|
|
And yet we still sometimes get the BSOD due to driver / other issues.
|
|
|
|
|
Hard to protect the OS against ill behaved drivers without introducing a nasty performance hit. Drivers basically need to operate in kernel space.
Windows does have "user mode" drivers now, but not everything can be run that way. It would destroy your GPU performance, for example.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
Remember the ring protection. Drivers are not supposed to run in ring 0. The (hardware) ring protection is effective at all times; it is not turned on or activated. Making use of it does not affect performance.
Then comes the questions of placing the various OS data structures in the appropriate ring. I wouldn't be surprised if there are essential data structures in ring 1 (/2) that really should be located in ring 0. But then the OS code referencing it must be located in ring 0 as well. If the OS wasn't originally architected with a ring protection in mind, cleaning it up later may be a rather nasty job.
I've never been inside Windows source code, but my experiences, not the least with (but certainly not limited to) Windows Docker, seems to indicate that it "Everything is deeply intertwingled" (to quote Ted Nelson). Picking apart a crow's nest to put some of the stick in the "ring 0" pile, without breaking any of the other sticks, requires extreme care.
Then learning Zephyr, seeing how it is possible to divide OS functionality into clear cut, small pieces so that you load exactly what you need and nothing more, was a revelation to me. It is the diametrical opposite to Windows. Of course: Zephyr and Windows targets (almost) completely different problem domains. Yet I am quite sure that a general OS like Windows could be built with much more of the Zephyr modular philosophy.
|
|
|
|
|
Maybe I misunderstand how things are laid out but I do know a driver can do a kernel wait without switching between "user mode" and "kernel mode" under windows. I assumed kernel mode was equiv to ring 0 but it sounds like the truth is more complicated.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
Well, in OS/2 you had the following levels:
Level 0: Kernel and (some) drivers
Level 1: Most drivers
Level 2: IOPL (In, Out instructions) for use programs
Level 3: User programs
I don't know much about the Windows kernel, but I assumed that it had a similar structure.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
tronden did a pretty good rundown in a reply to me. My information was woefully out of date.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
You've got several different protection mechanisms:
First, that of addressability. A process presents a logical address the memory management system, which will translate it to a physical address. The contents of the MMS tables switches when the CPU switches to another process, so each process will see a different selection of physical pages, even if the logical address is the same. No user process has page table entries pointing to OS data structures, so it cannot reference / modify them.
The translation from logical to physical pages goes through another translation before getting to the page tables: The logical address space is split into segments. Each segment has a minimum privilege level (i.e. ring). On Intel CPUs, 0 is the highest privilege, 3 is minimum. Even if a driver runs in the same logical address space as OS code, some segments of that space could be marked as requiring level 0 (or 1 or 2) for access. Drivers usually run in ring 1 or 2, and if the OS data lies in a ring 0 segment, the driver cannot access it. A process in a given ring have access to all segments of lower (higher numbered) rings, so a ring 0 kernel process can access whatever it wants, as long as it has a page table entry to it. The segment descriptor tells the length of the segment: An attempt to go to a less restricted segment and address out of bounds, into another segment, will fail.
The segment descriptor also indicates the type of segment, one of 16 values (4 bits): A "Read-Only" segment may not be modified, even it it can be read. Typically, the OS will make configuration and state information available to drivers this way, but the drivers cannot modify/corrupt this information. Also, the contents of the segment can not be executed as instructions. An "Execute-Only" segment cannot be read or written, but may be executed. Code segments may allow reading. (The OS may need write access to the data structures, so it constructs a different segment descriptor for its own use.)
On the x86/x64 you can also restrict write access on the page level. Even if the segment generally is accessible, sensitive OS structures may be stored in pages that denies writing. (Both the segment and the page must allow writing.) There is another bit restricting code execution, if this bit is set in the page descriptor.
The ring (also called Privilege Level) of the current process also can restrict access to I/O devices. E.g. the OS may allow users to write drivers to run in ring 2, to gain access to (at least some) OS structures, but do I/O on devices defined as ring 2 (or 3); the driver cannot access e.g. the system disk in ring 1.
Ring 0 is frequently referred to as "Kernel Mode". While the OS may have its own drivers for central devices running in ring 0, it should never let any external driver do so. The great majority of drivers should not run in "Kernel Mode", ring 0. They may still have access to a lot of the OS data structures, a lot of it read only, that ordinary user processes can't access. They may make use of OS code segments in ring 1 or 2, not available to user processes. They won't have the permission to update segment and page table descriptions, manipulate the interrupt system or set ring (privilege) level. They don't need to.
Independent of memory accesses: Some instructions are legal only for processes running in ring 0. Typical examples are setting the pointers to segment or page table structures, done at process switching. (A ring 1 driver may try to construct its own segment descriptors with less restrictions, but it has no way to enter the pointer into the hardware registers.)
Simpler machines often have just two privilege levels, comparable to ring 0 and ring 3 on the x86/x64. Then, drivers usually have all the privileges of the OS, running in "kernel mode". Multi-level ring protection was introduced by Multics in 1969 (so it ought to be well known  ), and most processors at the level of 386 and above have some sort of multi-level privilege mechanism.
(Fun final note:
I went to Wikipedia to see when Multics came up with its ring mechanisms, to find that its latest release was 30 days ago, August 10th this year! I would claim that Multics is the most influential OS ever, way beyond Unix/Linux. The very most of *nix is making Multics concepts known to the world, they did not invent it! I am itching to download and study Multics source code, but unfortunately, I know that I won't ever get around to understanding it.)
|
|
|
|
|
trønderen wrote: hey may still have access to a lot of the OS data structures, a lot of it read only, that ordinary user processes can't access.
This must be why they can do things like enter a wait state without doing a switch.
trønderen wrote: Simpler machines often have just two privilege levels, comparable to ring 0 and ring 3 on the x86/x64. Then, drivers usually have all the privileges of the OS, running in "kernel mode".
When I learned things, this is how it was done. I knew things had changed, but nevertheless that probably contributed to my misunderstanding.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
|
> super duper stable
I don’t think that is out yet. Who knows, maybe Windows 12 will fit the requirements. Although some might say there’s not much space for improvement left.
modified 11-Sep-23 10:37am.
|
|
|
|
|
It's not frequent but I've had my Win 10 system crash. No BSOD, just acts like I'd pushed the reset button. I'm pretty sure it's only been when I was gaming (which I do frequently now that I'm retired!). I do use the latest and greatest drivers for my GPU so possibly a driver issue.
|
|
|
|
|
|
Easy one to end the week
Splitting a hundred departing (8)
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
C 100
LEAVING departing
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
|
![Badger | [badger,badger,badger,badger...]](https://codeproject.global.ssl.fastly.net/script/Forums/Images/badger.gif) ! ! ! !
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
🍄! 🍄!
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
|
|
I don't have to watch no stinking badgers!
"A little time, a little trouble, your better day"
Badfinger
|
|
|
|
|
|
A whole orchestra watching the pianist solo, haha, feeling sorry for them!
|
|
|
|
|
can not say i understand as they have front row seats for free . even get paid for the pleasure of her performing .
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
