blog_os icon indicating copy to clipboard operation
blog_os copied to clipboard

Published 20 hours ago verified publisher icon phil-opp

Ring 3

Open vinaychandra opened this issue 5 years ago • 5 comments

Thanks for the great information and tutorials. The current state of the project looks awesome and I'm waiting for more posts.

Currently in the road map, i see multi tasking. That would cover most of the modern operating systems' major capabilities with the exception of User mode. Are you planning on providing an example of simple ring 3 user mode and traps?

vinaychandra avatar Apr 04 '19 04:04 vinaychandra

Thanks a lot! I'm glad that you like it.

Yes, my current plan is heap allocation, then multitasking (async/await, threads, kernel processes), and after that userspace processes (ring 3, syscalls). I updated the Roadmap accordingly.

phil-opp avatar Apr 04 '19 09:04 phil-opp

Looking ahead; are you planning on moving to a higher-half kernel, or are you going to use a trampoline setup? What would that look like?

Darksecond avatar Jul 02 '19 19:07 Darksecond

@Darksecond

I think a higher-half kernel is probably the easiest approach as it only needs a minimum of context switches. I'm still debating whether we should add something like kernel page-table isolation for Meltdown mitigation, but it's probably too complex.

What approach do you prefer?

phil-opp avatar Jul 06 '19 07:07 phil-opp

I'm not totally sure yet. Currently I'm leaning towards a normal higher-half approach. Looking at other implementation of kpti you really only need to protect your kernel heap and stacks as that's where the secret data lives. KPTI then can be added on top of a normal higher-half design later (as the linux kernel did). For KTPI you need to set-up a higher-half trampoline anyways, plus you need a special stack, etc. It's not so easy to do.

My feeling is that for implementing KPTI you need to do everything you need to do for a normal higher-half kernel, and extra. So I think it could be split up, normal higher-half ring 3 first, then add KPTI later perhaps.

Darksecond avatar Jul 06 '19 09:07 Darksecond

I'm not totally sure yet. Currently I'm leaning towards a normal higher-half approach.

Ok, seems like we're on the same page then. Let me know if you find another approach that works better.

So I think it could be split up, normal higher-half ring 3 first, then add KPTI later perhaps.

Sounds reasonable! One possible idea is to introduce KPTI together with other security measures, such as (K)ASLR, a capability system, or protecting the kernel against denial of service attacks.

phil-opp avatar Jul 06 '19 10:07 phil-opp