Two Rings Good, Four Rings Bad

I believe x64 specifies that only rings 0 and 1 are supported. So clearly AMD thought that were was so little market for OSes that require or can use rings 2 and 3 that they cut the feature. (There *is* a non-zero cost for hardware features, in design time, verification, fab time, chip area, power, etc.)

All of this is interesting, from an OS design point of view, but is rather pointless when applied to NTDEV. The NT model is what it is – two levels of privelege. So are most of the major, commodity OSes, so it isn’t exactly an uncommon model.

Also, people should consider the additional complexity that driver developers would need to deal with. Driver developers already need to understand IRQLs, paged-vs-non-paged, arbitrary thread context vs. known thread context, etc. Adding another axis to this would cause a lot more cognitive load for the developers, and would not in reality deliver much value. (Whole forests have been cut down to print all of the research papers on device driver isolation.)

Try to imagine the excruciating number of combinations of paged/non-paged, 4x rings, and multiple drivers all communicating with each other. If I allocate data at ring 1, and I pass it to a driver or OS component that runs at ring 0, what should happen? Boom? Now raise that number of combinations to the power of the average PNP device stack depth, and it quickly becomes obvious that more than 2 rings just causes insanity. At least if it is shoe-horned into an existing OS design, and not part of it from the beginning. (And I don’t know of any OS designed after 1980 where this was a feature. I’m sure the peanut gallery will point one out, though, if there is.)

Would I like to have better isolation between drivers? Of course. Which is why I would suggest looking elsewhere, such as http://research.microsoft.com/os/singularity/, rather than trying to resurrect a processor architecture that is not used, and is basically being abandoned.

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] On Behalf Of Tim Roberts [xxxxx@probo.com]
Sent: Wednesday, March 28, 2007 2:34 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re:Driver Programming Fundamentals/Philosophy, was: Re: Calling NdisRequest() from ProtoclBi

Maxim S. Shatskih wrote:

> I don’t understand your point, Maxim. Portability between what and what?
>

All these RISC machines, and now IA64.

Having the OS unportable to any other CPU even theoretically is a bad idea.

Nonsense. The ring 1 thing would be implementation detail of the x86
kernels – an added benefit available on architectures that had multiple
levels of protection. It certainly wouldn’t require any source code
changes in drivers, so I am unclear on how it would affect portability.

There are certainly precedents for this. NT supports I/O ports, even
though those do not exist on non-x86 architectures. It supports memory
barriers, even though those only have meaning for certain architectures.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

VMS was originally a 4-ring OS when it ran on VAX hardware. I’m not sure if
they kept the 4-ring or went to 3 rings when ported to Alpha hardware and
eventually to Intel’s Itanium. There were no major issues with device
drivers or passing of data from one ring to the next or paging, etc, so the
argument of complexity doesn’t hold much water in practical experience.

BTW, VMS was far more stable than NT ever has (or probably ever will be).

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Arlie Davis
Sent: Wednesday, March 28, 2007 9:45 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Two Rings Good, Four Rings Bad

I believe x64 specifies that only rings 0 and 1 are supported. So clearly
AMD thought that were was so little market for OSes that require or can use
rings 2 and 3 that they cut the feature. (There *is* a non-zero cost for
hardware features, in design time, verification, fab time, chip area, power,
etc.)

All of this is interesting, from an OS design point of view, but is rather
pointless when applied to NTDEV. The NT model is what it is – two levels
of privelege. So are most of the major, commodity OSes, so it isn’t exactly
an uncommon model.

Also, people should consider the additional complexity that driver
developers would need to deal with. Driver developers already need to
understand IRQLs, paged-vs-non-paged, arbitrary thread context vs. known
thread context, etc. Adding another axis to this would cause a lot more
cognitive load for the developers, and would not in reality deliver much
value. (Whole forests have been cut down to print all of the research
papers on device driver isolation.)

Try to imagine the excruciating number of combinations of paged/non-paged,
4x rings, and multiple drivers all communicating with each other. If I
allocate data at ring 1, and I pass it to a driver or OS component that runs
at ring 0, what should happen? Boom? Now raise that number of combinations
to the power of the average PNP device stack depth, and it quickly becomes
obvious that more than 2 rings just causes insanity. At least if it is
shoe-horned into an existing OS design, and not part of it from the
beginning. (And I don’t know of any OS designed after 1980 where this was a
feature. I’m sure the peanut gallery will point one out, though, if there
is.)

Would I like to have better isolation between drivers? Of course. Which is
why I would suggest looking elsewhere, such as
http://research.microsoft.com/os/singularity/, rather than trying to
resurrect a processor architecture that is not used, and is basically being
abandoned.

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com]
On Behalf Of Tim Roberts [xxxxx@probo.com]
Sent: Wednesday, March 28, 2007 2:34 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re:Driver Programming Fundamentals/Philosophy, was: Re:
Calling NdisRequest() from ProtoclBi

Maxim S. Shatskih wrote:

> I don’t understand your point, Maxim. Portability between what and what?
>

All these RISC machines, and now IA64.

Having the OS unportable to any other CPU even theoretically is a bad
idea.

Nonsense. The ring 1 thing would be implementation detail of the x86
kernels – an added benefit available on architectures that had multiple
levels of protection. It certainly wouldn’t require any source code
changes in drivers, so I am unclear on how it would affect portability.

There are certainly precedents for this. NT supports I/O ports, even
though those do not exist on non-x86 architectures. It supports memory
barriers, even though those only have meaning for certain architectures.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Just one question to this as I don’t disagree with most of it. Which came
first: the chicken or the egg? Is the four ring hardware being dropped
because the OS wasn’t using it or because it was a bad idea? I know that
Intel has changed how many of the various instructions are implemented to
speed them up by devoting additional transistors to the ones they determine
need to be improved mostly because of Windows usage.

Life is as you said. We have to live with what we are given - except for
the few who design operating systems, mostly at Microsoft. However if we
don’t mention solutions, problems, and other issues we can’t complain when
the solutions we are given suck.

“Arlie Davis” wrote in message
news:xxxxx@ntdev…
I believe x64 specifies that only rings 0 and 1 are supported. So clearly
AMD thought that were was so little market for OSes that require or can use
rings 2 and 3 that they cut the feature. (There is a non-zero cost for
hardware features, in design time, verification, fab time, chip area, power,
etc.)

All of this is interesting, from an OS design point of view, but is rather
pointless when applied to NTDEV. The NT model is what it is – two levels
of privelege. So are most of the major, commodity OSes, so it isn’t exactly
an uncommon model.

Also, people should consider the additional complexity that driver
developers would need to deal with. Driver developers already need to
understand IRQLs, paged-vs-non-paged, arbitrary thread context vs. known
thread context, etc. Adding another axis to this would cause a lot more
cognitive load for the developers, and would not in reality deliver much
value. (Whole forests have been cut down to print all of the research
papers on device driver isolation.)

Try to imagine the excruciating number of combinations of paged/non-paged,
4x rings, and multiple drivers all communicating with each other. If I
allocate data at ring 1, and I pass it to a driver or OS component that runs
at ring 0, what should happen? Boom? Now raise that number of combinations
to the power of the average PNP device stack depth, and it quickly becomes
obvious that more than 2 rings just causes insanity. At least if it is
shoe-horned into an existing OS design, and not part of it from the
beginning. (And I don’t know of any OS designed after 1980 where this was a
feature. I’m sure the peanut gallery will point one out, though, if there
is.)

Would I like to have better isolation between drivers? Of course. Which is
why I would suggest looking elsewhere, such as
http://research.microsoft.com/os/singularity/, rather than trying to
resurrect a processor architecture that is not used, and is basically being
abandoned.

________________________________________
From: xxxxx@lists.osr.com [xxxxx@lists.osr.com]
On Behalf Of Tim Roberts [xxxxx@probo.com]
Sent: Wednesday, March 28, 2007 2:34 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Re:Driver Programming Fundamentals/Philosophy, was: Re:
Calling NdisRequest() from ProtoclBi

Maxim S. Shatskih wrote:
>> I don’t understand your point, Maxim. Portability between what and what?
>>
>
> All these RISC machines, and now IA64.
>
> Having the OS unportable to any other CPU even theoretically is a bad
> idea.

Nonsense. The ring 1 thing would be implementation detail of the x86
kernels – an added benefit available on architectures that had multiple
levels of protection. It certainly wouldn’t require any source code
changes in drivers, so I am unclear on how it would affect portability.

There are certainly precedents for this. NT supports I/O ports, even
though those do not exist on non-x86 architectures. It supports memory
barriers, even though those only have meaning for certain architectures.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

The real question: is there one ring that rules them all?

That’s where the hypervisor lives

-p

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gray, Zachary C
Sent: Wednesday, March 28, 2007 9:04 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Two Rings Good, Four Rings Bad

The real question: is there one ring that rules them all?

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

> BTW, VMS was far more stable than NT ever has (or probably ever will be).
And how many 3rd party drivers did it load? Much easier to create a stable OS if you control every component and can test their interactions together. Not saying that all crashes are due to 3rd party drivers, but a good majority of crashes are due extensions loaded in the kernel. My point is that it is not so black and white ;).

d

> Just one question to this as I don’t disagree with most of it. Which came first: the chicken

or the egg? Is the four ring hardware being dropped because the OS wasn’t using it or because it
was a bad idea?

Actually, this is not really a “chicken-egg dilemma”… Try to look at it as simply as at demand-supply scenario, where hardware designers are in the role of suppliers and OS writers are in the role of consumers. If there is no demand for some product, then manufacturers normally just drop it. Here we are in exactly the same situation. If hardware designers see that some certain CPU feature is not that popular among OS designers, they come to a conclusion that this feature is simply not needed - after all, CPU without OS is just a piece of metal that will never make its way to the end users…

To be honest, I don’t think that four-ring protection is a good idea. As Peter has already pointed out, from CPU’s perspective there is privileged code (i.e. the one that is allowed to execute privileged instructions) and non-privileged one. Therefore, Ring 1 code is just “the most privileged code out of all non-privileged one”, and, hence, still needs validation when it makes system calls. In other words,
if you move drivers out of Ring 0, effectively turning them into non-privileged code, it does not really matter if you move them to Ring 1 or Ring 3, because all system calls made by non-privileged code require validation anyway. If validation of calls made by Ring 1 code is going to be not as strict as that of Ring 3 calls…well, then drivers will still be able to crash the OS, which simply defeats the purpose of moving them out of Ring 0 - the whole thing does not really offer extra security, but does add overhead…

Anton Bassov

I read somewhere that the Window/graphics managers in Windows NT is running
in kernel mode. Is it really require to be in Ring 0 ?. I feel Ring 1 is the
best place for Window manager. But the question still remains, will a bug in
Ring 1 crash the machine ?.

~Sisimon

On 3/29/07, xxxxx@hotmail.com wrote:
>
> > Just one question to this as I don’t disagree with most of it. Which
> came first: the chicken
> > or the egg? Is the four ring hardware being dropped because the OS
> wasn’t using it or because it
> > was a bad idea?
>
> Actually, this is not really a “chicken-egg dilemma”… Try to look at it
> as simply as at demand-supply scenario, where hardware designers are in the
> role of suppliers and OS writers are in the role of consumers. If there is
> no demand for some product, then manufacturers normally just drop it. Here
> we are in exactly the same situation. If hardware designers see that some
> certain CPU feature is not that popular among OS designers, they come to a
> conclusion that this feature is simply not needed - after all, CPU without
> OS is just a piece of metal that will never make its way to the end
> users…
>
> To be honest, I don’t think that four-ring protection is a good idea. As
> Peter has already pointed out, from CPU’s perspective there is privileged
> code (i.e. the one that is allowed to execute privileged instructions) and
> non-privileged one. Therefore, Ring 1 code is just “the most privileged code
> out of all non-privileged one”, and, hence, still needs validation when it
> makes system calls. In other words,
> if you move drivers out of Ring 0, effectively turning them into
> non-privileged code, it does not really matter if you move them to Ring 1 or
> Ring 3, because all system calls made by non-privileged code require
> validation anyway. If validation of calls made by Ring 1 code is going to be
> not as strict as that of Ring 3 calls…well, then drivers will still be
> able to crash the OS, which simply defeats the purpose of moving them out of
> Ring 0 - the whole thing does not really offer extra security, but does add
> overhead…
>
> Anton Bassov
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html

> BTW, VMS was far more stable than NT ever has (or probably ever will be).

…due to lesser numbers of third-party kernel-mode software titles.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

“Sauron” seems to be the good code name for hypervisor, like “Chicago” was
for Win95 and “Whistler” was for XP :-))))

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

“Peter Wieland” wrote in message
news:xxxxx@ntdev…
That’s where the hypervisor lives

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gray, Zachary C
Sent: Wednesday, March 28, 2007 9:04 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Two Rings Good, Four Rings Bad

The real question: is there one ring that rules them all?

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

> I read somewhere that the Window/graphics managers in Windows NT is

running
in kernel mode. Is it really require to be in Ring 0 ?. I feel Ring 1 is the
best place for Window manager.

Good suggestion. For me, the design of session space and win32k is similar to
VMS’s design of putting the DCL command-line shell - and possibly some shared
libraries - to Ring 2 memory shared across the whole “logon session” (or how it
was called there).

Given the knowledge of how well win32k is separated from the rest of the kernel
(graphics drivers cannot call kernel routines, only win32k’s ones) - putting it
to Ring 1 or 2 looks like a good idea. Not done though, I suspect due to
portability issues.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

The windowing started out in “user mode” (Ring 1) and was moved into ring 0
in NT 4.0 due to performance reasons. Apparently, the original L/RPC
mechanism was too slow to provide good performance so they moved it into
ring 0 to bypass that security/safety measure.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, March 29, 2007 5:31 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Two Rings Good, Four Rings Bad

I read somewhere that the Window/graphics managers in Windows NT is
running
in kernel mode. Is it really require to be in Ring 0 ?. I feel Ring 1 is
the
best place for Window manager.

Good suggestion. For me, the design of session space and win32k is similar
to
VMS’s design of putting the DCL command-line shell - and possibly some
shared
libraries - to Ring 2 memory shared across the whole “logon session” (or how
it
was called there).

Given the knowledge of how well win32k is separated from the rest of the
kernel
(graphics drivers cannot call kernel routines, only win32k’s ones) - putting
it
to Ring 1 or 2 looks like a good idea. Not done though, I suspect due to
portability issues.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Granted, there were not the numbers of 3rd party drivers. Also, granted
that the quality of those 3rd party drivers was significantly greater than
that we see in todays rushed software development cycles. Also, granted
that VMS was released on schedules that allowed for much fuller development
and QA cycles. Also granted that people were willing to pay for the cost of
all of this quality.

Having said all of that, VMS was also far more secure than NT, and that
cannot be blamed in any way on 3rd-party devices or drivers.

Please don’t get me wrong, I make my living developing for Windows
NT/XP/CE/Mobile, etc. I made my living in the past doing realtime work on
VMS and then Windows Platforms. Microsoft hired Dave Cutler, the architect
of VMS, to do the Windows NT product. They missed several great
opportunities to make NT all that VMS was and more. Somewhere along the way
MS got the mistaken idea that the window was the OS instead of something
running on the OS. The rest is history.

For a while, I ran an Alpha processor machine with dual booting VMS and
Windows NT. VMS was far faster than NT on that machine. This blows holes
all in the theories about kernel-mode windowing being faster or that you
HAVE to put the windowing exec in kernel mode for performance/stability or
that 2 rings produces less overhead.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, March 29, 2007 5:26 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Two Rings Good, Four Rings Bad

BTW, VMS was far more stable than NT ever has (or probably ever will be).

…due to lesser numbers of third-party kernel-mode software titles.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

>Having said all of that, VMS was also far more secure than NT, and that

cannot be blamed in any way on 3rd-party devices or drivers.

How many crashes reported in OSR pointing to Windows kernel ?
It seems INITIALLY there are issues when MS introduce new driver/driver
framework (like storport, filter manager), but it is negligible compare with
the *blue screens* by third party drivers.

~Sisimon
Bangalore

On 3/29/07, Gregory G. Dyess wrote:
>
> Granted, there were not the numbers of 3rd party drivers. Also, granted
> that the quality of those 3rd party drivers was significantly greater than
> that we see in todays rushed software development cycles. Also, granted
> that VMS was released on schedules that allowed for much fuller
> development
> and QA cycles. Also granted that people were willing to pay for the cost
> of
> all of this quality.
>
> Having said all of that, VMS was also far more secure than NT, and that
> cannot be blamed in any way on 3rd-party devices or drivers.
>
> Please don’t get me wrong, I make my living developing for Windows
> NT/XP/CE/Mobile, etc. I made my living in the past doing realtime work on
> VMS and then Windows Platforms. Microsoft hired Dave Cutler, the
> architect
> of VMS, to do the Windows NT product. They missed several great
> opportunities to make NT all that VMS was and more. Somewhere along the
> way
> MS got the mistaken idea that the window was the OS instead of something
> running on the OS. The rest is history.
>
> For a while, I ran an Alpha processor machine with dual booting VMS and
> Windows NT. VMS was far faster than NT on that machine. This blows holes
> all in the theories about kernel-mode windowing being faster or that you
> HAVE to put the windowing exec in kernel mode for performance/stability or
> that 2 rings produces less overhead.
>
> Greg
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
> Sent: Thursday, March 29, 2007 5:26 AM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Two Rings Good, Four Rings Bad
>
> > BTW, VMS was far more stable than NT ever has (or probably ever will
> be).
>
> …due to lesser numbers of third-party kernel-mode software titles.
>
> –
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html

You are ignoring the fact that for a long portion of that history VAX’es
were treated more like the old “datacenter” program for Windows 2000. With
that program, there were guarantees of reliability that Microsoft and its
hardware partners easily met. But to get that reliability, you could only
use trusted drivers (that had passed a multi-week test), and you had to
have a strong strict program of maintaining the system.

It is interesting that almost any system can reach that point. For years I
knew of an NT 3.5.1 system that has not had a major crash since it was
installed (about the time 3.5.1 war rolled out). The customer uses it for
a limited purpose (file serving documents that rarely change), and has been
very careful on the upgrades and support it gets. Now, NT 3.5.1 was not
what I would call a robust OS, but the system had run the last time I had
contact over 7 years without a crash.

Windows crashes have more to do with 3rd party drivers, and poor
maintainance versus systems like VAXen than it does with the quality of the
code.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

“Gregory G. Dyess” wrote in message news:xxxxx@ntdev…
> VMS was originally a 4-ring OS when it ran on VAX hardware. I’m not sure
> if
> they kept the 4-ring or went to 3 rings when ported to Alpha hardware and
> eventually to Intel’s Itanium. There were no major issues with device
> drivers or passing of data from one ring to the next or paging, etc, so
> the
> argument of complexity doesn’t hold much water in practical experience.
>
> BTW, VMS was far more stable than NT ever has (or probably ever will be).
>
> Greg
>

> The windowing started out in “user mode” (Ring 1)

Ring 3

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

> For a while, I ran an Alpha processor machine with dual booting VMS and

Windows NT. VMS was far faster than NT on that machine.

Correct, NT/Alpha was 32bit and VMS/Alpha was IIRC 64bit.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Ooops, sorry, I should have said “outer ring”. Thank you for the
correction.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, March 29, 2007 7:43 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Two Rings Good, Four Rings Bad

The windowing started out in “user mode” (Ring 1)

Ring 3

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

I agree with that point. I built a NT 4.0 server that ran for 2 years with
almost no downtime. I had to power it down one time to replace a DAT drive,
but there is no way that can be blamed on the OS.

The original premise of this discussion was that 4 rings was considerably
more complex than a 2-ring OS and therefore inherently less stable. I
merely pointed out a very prominent (OK, once prominent) case to counter
that argument.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Thursday, March 29, 2007 7:32 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Two Rings Good, Four Rings Bad

You are ignoring the fact that for a long portion of that history VAX’es
were treated more like the old “datacenter” program for Windows 2000. With
that program, there were guarantees of reliability that Microsoft and its
hardware partners easily met. But to get that reliability, you could only
use trusted drivers (that had passed a multi-week test), and you had to
have a strong strict program of maintaining the system.

It is interesting that almost any system can reach that point. For years I
knew of an NT 3.5.1 system that has not had a major crash since it was
installed (about the time 3.5.1 war rolled out). The customer uses it for
a limited purpose (file serving documents that rarely change), and has been
very careful on the upgrades and support it gets. Now, NT 3.5.1 was not
what I would call a robust OS, but the system had run the last time I had
contact over 7 years without a crash.

Windows crashes have more to do with 3rd party drivers, and poor
maintainance versus systems like VAXen than it does with the quality of the
code.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

“Gregory G. Dyess” wrote in message news:xxxxx@ntdev…
> VMS was originally a 4-ring OS when it ran on VAX hardware. I’m not sure
> if
> they kept the 4-ring or went to 3 rings when ported to Alpha hardware and
> eventually to Intel’s Itanium. There were no major issues with device
> drivers or passing of data from one ring to the next or paging, etc, so
> the
> argument of complexity doesn’t hold much water in practical experience.
>
> BTW, VMS was far more stable than NT ever has (or probably ever will be).
>
> Greg
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Perhaps I was not clear when I said “secure”. Secure means
resists/withstands malicious attacks. NT has been plagued from it’s initial
release with security holes. Security holes cannot be blamed on device
drivers. If security incursions get to the driver, the OS has already
failed.

Greg

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Sisimon E S
Sent: Thursday, March 29, 2007 7:14 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Two Rings Good, Four Rings Bad

Having said all of that, VMS was also far more secure than NT, and that
cannot be blamed in any way on 3rd-party devices or drivers.

How many crashes reported in OSR pointing to Windows kernel ?
It seems INITIALLY there are issues when MS introduce new driver/driver
framework (like storport, filter manager), but it is negligible compare with
the *blue screens* by third party drivers.

~Sisimon
Bangalore

On 3/29/07, Gregory G. Dyess wrote:

Granted, there were not the numbers of 3rd party drivers. Also, granted
that the quality of those 3rd party drivers was significantly greater than
that we see in todays rushed software development cycles. Also, granted
that VMS was released on schedules that allowed for much fuller development
and QA cycles. Also granted that people were willing to pay for the cost of
all of this quality.

Having said all of that, VMS was also far more secure than NT, and that
cannot be blamed in any way on 3rd-party devices or drivers.

Please don’t get me wrong, I make my living developing for Windows
NT/XP/CE/Mobile, etc. I made my living in the past doing realtime work on
VMS and then Windows Platforms. Microsoft hired Dave Cutler, the architect
of VMS, to do the Windows NT product. They missed several great
opportunities to make NT all that VMS was and more. Somewhere along the way

MS got the mistaken idea that the window was the OS instead of something
running on the OS. The rest is history.

For a while, I ran an Alpha processor machine with dual booting VMS and
Windows NT. VMS was far faster than NT on that machine. This blows holes
all in the theories about kernel-mode windowing being faster or that you
HAVE to put the windowing exec in kernel mode for performance/stability or
that 2 rings produces less overhead.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, March 29, 2007 5:26 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Two Rings Good, Four Rings Bad

> BTW, VMS was far more stable than NT ever has (or probably ever will be).

…due to lesser numbers of third-party kernel-mode software titles.

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

–
GCS d+ s: a- c++++ U> B+ L++>$ w++++$ W++(+++) PGP+N+ t PS+PE++ tv+(++) b+++
G+++ e++>(++++) h-- r
Don’t know this? See http://www.geekcode.com/geek.html — Questions? First
check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer