本文探讨了Linux操作系统中进程运行的不同权限模式,即用户空间和内核空间的概念。介绍了Intel硬件支持的四个环(Ring),其中Linux仅使用了两个:Ring0(内核空间)拥有最高权限,而Ring3(用户空间)权限最低。当用户进程需要更高权限时,会通过系统调用从用户空间过渡到内核空间。
2.3. User Space and Kernel Space
Processes run normally in an unprivileged operation mode, that means they have
no access to physical memory or devices. This operation mode is called in Linux
user space. More abstractly, the concept of security boundaries of an operating
system introduces the term ring. Note, that this must be a hardware supported
feature of the platform. A certain group of rights is assigned to a ring. Intel
hardware [21] supports four rings, but only two rings are used by Linux. These
are ring 0 with full rights and ring 3 with least rights. Ring 1 and 2 are unused.
System processes run in ring 0 and user processes in ring 3. If a process needs
higher privileges, it must perform a transition from ring 3 to ring 0. The transition
passes a gateway, that performs security checks on arguments. This transition is
called system call and produces a certain amount of calculating overhead.
Processes run normally in an unprivileged operation mode, that means they have
no access to physical memory or devices. This operation mode is called in Linux
user space. More abstractly, the concept of security boundaries of an operating
system introduces the term ring. Note, that this must be a hardware supported
feature of the platform. A certain group of rights is assigned to a ring. Intel
hardware [21] supports four rings, but only two rings are used by Linux. These
are ring 0 with full rights and ring 3 with least rights. Ring 1 and 2 are unused.
System processes run in ring 0 and user processes in ring 3. If a process needs
higher privileges, it must perform a transition from ring 3 to ring 0. The transition
passes a gateway, that performs security checks on arguments. This transition is
called system call and produces a certain amount of calculating overhead.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
