Re: RFC: Memory protection in modules (stability)

Derrik Pates (dpates@Cavern.NMSU.Edu)
Wed, 2 Apr 1997 13:15:57 -0700 (MST)

On Wed, 2 Apr 1997, Fabio Olive Leite wrote:

> Sorry, I didn't know the implications of these ideas. I've never really
> undertood what's a ring anyway :). If we would have to switch all the way
> to the last ring, it would be better to develope code as user processes
> and have them into the kernel when they're stable, as the cost and
> inconsistencies generated by that are immense.

Rings are CPU privilege levels. Ring 0 is highest. Your kernel runs at
ring 0, which allows it full access to everything in your system. From
there, the higher the ring number, the less access the process is allowed.
On Intel CPUs, ring 3 is the lowest - it provides protection from direct
port and system memory writes, etc. by the process.

> That was precisely the seed of these thoughts. Being able to protect the
> rest of the kernel from a buggy module. Even when things are not Alpha or
> Beta, random bugs appear from time to time just to say Hi! :).

Well, I don't think trying to run them on a different ringlevel is going
to make that happen, as it's not portable. Some CPUs only have 2 privilege
levels, so trying to use an inbetween privilege level will not be viable
on those platforms.

> I'm starting to think this is unfeasible. Anyway, keep on discussing, as
> this would be very very good for Linux. :)

Probably not. I don't think an unportable mechanism like that is good for
Linux, if we want to fulfill Linus' undying dream of world domination...

Derrik Pates

"What'll you two lovable plush toys have?"
"How 'bout a root beer popsicle and an Orange Julius? What about you,
"Dishwater! And put it in a dirty glass!"
-Sam & Max
"Fair Wind to Java"