545:
541:
539:
535:
530:
526:
520:
516:
514:
510:
508:
503:
497:
494:
490:
482:
478:
475:
472:
467:
463:
459:
455:
452:
451:
450:
447:
445:
441:
437:
433:
428:
424:
421:
410:
406:
396:
392:
390:
386:
381:
378:
374:
371:
367:
363:
357:
354:
350:
346:
342:
337:
335:
331:
327:
323:
319:
315:
311:
307:
306:micro-kernels
303:
299:
295:
292:
284:
279:
275:
273:
269:
265:
261:
257:
252:
248:
244:
241:
236:
234:
230:
226:
221:
219:
215:
211:
207:
203:
193:
190:
188:
184:
178:
176:
173:
169:
165:
164:architectures
162:
158:
154:
150:
146:
141:
139:
135:
131:
127:
123:
116:
113:available in
112:
107:
97:
94:
86:
83:February 2015
76:
72:
66:
65:
59:
54:
45:
44:
41:
37:
34: and
33:
19:
2138:file systems
2112:
2030:Time-sharing
1717:
1704:
1692:. Retrieved
1685:the original
1640:
1625:the original
1591:the original
1560:the original
1535:
1517:the original
1487:
1458:. Retrieved
1454:
1444:
1425:
1419:
1410:
1404:
1385:
1379:
1366:
1360:
1351:
1341:
1306:
1302:
1289:
1280:
1271:
1262:
1235:
1226:
1213:
1190:
1184:
1172:. Retrieved
1168:the original
1158:
1145:Compaq Alpha
1142:
1128:
1122:
1097:
1073:
1067:
1057:27 September
1055:. Retrieved
1046:
1036:27 September
1034:. Retrieved
1029:
1023:
1014:
1002:. Retrieved
998:
989:
954:
948:
913:
907:
879:
805:
797:
793:
786:
770:
742:
730:
719:
694:
690:
688:
679:system calls
660:
625:
608:
606:
587:
580:
561:
548:
537:
533:
522:
518:
511:
498:
492:
486:
448:
429:
425:
419:
417:
393:
382:
375:
365:
361:
358:
338:
317:
288:
237:
222:
199:
191:
179:
148:
144:
142:
129:
125:
119:
89:
80:
61:
40:
2156:Device file
2146:Boot loader
2060:Round-robin
1985:Cooperative
1921:Rump kernel
1911:Multikernel
1901:Microkernel
1798:Usage share
1309:(2): 9–21.
807:Microkernel
671:kernel mode
466:system call
444:microkernel
326:hypervisors
229:kernel mode
75:introducing
2259:Categories
2086:protection
2042:algorithms
2040:Scheduling
1989:Preemptive
1935:Components
1906:Monolithic
1773:Comparison
1660:1581131402
1544:10945/7198
899:References
675:virtualize
656:Windows NT
572:Intel VT-x
568:hypervisor
403:See also:
334:Intel VT-x
314:Web forums
302:monolithic
296:software,
247:Windows NT
58:references
2176:Partition
2093:Bus error
2020:Real-time
2000:Interrupt
1926:Unikernel
1891:Exokernel
1504:10945/919
1455:AnandTech
1325:0163-5980
715:I/O ports
711:long mode
529:firewalls
440:exokernel
405:Real mode
328:based on
233:user mode
225:CPU modes
172:microcode
168:CPU modes
153:privilege
2222:Live USB
2084:resource
1974:Concepts
1812:Variants
1793:Timeline
1608:(1972).
1460:13 March
1279:(1990).
1219:Arm Ltd.
1196:Arm Ltd.
981:11066378
940:14788823
887:through
821:See also
815:elegance
811:security
699:x86 CPUs
493:anything
332:such as
2217:Live CD
2171:Journal
2135:access,
2133:Storage
2010:Process
1916:vkernel
1783:History
1766:General
1694:2 April
1669:9456119
1494:(MSc).
1174:13 June
788:Multics
778:PowerPC
726:IRET(D)
722:POPF(D)
648:Android
611:in the
581:Before
515:wrote:
462:Windows
427:runs."
272:OpenVMS
202:Multics
183:spyware
71:improve
2025:Thread
1896:Hybrid
1874:Kernel
1667:
1657:
1432:
1392:
1333:254134
1331:
1323:
1237:FOLDOC
1135:
1110:
1004:28 May
979:
969:
938:
928:
885:OS/360
800:thread
705:. In
652:paging
502:getpid
481:EMM386
432:kernel
341:thread
318:Ring-1
310:Usenet
264:DR-DOS
260:EMM386
210:GE 645
149:layers
145:levels
60:, but
2227:Shell
2166:Inode
1688:(PDF)
1681:(PDF)
1665:S2CID
1628:(PDF)
1621:(PDF)
1594:(PDF)
1587:(PDF)
1575:(PDF)
1563:(PDF)
1556:(PDF)
1532:(PDF)
1520:(PDF)
1492:(PDF)
1371:(PDF)
1329:S2CID
1078:(PDF)
999:Intel
977:S2CID
936:S2CID
871:Notes
861:(SMM)
640:Linux
636:macOS
576:AMD-V
538:treme
458:macOS
454:Linux
399:Modes
322:NGSCB
240:Intel
175:level
1788:List
1696:2018
1655:ISBN
1462:2021
1430:ISBN
1390:ISBN
1321:ISSN
1176:2015
1147:and
1133:ISBN
1108:ISBN
1059:2012
1038:2012
1006:2024
967:ISBN
926:ISBN
889:z/OS
813:and
782:MIPS
759:and
747:and
745:VT-x
724:and
709:and
691:IOPL
689:The
685:IOPL
665:and
646:and
551:vDSO
460:and
407:and
366:call
362:gate
304:vs.
268:DPMS
251:OS/2
206:Unix
2244:PXE
2232:CLI
2212:HAL
2202:API
2005:IPC
1645:doi
1540:hdl
1500:hdl
1311:doi
959:doi
918:doi
780:or
749:SVM
644:iOS
613:x86
590:SVM
489:x86
477:DOS
442:or
377:ARM
300:on
294:VMM
291:Xen
256:DOS
243:x86
161:CPU
151:of
147:or
140:).
120:In
111:x86
2261::
1987:,
1716:.
1663:.
1653:.
1639:.
1604:;
1534:.
1498:.
1453:.
1350:.
1327:.
1319:.
1307:28
1305:.
1301:.
1261:.
1246:^
1234:.
1217:.
1204:^
1194:.
1141:.
1106:.
1104:16
1086:^
1030:15
1028:.
1022:.
997:.
975:.
965:.
934:.
924:.
717:.
642:,
638:,
634:,
607:A
527:,
456:,
124:,
2081:,
1991:)
1983:(
1751:e
1744:t
1737:v
1722:.
1698:.
1671:.
1647::
1612:.
1577:.
1546:.
1542::
1506:.
1502::
1464:.
1438:.
1398:.
1354:.
1335:.
1313::
1265:.
1178:.
1116:.
1061:.
1040:.
1008:.
983:.
961::
942:.
920::
693:(
536:X
534:e
96:)
90:(
85:)
81:(
67:.
38:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.