Manualshelf

Server virtualization technologies for x86-based HP BladeSystem and HP ProLiant servers, 3rd edition

ManualsBrandsHP ManualsSoftwareHP Virtual Connect Enterprise Manager including 1yr 24x7 Support Flexible Qty c7000 Enclosure Lic
11121314151617181920
16
Appendix A: Background about processor ring layers
An x86 processor includes four different ―ring‖ layers. These layers differentiate the type of
instructions that the processor can execute, depending on what software is calling the instruction
(Figure A1). In a typical multitasking OS, the OS operates in ―ring 0,‖ in which it has full access to all
the processor and platform resources, such as memory mapping. This is the most privileged level, also
referred to as kernel mode. Applications typically operate in ―ring 3,‖ sometimes referred to as user
mode, in which functions such as memory mapping are restricted to keep one application from
adversely affecting another. Originally, ring layers 1 and 2 were designed to house elements such as
device drivers and the OS file system; however, these layers are not typically used today. The device
drivers now typically reside with the OS in ring 0, and the file system resides with the application in
ring 3 or with the OS in ring 0. The protected ring layers in the processor hardware work hand-in-
hand with the OS to enable a multitasking OS to preempt an application off the processor, providing
the appearance that multiple applications are operating simultaneously.
Figure A1. In a typical multitasking OS, the application resides in ring 3, while the OS kernel and device drivers
reside in ring 0.
Application
OS kernel/
device drivers
Ring 0
Ring 3
Typical multitasking
operating system
Processor
Platform hardware layer
Software layers
Ring 2 (typically not used)
Ring 1 (typically not used)
Because the hypervisor must be able to control all of the system’s physical resources, just as the OS
normally does (with privileged instructions), the hypervisor normally operates in ring 0 and moves the
OS into ring 1 or ring 3 (Figure A2). However, this can create a conflict and potential excessive
system faults when the OS issues a privileged instruction but it is not operating at the privileged ring 0
level. The result is that the hypervisor must act as a fault handler, executing many lines of code to
determine what the OS has requested and handling the request as an intermediary between the OS
and the hardware.