Brief Notes: 386 RingsA "ring" is a concept developed in the early days of large-scale timesharing by those working on the MULTICS operating system (see The Multics Systems: An Examination of Its Structure, Elliot I. Organick, MIT Press: Cambridge Mass., 1972). These rings establish a hierarchy of memory protection and processor function, in which code running in lesser-valued rings has access only to all higher-valued or equally valued rings. A protection violation occurs when less "secure" code (running in a higher-valued ring) accesses more "secure" code or data (at a lower-valued ring).
Rings can be used to regulate access and determine if a protection violation occurs.
Support for the multiple ring protection model of the 386 occurs in four distinct rings of protection (0-3). Traditional UNIX supports only two rings: One for the kernel operating system, and one for the current user process. On the 386, this corresponds to the supervisor ring (0) and the user ring (3). When the 386 is running in the user ring and receives an interrupt or exception, or it needs to process a system call, it must switch rings to the supervisor ring. Once there, the kernel is run as a trusted program to handle these events. This switching of rings, or "ring crossing," is central to the UNIX memory protection model. Unlike MS-DOS, where operating system code and user application code mingle in the same address space, UNIX programs run in "hard" shells of address space. UNIX programs are not able to modify each other or the operating system by virtue of memory protection. This is enforced by memory protection hardware on the microprocessor in the general case when the applications program is running. Ring crossing, where we go from user to kernel code, needs to be carefully done to preserve the protection model in all cases. In this way, nothing that a user program does can possibly affect another user program adversely or "crash" the operating system.
In the following sections of this article, we will discuss some extensions to the standalone system which add kernel functionality. Processor support for the kernel reflects support for memory protection of 386 "rings," ring crossings, and address space translations among other needs (see the accompanying box "Brief Notes: 386 Rings").
These extensions are not required for the standalone system to function, but they are not only used to test the kernel code, but actually form the basis for the prototype kernel code. In essence, the standalone system can be viewed as if it were the kernel itself, or possibly even a nano-kernel!