Maybe this question sounds stupid but can anyone tell me the differences
betwen Kernel and User Mode. I have an idea but I want to know all the
differnces.
Basic difference is CPU mode.
Kernel mode code runs at CPU privilege level (ring) 0 - ie. it can do
anything with CPU
User mode code runs at CPU privilege level (ring) 3 - ie. it is restricted
(cannot access kernel memory, cannot process some instructions like CLI,
HLT, …)
Address space is divided into two parts: Kernel mode (which is the same for
all processes)
and User mode (which is private for every process). User mode code can
access only
self user mode space but kernel mode code can access both Kernel mode and
User
mode (for all processes) address spaces.
These are the main differences. If you wanna know some other, more advanced,
please let me know.
Paul
-----P?vodn? zpr?va-----
Od: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
Odesl?no: 7. ?ervna 2000 14:57
Komu: File Systems Developers
P?edm?t: [ntfsd] Kernel vs User ModesMaybe this question sounds stupid but can anyone tell me the differences
betwen Kernel and User Mode. I have an idea but I want to know all the
differnces.
You are currently subscribed to ntfsd as: xxxxx@sodatsw.cz
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
> Maybe this question sounds stupid but can anyone tell me the differences
betwen Kernel and User Mode. I have an idea but I want to know all the
differnces.
On x86 NT, they are Ring 3 and Ring 0 according to the Intel’s
documentation.
Lots of things are prohibited for the CPU while it is in Ring 3. For
instance:
- any commands altering the global CPU mode - mov to cr3 or such.
- cli/sti (a process cannot be allowed to disable the interrupts and hang
the
whole machine). - in/out - with the exceptions of those explicitly permitted by the
hardware-
defined bitmap. The same stability thing - a process cannot be allowed to
touch hardware directly bypassing the trusted code base of the OS. - changing the page directory base address. This means - a process sees
only the memory the OS have set up for it, and has no means accessing
any other memory. - changing the IDT. A process cannot be allowed to change this machine-
wide structure. - memory pages can be marked as “Ring 0 only” - a bit in the PTE. Thus, the
process has kernel memory mapped to its address space to avoid
performance loss on syscalls and page faults - but it cannot access it while
in
umode.
Trying to violate any of these rules leads to the trap - which is caught by
the
OS and usually leads to more or less graceful termination of the process
without affecting other processes.
This thing exist more or less in all modern CPUs - the goal of this is
stability -
“a user mode process must not have any ways to crash the entire machine”
paradigm.
Max
O, thank you. If you can tell me more, please do it. I need for my thesis
project.
On Wed, 7 Jun 2000, Pavel Hrdina wrote:
Basic difference is CPU mode.
Kernel mode code runs at CPU privilege level (ring) 0 - ie. it can do
anything with CPU
User mode code runs at CPU privilege level (ring) 3 - ie. it is restricted
(cannot access kernel memory, cannot process some instructions like CLI,
HLT, …)Address space is divided into two parts: Kernel mode (which is the same for
all processes)
and User mode (which is private for every process). User mode code can
access only
self user mode space but kernel mode code can access both Kernel mode and
User
mode (for all processes) address spaces.These are the main differences. If you wanna know some other, more advanced,
please let me know.Paul
> -----P?vodn? zpr?va-----
> Od: Ratmil Torres Vargas [SMTP:xxxxx@ghost.matcom.uh.cu]
> Odesl?no: 7. ?ervna 2000 14:57
> Komu: File Systems Developers
> P?edm?t: [ntfsd] Kernel vs User Modes
>
> Maybe this question sounds stupid but can anyone tell me the differences
> betwen Kernel and User Mode. I have an idea but I want to know all the
> differnces.
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@sodatsw.cz
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)
You are currently subscribed to ntfsd as: xxxxx@ghost.matcom.uh.cu
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
At 03:26 AM 6/8/2000 +0400, you wrote:
- memory pages can be marked as “Ring 0 only” - a bit in the PTE. Thus, the
process has kernel memory mapped to its address space to avoid
performance loss on syscalls and page faults - but it cannot access it while
in
umode.
Actually, pages can not be marked as “ring 0 only”, segment selectors are
marked with ring level permissions. User mode code runs with one segment
selector with a limit of 2/3 gigs, and kernel mode switches to a different
selector ( that only ring 0 can use ) that has a limit of the full 4 gigs.
Trying to violate any of these rules leads to the trap - which is caught by
the
OS and usually leads to more or less graceful termination of the process
without affecting other processes.This thing exist more or less in all modern CPUs - the goal of this is
stability -
“a user mode process must not have any ways to crash the entire machine”
paradigm.Max
You are currently subscribed to ntfsd as: xxxxx@iag.net
To unsubscribe send a blank email to $subst(‘Email.Unsub’)
From: Phillip Susi [mailto:xxxxx@iag.net]
At 03:26 AM 6/8/2000 +0400, you wrote:
>- memory pages can be marked as “Ring 0 only” - a bit in the
PTE. Thus, the
>process has kernel memory mapped to its address space to avoid
>performance loss on syscalls and page faults - but it cannot
access it while
>in
>umode.Actually, pages can not be marked as “ring 0 only”, segment
selectors are
marked with ring level permissions. User mode code runs with
one segment
selector with a limit of 2/3 gigs, and kernel mode switches
to a different
selector ( that only ring 0 can use ) that has a limit of the
full 4 gigs.
Pages are definitely able to be marked “ring 0 only”. Refer section 6.8.1.1
in the 486 processor reference manual, or section 4.11.2 in Volume 3 of the
Intel software development manual:
4.11.2. Restricting Addressable Domain
The page-level protection mechanism allows restricting access to pages based
on two privilege
levels:
. Supervisor mode (U/S flag is 0)-(Most privileged) For the operating system
or executive,
other system software (such as device drivers), and protected system data
(such as page
tables).
. User mode (U/S flag is 1)-(Least privileged) For application code and
data.
The segment privilege levels map to the page privilege levels as follows. If
the processor is
currently operating at a CPL of 0, 1, or 2, it is in supervisor mode; if it
is operating at a CPL of
3, it is in user mode. When the processor is in supervisor mode, it can
access all pages; when in
user mode, it can access only user-level pages. (Note that the WP flag in
control register CR0
modifies the supervisor permissions, as described in Section 4.11.3., “Page
Type”.)
Note that to use the page-level protection mechanism, code and data segments
must be set up
for at least two segment-based privilege levels: level 0 for supervisor code
and data segments
and level 3 for user code and data segments. (In this model, the stacks are
placed in the data
segments.) To minimize the use of segments, a flat memory model can be used
(see Section
3.2.1., “Basic Flat Model”). Here, the user and supervisor code and data
segments all begin at
address zero in the linear address space and overlay each other. With this
arrangement, operating-
system code (running at the supervisor level) and application code (running
at the user
level) can execute as if there are no segments. Protection between
operating-system and application
code and data is provided by the processor’s page-level protection
mechanism.
To Ratmil, the specs for Intel x86 processors are available on Intel’s web
site. Just download the PDFs and you’ll have all the information you need
on the difference between user and supervisor modes.
John Wiltshire
> Actually, pages can not be marked as “ring 0 only”, segment selectors are
Wrong. They can.
marked with ring level permissions. User mode code runs with one segment
selector with a limit of 2/3 gigs, and kernel mode switches to a different
selector ( that only ring 0 can use ) that has a limit of the full 4 gigs.
This is so in NT. Linux uses 0-2GB limits for umode DS selector and 2-4GB
limits for kmode one. This is done to explicitly prohibit the crash-prone
technique of accessing user space memory from the driver and to force the
driver writers to use special functions and macros to access user space,
not usual pointer dereferences or memcpy().
NT allows this technique under a try/catch frame - and if the driver has a
bug
in forgetting the try/catch frame around the user space access code (which
is
easy to make if the driver uses non-self-relative IOCTL buffer layout
structures), it will open a stability and security hole.
AFD.SYS had such a hole for a long time - calling TransmitFile with invalid
pointers in the header descriptor structure caused a BSOD in AFD.SYS.
Max
Ratmil,
Download the manuals for the Pentium III. All the information you could
ever want in about 1000 pages:
http://developer.intel.com/design/PentiumIII/manuals/
John Wiltshire