784:
unrestricted environment of kernel mode, and then, in paradigmatic designs, only when absolutely necessary. All other software executes in one or more user modes. If a processor generates a fault or exception condition in a user mode, in most cases system stability is unaffected; if a processor generates a fault or exception condition in kernel mode, most operating systems will halt the system with an unrecoverable error. When a hierarchy of modes exists (ring-based security), faults and exceptions at one privilege level may destabilize only the higher-numbered privilege levels. Thus, a fault in Ring 0 (the kernel mode with the highest privilege) will crash the entire system, but a fault in Ring 2 will only affect Rings 3 and beyond and Ring 2 itself, at most.
38:
508:... it eventually became clear that the hierarchical protection that rings provided did not closely match the requirements of the system programmer and gave little or no improvement on the simple system of having two modes only. Rings of protection lent themselves to efficient implementation in hardware, but there was little else to be said for them. The attractiveness of fine-grained protection remained, even after it was seen that rings of protection did not provide the answer... This again proved a blind alley...
267:
95:
166:. Rings are arranged in a hierarchy from most privileged (most trusted, usually numbered zero) to least privileged (least trusted, usually with the highest ring number). On most operating systems, Ring 0 is the level with the most privileges and interacts most directly with the physical hardware such as certain CPU functionality (e.g. the control registers) and I/O controllers.
412:
modifying registers for various descriptor tables, or performing operations such as disabling interrupts. The idea of having two different modes to operate in comes from "with more power comes more responsibility" – a program in supervisor mode is trusted never to fail, since a failure may cause the whole computer system to crash.
765:
features may still be left unexploited), but when the OS is designed to be compatible with multiple, different CPU architectures, a large part of the CPU mode features may be ignored by the OS. For example, the reason
Windows uses only two levels (ring 0 and ring 3) is that some hardware architectures that were supported in the past (such as
783:
Ultimately, the purpose of distinct operating modes for the CPU is to provide hardware protection against accidental or deliberate corruption of the system environment (and corresponding breaches of system security) by software. Only "trusted" portions of system software are allowed to execute in the
607:
controls the access of the program currently running on the processor to resources such as memory regions, I/O ports, and special instructions. There are 4 privilege levels ranging from 0 which is the most privileged, to 3 which is least privileged. Most modern operating systems use level 0 for the
415:
Supervisor mode is "an execution mode on some processors which enables execution of all instructions, including privileged instructions. It may also give access to a different address space, to memory management hardware and to other peripherals. This is the mode in which the operating system usually
411:
is a hardware-mediated flag that can be changed by code running in system-level software. System-level tasks or threads may have this flag set while they are running, whereas user-level applications will not. This flag determines whether it would be possible to execute machine code operations such as
791:
when the transition is from a level of high privilege to one of low privilege (as from kernel to user modes), but transitions from lower to higher levels of privilege can take place only through secure, hardware-controlled "gates" that are traversed by executing special instructions or when external
779:
was an operating system designed specifically for a special CPU architecture (which in turn was designed specifically for
Multics), and it took full advantage of the CPU modes available to it. However, it was an exception to the rule. Today, this high degree of interoperation between the OS and the
383:
Effective use of ring architecture requires close cooperation between hardware and the operating system. Operating systems designed to work on multiple hardware platforms may make only limited use of rings if they are not present on every supported platform. Often the security model is simplified to
361:
in many operating systems that use the ring architecture. The hardware restrictions are designed to limit opportunities for accidental or malicious breaches of security. In addition, the most privileged ring may be given special capabilities (such as real memory addressing that bypasses the virtual
542:
section which contains functions that would normally require a system call, i.e. a ring transition. Instead of doing a syscall these functions use static data provided by the kernel. This avoids the need for a ring transition and so is more lightweight than a syscall. The function gettimeofday can
368:
version 7 architecture implements three privilege levels: application (PL0), operating system (PL1), and hypervisor (PL2). Unusually, level 0 (PL0) is the least-privileged level, while level 2 is the most-privileged level. ARM version 8 implements four exception levels: application (EL0),
764:
that they normally run. Proper use of complex CPU modes requires very close cooperation between the operating system and the CPU, and thus tends to tie the OS to the CPU architecture. When the OS and the CPU are specifically designed for each other, this is not a problem (although some hardware
169:
Special mechanisms are provided to allow an outer ring to access an inner ring's resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating access between rings can improve security by preventing programs from one ring or privilege level from misusing resources
581:
allows the guest to run under Ring 0. VT-x introduces VMX Root/Non-root
Operation: The hypervisor runs in VMX Root Operation mode, possessing the highest privilege. Guest OS runs in VMX Non-Root Operation mode, which allows them to operate at ring 0 without having actual hardware
582:
privileges. VMX non-root operation and VMX transitions are controlled by a data structure called a virtual-machine control. VT-x allows the hypervisor and the guest OS to both run under ring 0, rendering "Trap and
Emulate" obsolete, improving virtualization performance.
247:, the kernel, drivers and applications typically run on ring 3 (however, this is exclusive to the case where protected-mode drivers or DOS extenders are used; as a real-mode OS, the system runs with effectively no protection), whereas 386 memory managers such as
662:), whereas applications running on the guest OS in a virtual machine or container could use the lowest level of privileges in user mode. The virtual machine and guest OS kernel could themselves use an intermediate level of instruction privilege to invoke and
608:
kernel/executive, and use level 3 for application programs. Any resource available to level n is also available to levels 0 to n, so the privilege levels are rings. When a lesser privileged process tries to access a higher privileged process, a
348:
The hardware severely restricts the ways in which control can be passed from one ring to another, and also enforces restrictions on the types of memory access that can be performed across rings. Using x86 as an example, there is a special
457:
into supervisor mode or even to the kernel space where trusted code of the operating system will perform the needed task and return the execution back to the userspace. Additional code can be added into kernel space through the use of
344:
served as the ring register. Thus code executing with the virtual PC set to 0xE200000, for example, would automatically be in ring 7, and calling a subroutine in a different section of memory would automatically cause a ring transfer.
702:, it shows the I/O privilege level of the current program or task. The Current Privilege Level (CPL) (CPL0, CPL1, CPL2, CPL3) of the task or program must be less than or equal to the IOPL in order for the task or program to access
484:
with the system, and code that runs in Ring 3 should be able to fail at any time without impact to the rest of the computer system. Ring 1 and Ring 2 are rarely used, but could be configured with different levels of access.
242:
does, to some extent, use three rings: ring 0 for kernel code and device drivers, ring 2 for privileged code (user programs with I/O access permissions), and ring 3 for unprivileged code (nearly all user programs). Under
574:, guest operating systems ran under ring 1. Any attempt that requires a higher privilege level to perform (ring 0) will produce an interrupt and then be handled using software, so called "Trap and Emulate".
209:, implemented them in hardware, with support for eight rings; Protection rings in Multics were separate from CPU modes; code in all rings other than ring 0, and some ring 0 code, ran in slave mode.
512:
To gain performance and determinism, some systems place functions that would likely be viewed as application logic, rather than as device drivers, in kernel mode; security applications (
205:("Appending Unit"), but that was not sufficient to provide full support for rings in hardware, so Multics supported them by trapping ring transitions in software; its successor, the
494:, to cost 1000–1500 cycles on most machines. Of these just around 100 are for the actual switch (70 from user to kernel space, and 40 back), the rest is "kernel overhead". In the
472:
is loaded), as well as other simple operating systems and many embedded devices run in supervisor mode permanently, meaning that drivers can be written directly as user programs.
174:
running as a user program in Ring 3 should be prevented from turning on a web camera without informing the user, since hardware access should be a Ring 1 function reserved for
647:
uses the two-level system. The real mode programs in 8086 are executed at level 0 (highest privilege level) whereas virtual mode in 8086 executes all programs at level 3.
1354:
201:
mainframe computer did have some hardware access control, including the same two modes that the other GE-600 series machines had, and segment-level permissions in its
1152:
1541:
1501:
328:
The original
Multics system had eight rings, but many modern systems have fewer. The hardware remains aware of the current ring of the executing instruction
380:
versus slave/unprivileged/user mode) in some systems. Operating systems running on hardware supporting both may use both forms of protection or only one.
488:
In most existing systems, switching from user mode to kernel mode has an associated high cost in performance. It has been measured, on the basic request
181:
X86S, a recently published Intel architecture, has only ring 0 and ring 3. Ring 1 and 2 will be removed under X86S since modern OSes never utilize them.
983:
531:, has been developed specifically for kernel mode deployment, to provide a local database for kernel-based application functions, and to eliminate the
178:. Programs such as web browsers running in higher numbered rings must request access to the network, a resource restricted to a lower numbered ring.
1791:
1666:
1606:
567:(codenamed "Pacifica") allow a guest operating system to run Ring 0 operations natively without affecting other guests or the host OS.
357:
instruction that transfers control in a secure way towards predefined entry points in lower-level (more trusted) rings; this functions as a
462:, but only by a user with the requisite permissions, as this code is not subject to the access control and safety limitations of user mode.
1738:
1517:
1572:
216:
than that. For example, Windows 7 and
Windows Server 2008 (and their predecessors) use only two rings, with ring 0 corresponding to
538:
Functions are also sometimes moved across rings in the other direction. The Linux kernel, for instance, injects into processes a
132:
Computer operating systems provide different levels of access to resources. A protection ring is one of two or more hierarchical
1559:
Paul Barham; Boris
Dragovic; Keir Fraser; Steven Hand; Tim Harris; Alex Ho; Rolf Neugebauer; Ian Pratt; Andrew Warfield (2003).
2067:
2038:
1382:
1125:
1100:
310:
2263:
1225:
453:
are three operating systems that use supervisor/user mode. To perform specialized functions, user mode code must perform a
1061:
1156:
1548:
1422:
2258:
1132:
The reason
Windows uses only two levels is that some hardware architectures that were supported in the past (such as
959:
918:
81:
59:
52:
2253:
1842:
1786:
571:
1505:
564:
1761:
1731:
749:
1954:
1852:
1647:
520:, etc.) and operating system monitors are cited as examples. At least one embedded database management system,
721:
2232:
1781:
1766:
286:
1475:
480:-processors have four different modes divided into four different rings. Programs that run in Ring 0 can do
1827:
1812:
1771:
853:
337:
270:
While x86 has 4 protection rings, it is more common for architectures to only have two. Even on x86, most
1993:
1940:
842:
831:
256:
212:
However, most general-purpose systems use only two rings, even if the hardware they run on provides more
1626:"Integrating segmentation and paging protection for safe, efficient and transparent software extensions"
369:
operating system (EL1), hypervisor (EL2), and secure monitor / firmware (EL3), for AArch64 and AArch32.
2008:
1847:
1724:
1632:. Section 3: Protection hardware features in Intel X86 architecture; subsection 3.1 Protection checks.
651:
636:
535:
that would otherwise occur when kernel functions interact with a database system running in user mode.
224:, because earlier versions of Windows NT ran on processors that supported only two protection levels.
2043:
1862:
1822:
1817:
1776:
1673:
1484:
1013:
798:
operating systems attempt to minimize the amount of code running in privileged mode, for purposes of
423:, the operating system runs in supervisor mode and the applications run in user mode. Other types of
420:
2086:
1973:
1837:
1607:"Intel Architecture Software Developer's Manual Volume 3: System Programming (Order Number 243192)"
780:
hardware is not often cost-effective, despite the potential advantages for security and stability.
643:
mechanism with only one bit to specify the privilege level as either
Supervisor or User (U/S Bit).
609:
263:
uses four modes called (in order of decreasing privileges) Kernel, Executive, Supervisor and User.
46:
1613:
1832:
745:
149:
24:
650:
Potential future uses for the multiple privilege levels supported by the x86 ISA family include
2220:
2159:
2048:
2028:
1977:
1935:
847:
741:
737:
578:
459:
202:
63:
1153:"Presentation Device Driver Reference for OS/2 – 5. Introduction to OS/2 Presentation Drivers"
2003:
1969:
1871:
1807:
1707:
591:
152:
141:
20:
521:
2200:
2174:
1590:
903:
An
Augmented Capability Architecture to Support Lattice Security and Traceability of Access
517:
1579:
189:
Multiple rings of protection were among the most revolutionary concepts introduced by the
8:
2169:
2121:
1998:
1201:
1178:
1092:
1085:
820:
1560:
2106:
2013:
1653:
1317:
965:
924:
837:
788:
552:
490:
329:
318:
1502:"Relearning "Trusted Systems" in an Age of NIIP: Lessons from the Past for the Future"
760:
Many CPU hardware architectures provide far more flexibility than is exploited by the
724:
in the TSS also take part in determining the ability of a task to access an I/O port.
559:
to control Ring 0 hardware access. Although they are mutually incompatible, both
2215:
2164:
2096:
2053:
1894:
1643:
1594:
1418:
1378:
1309:
1137:
1121:
1096:
955:
914:
815:
799:
770:
620:
450:
332:
at all times, with the help of a special machine register. In some systems, areas of
290:
271:
163:
126:
969:
928:
658:. A host operating system kernel could use instructions with full privilege access (
2195:
1747:
1657:
1633:
1625:
1623:
1528:
1488:
1299:
947:
942:
Binder, W. (2001). "Design and implementation of the J-SEAL2 mobile agent kernel".
906:
761:
687:
616:
498:, the minimization of this overhead reduced the overall cost to around 150 cycles.
424:
365:
110:
1321:
577:
To assist virtualization and reduce overhead caused by the reason above, VT-x and
2139:
2072:
1515:
1265:
655:
604:
373:
358:
341:
145:
122:
1667:"Exploiting Segmentation Mechanism for Protecting Against Malicious Mobile Code"
1570:
2225:
2149:
2111:
1983:
1558:
1283:
1243:
825:
695:
691:
532:
513:
501:
495:
397:
384:"kernel" and "user" even if hardware provides finer granularity through rings.
333:
302:
278:
A renewed interest in this design structure came with the proliferation of the
266:
206:
103:
951:
2247:
2134:
2091:
1930:
1884:
1518:"A Multi-threading Architecture for Multilevel Secure Transaction Processing"
1313:
175:
121:, are mechanisms to protect data and functionality from faults (by improving
1703:"Kernel Mode Databases: A DBMS technology for high-performance applications"
1630:
Proceedings of the seventeenth ACM symposium on Operating systems principles
1598:
1337:"Kernel Mode Databases: A DBMS Technology For High-Performance Applications"
1008:
2018:
442:
1664:
1638:
1304:
1287:
1040:
910:
2144:
2126:
1909:
1899:
1889:
1672:. Chapter 3 Implementation; section 3.2.1 Ring Protection. Archived from
1624:
Tzi-cker Chiueh; Ganesh Venkitachalam; Prashant Pradhan (December 1999).
795:
667:
659:
454:
432:
294:
1702:
1612:. Chapter 4 "Protection"; section 4.5 "Privilege levels". Archived from
1356:
Intel® 64 and IA-32 Architectures Software Developer’s Manual, Volume 3C
1336:
663:
644:
560:
556:
322:
314:
282:
235:
221:
1532:
1439:
1247:
2081:
1988:
1914:
1879:
1589:
1492:
1220:
1133:
699:
428:
393:
213:
160:
156:
1716:
2210:
1362:. Intel Cooperation (published September 2016). 2016. pp. 1–3.
1207:
1203:
Arm Architecture Reference Manual Armv8, for A-profile architecture
1184:
828: – available on x86-compatible 80286 CPUs and newer
803:
703:
336:
are instead assigned ring numbers in hardware. One example is the
1516:
Haruna R. Isa; William R. Shockley; Cynthia E. Irvine (May 1999).
1120:(6th ed.). Redmond, Washington: Microsoft Press. p. 17.
834:– an OS/2 directive to run DLL code at ring 2 instead of at ring 3
238:
operating system, like Unix, does not fully utilize this feature.
2205:
1904:
787:
Transitions between modes are at the discretion of the executing
776:
766:
260:
234:
architecture) include some form of ring protection, although the
190:
171:
1270:
Why aren't operating systems getting faster as fast as hardware?
873:
640:
469:
298:
252:
248:
198:
1665:
Takahiro Shinagawa; Kenji Kono; Takashi Masuda (17 May 2000).
1525:
Proceedings of the 1999 IEEE Symposium on Security and Privacy
1400:
Microprocessor 8086: Architecture, Programming and Interfacing
1252:
Proc. 15th ACM Symposium on Operating System Principles (SOSP)
615:
It is not necessary to use all four privilege levels. Current
2154:
1180:
ARM Architecture Reference Manual ARMv7-A and ARMv7-R edition
1069:. Honeywell Information Systems. June 1972. pp. 160–161.
628:
624:
446:
228:
94:
1571:
Marcus Peinado; Yuqun Chen; Paul England; John Manferdelli.
984:"Envisioning a Simplified Intel Architecture for the Future"
1599:"A Hardware Architecture for Implementing Protection Rings"
1413:
Anderson, Thomas; Dahlin, Michael (21 August 2014). "2.2".
1272:. Usenix Summer Conference A. naheim, CA. pp. 247–256.
1082:
1009:"A Hardware Architecture for Implementing Protection Rings"
944:
Proceedings 2001 Symposium on Applications and the Internet
877:
733:
539:
239:
194:
1694:
A Practical Alternative to Hierarchical Integrity Policies
905:. 1984 IEEE Symposium on Security and Privacy. p. 2.
2190:
632:
601:
477:
465:
279:
244:
231:
193:
operating system, a highly secure predecessor of today's
99:
476:
Most processors have at least two different modes. The
255:' EMM386 3.xx can optionally run some modules (such as
670:
from the point of view of the guest operating system.
227:
Many modern CPU architectures (including the popular
1701:Gorine, Andrei; Krivolapov, Alexander (May 2008).
1372:
1335:Gorine, Andrei; Krivolapov, Alexander (May 2008).
1084:
19:Several terms redirect here. For other uses, see
1499:
732:In x86 systems, the x86 hardware virtualization (
717:only when the current privilege level is Ring 0.
2245:
1700:
1373:Russinovich, Mark E.; Solomon, David A. (2005).
1334:
1473:
1083:Russinovich, Mark E.; David A. Solomon (2005).
880:, some system tasks run in problem state key 0.
686:) flag is a flag found on all IA-32 compatible
170:intended for programs in another. For example,
1691:
1412:
1282:
1242:
468:(for as long as no 386 memory manager such as
148:. This is generally hardware-enforced by some
1732:
1440:"Hardware Virtualization: the Nuts and Bolts"
1377:(4th ed.). Microsoft Press. p. 16.
1078:
1076:
900:
1696:. 8th National Computer Security Conference.
1258:
1238:
1236:
901:Karger, Paul A.; Herbert, Andrew J. (1984).
1115:
755:
1739:
1725:
1539:
1415:Operating Systems: Principles and Practice
1264:
1196:
1194:
1073:
806:, but ultimately sacrificing performance.
752:are sometimes referred as "ring −3".
435:, do not necessarily share this behavior.
1637:
1402:(Eastern Economy ed.). PHI Learning.
1303:
1233:
773:) implemented only two privilege levels.
82:Learn how and when to remove this message
1397:
1140:) implemented only two privilege levels.
1091:(4 ed.). Microsoft Press. pp.
265:
93:
45:This article includes a list of general
1692:Boebert, William Earl; R. Kain (1985).
1288:"Operating systems in a changing world"
1191:
125:) and malicious behavior (by providing
16:Layer of protection in computer systems
2246:
941:
1746:
1720:
740:) is referred as "ring −1", the
690:. It occupies bits 12 and 13 in the
551:Recent CPUs from Intel and AMD offer
372:Ring protection can be combined with
353:structure which is referenced by the
340:, in which the top three bits of the
1437:
1406:
377:
251:run at ring 0. In addition to this,
217:
31:
1561:"Xen and the Art of Virtualization"
1292:ACM SIGOPS Operating Systems Review
744:is referred as "ring −2", the
13:
1477:A framework for dynamic subversion
1466:
1462:Intel 80386 Programmer's Reference
1063:The Multics Virtual Memory, part 2
585:
546:
402:
309:design structure as part of their
184:
51:it lacks sufficient corresponding
14:
2275:
1527:. Oakland, CA. pp. 166–179.
1417:(2nd ed.). Recursive Books.
619:with wide market share including
612:exception is reported to the OS.
438:Some examples from the PC world:
197:family of operating systems. The
1843:Object-oriented operating system
727:
572:hardware-assisted virtualization
36:
1431:
1391:
1366:
1347:
1328:
1276:
1213:
1171:
866:
750:AMD Platform Security Processor
666:kernel-mode operations such as
115:hierarchical protection domains
1853:Supercomputer operating system
1573:"NGSCB: A Trusted Open System"
1145:
1109:
1054:
1033:
1001:
976:
935:
894:
709:The IOPL can be changed using
1:
1474:David T. Rogers (June 2003).
887:
563:(codenamed "Vanderpool") and
144:within the architecture of a
1828:Just enough operating system
1813:Distributed operating system
854:Principle of least privilege
338:Data General Eclipse MV/8000
7:
2264:Operating system technology
1941:User space and kernel space
1375:Microsoft Windows Internals
1087:Microsoft Windows Internals
843:Supervisor Call instruction
832:IOPL (CONFIG.SYS directive)
809:
10:
2280:
1848:Real-time operating system
1500:William J. Caelli (2002).
1248:"On µ-Kernel Construction"
1116:Russinovich, Mark (2012).
589:
391:
376:(master/kernel/privileged/
18:
2183:
2120:
2066:
2044:Multilevel feedback queue
2039:Fixed-priority preemptive
2027:
1962:
1953:
1923:
1870:
1861:
1823:Hobbyist operating system
1818:Embedded operating system
1800:
1754:
1540:Ivan Kelly (8 May 2006).
1485:Naval Postgraduate School
1041:"Multics Glossary - ring"
1014:Communications of the ACM
952:10.1109/SAINT.2001.905166
792:interrupts are received.
2259:Computer security models
2087:General protection fault
1838:Network operating system
1792:User features comparison
1118:Windows Internals Part 1
859:
756:Use of hardware features
610:general protection fault
387:
98:Privilege rings for the
2254:Central processing unit
1833:Mobile operating system
746:Intel Management Engine
673:
460:loadable kernel modules
325:(formerly Vanderpool).
155:that provide different
66:more precise citations.
25:Ring 0 (disambiguation)
1936:Loadable kernel module
1542:"Porting MINIX to Xen"
848:System Management Mode
742:System Management Mode
543:be provided this way.
510:
275:
274:only use ring 0 and 3.
203:memory management unit
106:
2004:Process control block
1970:Computer multitasking
1808:Disk operating system
1639:10.1145/319151.319161
1305:10.1145/198153.198154
1138:Silicon Graphics MIPS
911:10.1109/SP.1984.10001
592:Privilege (computing)
506:
427:, like those with an
269:
259:) on ring 1 instead.
97:
21:Ring (disambiguation)
2175:Virtual tape library
1767:Forensic engineering
1619:on 19 February 2009.
1591:Michael D. Schroeder
1187:p. B1-1136.
722:I/O Port Permissions
342:program counter (PC)
2184:Supporting concepts
2170:Virtual file system
1229:. 15 February 1995.
821:Memory segmentation
684:I/O Privilege level
555:instructions for a
407:In computer terms,
159:at the hardware or
2107:Segmentation fault
1955:Process management
1708:Dr. Dobb's Journal
1554:on 27 August 2006.
1341:Dr. Dobb's Journal
946:. pp. 35–42.
838:Segment descriptor
720:Besides IOPL, the
553:x86 virtualization
362:memory hardware).
319:x86 virtualization
287:ongoing discussion
276:
107:
2241:
2240:
2097:Memory protection
2068:Memory management
2062:
2061:
2054:Shortest job next
1949:
1948:
1748:Operating systems
1679:on 10 August 2017
1595:Jerome H. Saltzer
1511:on 20 April 2015.
1438:De Gelas, Johan.
1384:978-0-7356-1917-3
1266:Ousterhout, J. K.
1246:(December 1995).
1221:"supervisor mode"
1127:978-0-7356-4873-9
1102:978-0-7356-1917-3
816:Call gate (Intel)
762:operating systems
621:Microsoft Windows
617:operating systems
425:operating systems
297:(particularly in
272:operating systems
127:computer security
92:
91:
84:
2271:
2196:Computer network
1960:
1959:
1868:
1867:
1741:
1734:
1727:
1718:
1717:
1712:
1697:
1688:
1686:
1684:
1678:
1671:
1661:
1641:
1620:
1618:
1611:
1602:
1586:
1585:on 4 March 2005.
1584:
1578:. Archived from
1577:
1567:
1565:
1555:
1553:
1547:. Archived from
1546:
1536:
1522:
1512:
1510:
1504:. Archived from
1496:
1482:
1455:
1454:
1452:
1450:
1435:
1429:
1428:
1410:
1404:
1403:
1395:
1389:
1388:
1370:
1364:
1363:
1361:
1351:
1345:
1344:
1332:
1326:
1325:
1307:
1280:
1274:
1273:
1262:
1256:
1255:
1240:
1231:
1230:
1217:
1211:
1210:
1198:
1189:
1188:
1175:
1169:
1168:
1166:
1164:
1155:. Archived from
1149:
1143:
1142:
1113:
1107:
1106:
1090:
1080:
1071:
1070:
1068:
1058:
1052:
1051:
1049:
1047:
1037:
1031:
1030:
1028:
1026:
1005:
999:
998:
996:
994:
980:
974:
973:
939:
933:
932:
898:
881:
870:
716:
712:
656:virtual machines
652:containerization
533:context switches
493:
419:In a monolithic
313:initiative, and
119:protection rings
111:computer science
87:
80:
76:
73:
67:
62:this article by
53:inline citations
40:
39:
32:
2279:
2278:
2274:
2273:
2272:
2270:
2269:
2268:
2244:
2243:
2242:
2237:
2179:
2140:Defragmentation
2125:
2116:
2102:Protection ring
2071:
2058:
2030:
2023:
1945:
1919:
1857:
1796:
1750:
1745:
1715:
1682:
1680:
1676:
1669:
1650:
1616:
1609:
1605:
1582:
1575:
1563:
1551:
1544:
1520:
1508:
1480:
1469:
1467:Further reading
1459:
1458:
1448:
1446:
1436:
1432:
1425:
1411:
1407:
1396:
1392:
1385:
1371:
1367:
1359:
1353:
1352:
1348:
1333:
1329:
1281:
1277:
1263:
1259:
1241:
1234:
1219:
1218:
1214:
1200:
1199:
1192:
1177:
1176:
1172:
1162:
1160:
1159:on 15 June 2015
1151:
1150:
1146:
1128:
1114:
1110:
1103:
1081:
1074:
1066:
1060:
1059:
1055:
1045:
1043:
1039:
1038:
1034:
1024:
1022:
1021:(3). March 1972
1007:
1006:
1002:
992:
990:
982:
981:
977:
962:
940:
936:
921:
899:
895:
890:
885:
884:
871:
867:
862:
812:
758:
730:
714:
710:
676:
605:instruction set
598:privilege level
594:
588:
586:Privilege level
549:
547:Hypervisor mode
489:
409:supervisor mode
405:
403:Supervisor mode
400:
390:
378:supervisor mode
374:processor modes
359:supervisor call
305:), Microsoft's
301:newsgroups and
187:
185:Implementations
146:computer system
123:fault tolerance
117:, often called
88:
77:
71:
68:
58:Please help to
57:
41:
37:
28:
17:
12:
11:
5:
2277:
2267:
2266:
2261:
2256:
2239:
2238:
2236:
2235:
2230:
2229:
2228:
2226:User interface
2223:
2213:
2208:
2203:
2198:
2193:
2187:
2185:
2181:
2180:
2178:
2177:
2172:
2167:
2162:
2157:
2152:
2150:File attribute
2147:
2142:
2137:
2131:
2129:
2118:
2117:
2115:
2114:
2112:Virtual memory
2109:
2104:
2099:
2094:
2089:
2084:
2078:
2076:
2064:
2063:
2060:
2059:
2057:
2056:
2051:
2046:
2041:
2035:
2033:
2025:
2024:
2022:
2021:
2016:
2011:
2006:
2001:
1996:
1991:
1986:
1984:Context switch
1981:
1966:
1964:
1957:
1951:
1950:
1947:
1946:
1944:
1943:
1938:
1933:
1927:
1925:
1921:
1920:
1918:
1917:
1912:
1907:
1902:
1897:
1892:
1887:
1882:
1876:
1874:
1865:
1859:
1858:
1856:
1855:
1850:
1845:
1840:
1835:
1830:
1825:
1820:
1815:
1810:
1804:
1802:
1798:
1797:
1795:
1794:
1789:
1784:
1779:
1774:
1769:
1764:
1758:
1756:
1752:
1751:
1744:
1743:
1736:
1729:
1721:
1714:
1713:
1698:
1689:
1662:
1648:
1621:
1603:
1587:
1568:
1556:
1537:
1513:
1497:
1470:
1468:
1465:
1464:
1463:
1457:
1456:
1430:
1424:978-0985673529
1423:
1405:
1398:Sunil Mathur.
1390:
1383:
1365:
1346:
1327:
1286:(April 1994).
1284:Maurice Wilkes
1275:
1257:
1244:Jochen Liedtke
1232:
1212:
1190:
1170:
1144:
1126:
1108:
1101:
1072:
1053:
1032:
1000:
975:
960:
934:
919:
892:
891:
889:
886:
883:
882:
864:
863:
861:
858:
857:
856:
851:
845:
840:
835:
829:
826:Protected mode
823:
818:
811:
808:
757:
754:
729:
726:
696:protected mode
692:FLAGS register
675:
672:
590:Main article:
587:
584:
548:
545:
529:DB Kernel Mode
514:access control
502:Maurice Wilkes
496:L3 microkernel
474:
473:
463:
404:
401:
398:Protected mode
389:
386:
334:virtual memory
220:and ring 3 to
207:Honeywell 6180
186:
183:
176:device drivers
104:protected mode
90:
89:
44:
42:
35:
15:
9:
6:
4:
3:
2:
2276:
2265:
2262:
2260:
2257:
2255:
2252:
2251:
2249:
2234:
2231:
2227:
2224:
2222:
2219:
2218:
2217:
2214:
2212:
2209:
2207:
2204:
2202:
2199:
2197:
2194:
2192:
2189:
2188:
2186:
2182:
2176:
2173:
2171:
2168:
2166:
2163:
2161:
2158:
2156:
2153:
2151:
2148:
2146:
2143:
2141:
2138:
2136:
2133:
2132:
2130:
2128:
2123:
2119:
2113:
2110:
2108:
2105:
2103:
2100:
2098:
2095:
2093:
2092:Memory paging
2090:
2088:
2085:
2083:
2080:
2079:
2077:
2074:
2069:
2065:
2055:
2052:
2050:
2047:
2045:
2042:
2040:
2037:
2036:
2034:
2032:
2026:
2020:
2017:
2015:
2012:
2010:
2007:
2005:
2002:
2000:
1997:
1995:
1992:
1990:
1987:
1985:
1982:
1979:
1975:
1971:
1968:
1967:
1965:
1961:
1958:
1956:
1952:
1942:
1939:
1937:
1934:
1932:
1931:Device driver
1929:
1928:
1926:
1922:
1916:
1913:
1911:
1908:
1906:
1903:
1901:
1898:
1896:
1893:
1891:
1888:
1886:
1883:
1881:
1878:
1877:
1875:
1873:
1872:Architectures
1869:
1866:
1864:
1860:
1854:
1851:
1849:
1846:
1844:
1841:
1839:
1836:
1834:
1831:
1829:
1826:
1824:
1821:
1819:
1816:
1814:
1811:
1809:
1806:
1805:
1803:
1799:
1793:
1790:
1788:
1785:
1783:
1780:
1778:
1775:
1773:
1770:
1768:
1765:
1763:
1760:
1759:
1757:
1753:
1749:
1742:
1737:
1735:
1730:
1728:
1723:
1722:
1719:
1710:
1709:
1704:
1699:
1695:
1690:
1675:
1668:
1663:
1659:
1655:
1651:
1645:
1640:
1635:
1631:
1627:
1622:
1615:
1608:
1604:
1600:
1596:
1592:
1588:
1581:
1574:
1569:
1562:
1557:
1550:
1543:
1538:
1534:
1530:
1526:
1519:
1514:
1507:
1503:
1498:
1494:
1490:
1486:
1479:
1478:
1472:
1471:
1461:
1460:
1445:
1441:
1434:
1426:
1420:
1416:
1409:
1401:
1394:
1386:
1380:
1376:
1369:
1358:
1357:
1350:
1342:
1338:
1331:
1323:
1319:
1315:
1311:
1306:
1301:
1297:
1293:
1289:
1285:
1279:
1271:
1267:
1261:
1253:
1249:
1245:
1239:
1237:
1228:
1227:
1222:
1216:
1209:
1205:
1204:
1197:
1195:
1186:
1182:
1181:
1174:
1158:
1154:
1148:
1141:
1139:
1135:
1129:
1123:
1119:
1112:
1104:
1098:
1094:
1089:
1088:
1079:
1077:
1065:
1064:
1057:
1042:
1036:
1020:
1016:
1015:
1010:
1004:
989:
985:
979:
971:
967:
963:
961:0-7695-0942-8
957:
953:
949:
945:
938:
930:
926:
922:
920:0-8186-0532-4
916:
912:
908:
904:
897:
893:
879:
875:
872:E.g., In IBM
869:
865:
855:
852:
849:
846:
844:
841:
839:
836:
833:
830:
827:
824:
822:
819:
817:
814:
813:
807:
805:
801:
797:
793:
790:
785:
781:
778:
774:
772:
768:
763:
753:
751:
747:
743:
739:
735:
728:Miscellaneous
725:
723:
718:
707:
705:
701:
697:
693:
689:
685:
681:
671:
669:
665:
661:
657:
653:
648:
646:
642:
639:mostly use a
638:
634:
630:
626:
622:
618:
613:
611:
606:
603:
599:
593:
583:
580:
575:
573:
568:
566:
562:
558:
554:
544:
541:
536:
534:
530:
528:
524:
519:
515:
509:
505:
503:
499:
497:
492:
486:
483:
479:
471:
467:
464:
461:
456:
452:
448:
444:
441:
440:
439:
436:
434:
430:
426:
422:
417:
413:
410:
399:
395:
385:
381:
379:
375:
370:
367:
363:
360:
356:
352:
346:
343:
339:
335:
331:
326:
324:
320:
316:
312:
308:
304:
300:
296:
295:micro-kernels
292:
288:
284:
281:
273:
268:
264:
262:
258:
254:
250:
246:
241:
237:
233:
230:
225:
223:
219:
215:
210:
208:
204:
200:
196:
192:
182:
179:
177:
173:
167:
165:
162:
158:
154:
153:architectures
151:
147:
143:
139:
135:
130:
128:
124:
120:
116:
112:
105:
102:available in
101:
96:
86:
83:
75:
72:February 2015
65:
61:
55:
54:
48:
43:
34:
33:
30:
26:
23: and
22:
2127:file systems
2101:
2019:Time-sharing
1706:
1693:
1681:. Retrieved
1674:the original
1629:
1614:the original
1580:the original
1549:the original
1524:
1506:the original
1476:
1447:. Retrieved
1443:
1433:
1414:
1408:
1399:
1393:
1374:
1368:
1355:
1349:
1340:
1330:
1295:
1291:
1278:
1269:
1260:
1251:
1224:
1215:
1202:
1179:
1173:
1161:. Retrieved
1157:the original
1147:
1134:Compaq Alpha
1131:
1117:
1111:
1086:
1062:
1056:
1046:27 September
1044:. Retrieved
1035:
1025:27 September
1023:. Retrieved
1018:
1012:
1003:
991:. Retrieved
987:
978:
943:
937:
902:
896:
868:
794:
786:
782:
775:
759:
731:
719:
708:
683:
679:
677:
668:system calls
649:
614:
597:
595:
576:
569:
550:
537:
526:
522:
511:
507:
500:
487:
481:
475:
437:
418:
414:
408:
406:
382:
371:
364:
354:
350:
347:
327:
306:
277:
226:
211:
188:
180:
168:
137:
133:
131:
118:
114:
108:
78:
69:
50:
29:
2145:Device file
2135:Boot loader
2049:Round-robin
1974:Cooperative
1910:Rump kernel
1900:Multikernel
1890:Microkernel
1787:Usage share
1298:(2): 9–21.
796:Microkernel
660:kernel mode
455:system call
433:microkernel
315:hypervisors
218:kernel mode
64:introducing
2248:Categories
2075:protection
2031:algorithms
2029:Scheduling
1978:Preemptive
1924:Components
1895:Monolithic
1762:Comparison
1649:1581131402
1533:10945/7198
888:References
664:virtualize
645:Windows NT
561:Intel VT-x
557:hypervisor
392:See also:
323:Intel VT-x
303:Web forums
291:monolithic
285:software,
236:Windows NT
47:references
2165:Partition
2082:Bus error
2009:Real-time
1989:Interrupt
1915:Unikernel
1880:Exokernel
1493:10945/919
1444:AnandTech
1314:0163-5980
704:I/O ports
700:long mode
518:firewalls
429:exokernel
394:Real mode
317:based on
222:user mode
214:CPU modes
161:microcode
157:CPU modes
142:privilege
2211:Live USB
2073:resource
1963:Concepts
1801:Variants
1782:Timeline
1597:(1972).
1449:13 March
1268:(1990).
1208:Arm Ltd.
1185:Arm Ltd.
970:11066378
929:14788823
876:through
810:See also
804:elegance
800:security
688:x86 CPUs
482:anything
321:such as
2206:Live CD
2160:Journal
2124:access,
2122:Storage
1999:Process
1905:vkernel
1772:History
1755:General
1683:2 April
1658:9456119
1483:(MSc).
1163:13 June
777:Multics
767:PowerPC
715:IRET(D)
711:POPF(D)
637:Android
600:in the
570:Before
504:wrote:
451:Windows
416:runs."
261:OpenVMS
191:Multics
172:spyware
60:improve
2014:Thread
1885:Hybrid
1863:Kernel
1656:
1646:
1421:
1381:
1322:254134
1320:
1312:
1226:FOLDOC
1124:
1099:
993:28 May
968:
958:
927:
917:
874:OS/360
789:thread
694:. In
641:paging
491:getpid
470:EMM386
421:kernel
330:thread
307:Ring-1
299:Usenet
253:DR-DOS
249:EMM386
199:GE 645
138:layers
134:levels
49:, but
2216:Shell
2155:Inode
1677:(PDF)
1670:(PDF)
1654:S2CID
1617:(PDF)
1610:(PDF)
1583:(PDF)
1576:(PDF)
1564:(PDF)
1552:(PDF)
1545:(PDF)
1521:(PDF)
1509:(PDF)
1481:(PDF)
1360:(PDF)
1318:S2CID
1067:(PDF)
988:Intel
966:S2CID
925:S2CID
860:Notes
850:(SMM)
629:Linux
625:macOS
565:AMD-V
527:treme
447:macOS
443:Linux
388:Modes
311:NGSCB
229:Intel
164:level
1777:List
1685:2018
1644:ISBN
1451:2021
1419:ISBN
1379:ISBN
1310:ISSN
1165:2015
1136:and
1122:ISBN
1097:ISBN
1048:2012
1027:2012
995:2024
956:ISBN
915:ISBN
878:z/OS
802:and
771:MIPS
748:and
736:and
734:VT-x
713:and
698:and
680:IOPL
678:The
674:IOPL
654:and
635:and
540:vDSO
449:and
396:and
355:call
351:gate
293:vs.
257:DPMS
240:OS/2
195:Unix
2233:PXE
2221:CLI
2201:HAL
2191:API
1994:IPC
1634:doi
1529:hdl
1489:hdl
1300:doi
948:doi
907:doi
769:or
738:SVM
633:iOS
602:x86
579:SVM
478:x86
466:DOS
431:or
366:ARM
289:on
283:VMM
280:Xen
245:DOS
232:x86
150:CPU
140:of
136:or
129:).
109:In
100:x86
2250::
1976:,
1705:.
1652:.
1642:.
1628:.
1593:;
1523:.
1487:.
1442:.
1339:.
1316:.
1308:.
1296:28
1294:.
1290:.
1250:.
1235:^
1223:.
1206:.
1193:^
1183:.
1130:.
1095:.
1093:16
1075:^
1019:15
1017:.
1011:.
986:.
964:.
954:.
923:.
913:.
706:.
631:,
627:,
623:,
596:A
516:,
445:,
113:,
2070:,
1980:)
1972:(
1740:e
1733:t
1726:v
1711:.
1687:.
1660:.
1636::
1601:.
1566:.
1535:.
1531::
1495:.
1491::
1453:.
1427:.
1387:.
1343:.
1324:.
1302::
1254:.
1167:.
1105:.
1050:.
1029:.
997:.
972:.
950::
931:.
909::
682:(
525:X
523:e
85:)
79:(
74:)
70:(
56:.
27:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
