Perché le CPU x86 usano solo due su quattro, le ali?

Sommario:

Perché le CPU x86 usano solo due su quattro, le ali?
Perché le CPU x86 usano solo due su quattro, le ali?

Video: Perché le CPU x86 usano solo due su quattro, le ali?

Video: Perché le CPU x86 usano solo due su quattro, le ali?
Video: Come installare e usare il nuovo browser Edge Chromium - YouTube 2024, Novembre
Anonim
Quando si apprende di più su come i sistemi operativi e l'hardware su cui funzionano funzionano e interagiscono tra loro, si può essere sorpresi di vedere ciò che sembra essere stranezza o sottoutilizzazione delle "risorse" che si verificano. Perché? Il post di Q & A di SuperUser di oggi ha la risposta alla domanda di un lettore curioso.
Quando si apprende di più su come i sistemi operativi e l'hardware su cui funzionano funzionano e interagiscono tra loro, si può essere sorpresi di vedere ciò che sembra essere stranezza o sottoutilizzazione delle "risorse" che si verificano. Perché? Il post di Q & A di SuperUser di oggi ha la risposta alla domanda di un lettore curioso.

La sessione di domande e risposte di oggi ci viene fornita per gentile concessione di SuperUser, una suddivisione di Stack Exchange, un raggruppamento di domande e risposte basato sulla comunità.

Foto per gentile concessione di Lemsipmatt (Flickr).

La domanda

Il lettore SuperUser AdHominem vuole sapere perché le CPU x86 usano solo due anelli su quattro:

Linux and Windows based x86 systems only use Ring 0 for kernel mode and Ring 3 for user mode. Why do processors even distinguish four different rings if they all end up just using two of them anyway? Has this changed with the AMD64 architecture?

Perché le CPU x86 usano solo due anelli su quattro?

La risposta

Il collaboratore di SuperUser Jamie Hanrahan ha la risposta per noi:

There are two primary reasons.

The first is that, although the x86 CPUs do offer four rings of memory protection, the granularity of protection offered thereby is only at the per-segment level. That is, each segment can be set to a specific ring (privilege level) along with other protections like write-disabled. But there are not that many segment descriptors available. Most operating systems would like to have a much finer granularity of memory protection, like… for individual pages.

So, enter page table-based protection. Most, if not all, modern x86 operating systems more or less ignore the segmenting mechanism (as much as they can anyway) and rely on the protection available from the low-order bits in page table entries. One of these is called the “privileged” bit. This bit controls whether or not the processor has to be in one of the “privileged” levels to access the page. The “privileged” levels are PL 0, 1, and 2. But it is just one bit, so at the page-by-page protection level, the number of “modes” available as far as memory protection is concerned is just two: A page can be accessible from non-privileged mode, or not. Hence, just two rings. To have four possible rings for each page, they would have to have two protection bits in each page table entry to encode one of four possible ring numbers (just as do the segment descriptors). However, they do not.

The other reason is a desire for operating system portability. It is not just about x86; Unix taught us that an operating system could be relatively portable to multiple processor architectures, and that it was a good thing. And some processors support only two rings. By not depending on multiple rings in the architecture, the operating system implementers made the operating systems more portable.

There is a third reason that is specific to Windows NT development. NT’s designers (David Cutler and his team, whom Microsoft hired away from DEC Western Region Labs) had extensive previous experience on VMS; in fact, Cutler and a few of the others were among VMS’s original designers. And the VAX processor for which VMS was designed does have four rings (VMS uses four rings).

But the components that ran in VMS’s Rings 1 and 2 (Record Management Services and the CLI, respectively) were left out of the NT design. Ring 2 in VMS was not really about operating system security, but rather about preserving the user’s CLI environment from one program to the next, and Windows did not have that concept; the CLI runs as an ordinary process. As for VMS’s Ring 1, the RMS code in Ring 1 had to call into Ring 0 fairly often, and ring transitions are expensive. It turned out to be far more efficient to just go to Ring 0 and be done with it rather than have a lot of Ring 0 transitions within the Ring 1 code (again, not that NT has anything like RMS anyway).

As for why x86 implemented four rings while operating systems did not use them, you are talking about operating systems of far more recent design than x86. A lot of the system programming features of x86 were designed long before NT or true Unix-ish kernels were implemented on it, and they did not really know what the operating system would use. It was not until we got paging on x86 that we could implement true Unix-ish or VMS-like kernels.

Not only do modern x86 operating systems largely ignore segmenting (they just set up the C, D, and S segments with a base address of 0 and size of 4 GB; F and G segments are sometimes used to point to key operating system data structures), they also largely ignore things like “task state segments”. The TSS mechanism was clearly designed for thread context switching, but it turns out to have too many side effects, so modern x86 operating systems do it “by hand”. The only time x86 NT changes hardware tasks is for some truly exceptional conditions, like a double fault exception.

Regarding x64 architecture, a lot of these disused features were left out. To their credit, AMD actually talked to operating system kernel teams and asked what they needed from x86, what they did not need or did not want, and what they would like added. Segments on x64 exist only in what might be called vestigial form, task state switching does not exist, etc., and operating systems continue to use just two rings.

Hai qualcosa da aggiungere alla spiegazione? Audio disattivato nei commenti. Vuoi leggere più risposte dagli altri utenti di Stack Exchange esperti di tecnologia? Controlla la discussione completa qui.

Consigliato: