By: Linus Torvalds (torvalds.delete@this.linux-foundation.org), March 14, 2021 4:58 pm
Room: Moderated Discussions
Andrey (andrey.semashev.delete@this.gmail.com) on March 14, 2021 4:15 pm wrote:
>
> In the FRED model, I'm kind of alerted that they are dropping rings 1 and 2, basically leaving
> kernel and userspace with nothing in between. This fits Linux and Windows needs, but I wonder
> if that would be limiting for other designs, like microkernels? What was the intended use case
> of the middle rings if not some semi-privileged stuff like some drivers and system services?
The middle rings were always completely and entirely useless.
There is basically absolutely no difference between rings 1-3: the paging model doesn't make a difference, and the only support for it is in some truly esoteric segment and call gate usage that no sane person should ever do, and that just means that your OS will never be relevant on anything else than x86, and will perform badly even there.
You don't need them. Not even for microkernels. If you think you do, you've done something truly horrendously wrong to begin with.
In fact, the main reason I like Fred is that it really is a big step towards not only getting rid of a broken IDT ring transition model, but eventually getting rid of segmentation entirely. All that remains is basically the gsbase/fsbase for variations of thread-local data (which is useful in ways segments are not).
Yes, yes, the processors will obviously continue to support the "legacy crud", but with Fred really is something that could be eventually excised.
Segments were a bad idea.
Now, I do think that it might be interesting to support some kind of "cross-address-space" model which is not segments, but more of a "truly different address spaces with their separate page tables". That kind of thing could be useful for a microkernel (not that I believe in the concept - I continue to be of the opinion that microkernel proponents are overplaying the advantages, and underplaying the very real issues with communication and sharing).
And "truly separate address spaces" can also be very useful for emulation, and virtualization. It would also be a very valid model for just a traditional kernel, with separate page tables for the kernel and user space, and in fact that has been done a few times (ie at least sparc and s390).
But segments, the way they were introduced in the 80286? Total and utter garbage. If you think you need them or want them (other than for legacy retro-computing), I suggest you need to really re-examine your life choices.
(Side note: in many ways x86 supervisor/CPL0 mode is a "middle ring", since you have modes beyond it with higher access rights - SMM (ugh) and virtualization. So it's not that you don't necessarily want more than two security domains, but the way 80286 did it with four rings and segmentation was always the wrong model entirely.
The whole "one ring for applications, one ring for device drivers, one ring for system software, and one ring to rule them all" thing was just truly horrendously bad Tolkien fan-fiction.
Linus
>
> In the FRED model, I'm kind of alerted that they are dropping rings 1 and 2, basically leaving
> kernel and userspace with nothing in between. This fits Linux and Windows needs, but I wonder
> if that would be limiting for other designs, like microkernels? What was the intended use case
> of the middle rings if not some semi-privileged stuff like some drivers and system services?
The middle rings were always completely and entirely useless.
There is basically absolutely no difference between rings 1-3: the paging model doesn't make a difference, and the only support for it is in some truly esoteric segment and call gate usage that no sane person should ever do, and that just means that your OS will never be relevant on anything else than x86, and will perform badly even there.
You don't need them. Not even for microkernels. If you think you do, you've done something truly horrendously wrong to begin with.
In fact, the main reason I like Fred is that it really is a big step towards not only getting rid of a broken IDT ring transition model, but eventually getting rid of segmentation entirely. All that remains is basically the gsbase/fsbase for variations of thread-local data (which is useful in ways segments are not).
Yes, yes, the processors will obviously continue to support the "legacy crud", but with Fred really is something that could be eventually excised.
Segments were a bad idea.
Now, I do think that it might be interesting to support some kind of "cross-address-space" model which is not segments, but more of a "truly different address spaces with their separate page tables". That kind of thing could be useful for a microkernel (not that I believe in the concept - I continue to be of the opinion that microkernel proponents are overplaying the advantages, and underplaying the very real issues with communication and sharing).
And "truly separate address spaces" can also be very useful for emulation, and virtualization. It would also be a very valid model for just a traditional kernel, with separate page tables for the kernel and user space, and in fact that has been done a few times (ie at least sparc and s390).
But segments, the way they were introduced in the 80286? Total and utter garbage. If you think you need them or want them (other than for legacy retro-computing), I suggest you need to really re-examine your life choices.
(Side note: in many ways x86 supervisor/CPL0 mode is a "middle ring", since you have modes beyond it with higher access rights - SMM (ugh) and virtualization. So it's not that you don't necessarily want more than two security domains, but the way 80286 did it with four rings and segmentation was always the wrong model entirely.
The whole "one ring for applications, one ring for device drivers, one ring for system software, and one ring to rule them all" thing was just truly horrendously bad Tolkien fan-fiction.
Linus
| Topic | Posted By | Date |
|---|---|---|
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/12 06:16 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/13 01:18 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:25 PM |
| x86 - why unite when you can fragment? | Jon Masters | 2021/03/13 07:44 PM |
| x86 - why unite when you can fragment? | Yuhong Bao | 2021/03/13 08:49 PM |
| x86 - why unite when you can fragment? | tt | 2021/03/20 09:30 AM |
| x86 - why unite when you can fragment? | Andrey | 2021/03/14 04:15 PM |
| x86 - why unite when you can fragment? | Linus Torvalds | 2021/03/14 04:58 PM |
| x86 - why unite when you can fragment? | anonymou5 | 2021/03/14 05:31 PM |
| x86 - why unite when you can fragment? | anon2 | 2021/03/14 08:07 PM |
| Microkernel? | Anon | 2021/03/14 11:49 PM |
| Microkernel? | none | 2021/03/15 12:37 AM |
| Microkernel? | Anon | 2021/03/15 01:56 AM |
| Microkernel? | anon2 | 2021/03/15 01:58 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 03:12 AM |
| Microkernel? | anon2 | 2021/03/15 04:53 AM |
| Microkernel? | Simon Farnsworth | 2021/03/15 06:56 AM |
| Microkernel? | iz | 2021/03/15 08:10 AM |
| Microkernel? | Anon | 2021/03/15 09:05 AM |
| Microkernel? | iz | 2021/03/16 01:25 AM |
| Microkernel? | Andrey | 2021/03/16 02:54 AM |
| Microkernel? | iz | 2021/03/16 08:36 AM |
| Microkernel? | Andrey | 2021/03/16 10:06 AM |
| Microkernel? | anonymou5 | 2021/03/16 11:44 AM |
| Microkernel? | iz | 2021/03/21 02:58 AM |
| Microkernel? | Andrey | 2021/03/21 09:34 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 AM |
| Microkernel? | Simon Farnsworth | 2021/03/16 04:42 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 03:21 AM |
| Microkernel? | anon2 | 2021/03/15 04:56 AM |
| Microkernel? | Gabriele Svelto | 2021/03/15 10:41 AM |
| Microkernel? | anon2 | 2021/03/15 08:00 PM |
| Microkernel? | Gabriele Svelto | 2021/03/16 07:23 AM |
| Microkernel? | anon2 | 2021/03/16 05:13 PM |
| Microkernel? | anon2 | 2021/03/16 05:16 PM |
| Microkernel? | Gian-Carlo Pascutto | 2021/03/16 01:40 PM |
| Microkernel? | anon2 | 2021/03/16 05:53 PM |
| Microkernel? | Linus Torvalds | 2021/03/16 07:25 PM |
| Microkernel? | Doug S | 2021/03/17 09:30 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 10:30 AM |
| Microkernel? | Brendan | 2021/03/17 10:56 PM |
| Microkernel? | Michael S | 2021/03/18 03:47 AM |
| Microkernel? | Brendan | 2021/03/18 09:07 AM |
| Microkernel? | Jose | 2021/03/18 09:35 AM |
| Microkernel? | zArchJon | 2021/03/18 05:42 PM |
| Transputer | RichardC | 2021/03/17 09:47 AM |
| Microkernel? | dmcq | 2021/03/17 11:15 AM |
| Microkernel? | Linus Torvalds | 2021/03/17 11:59 AM |
| Microkernel? | dmcq | 2021/03/17 12:38 PM |
| Microkernel? | Adrian | 2021/03/17 01:00 PM |
| Microkernel? | Ana R. Riano | 2021/03/18 04:33 AM |
| Microkernel? | NvaxPlus | 2021/03/17 11:48 AM |
| Microkernel? | Michael S | 2021/03/18 03:32 AM |
| Microkernel? | Adrian | 2021/03/18 04:12 AM |
| Microkernel? | dmcq | 2021/03/18 06:30 AM |
| Microkernel? | dmcq | 2021/03/18 06:55 AM |
| Microkernel? | Adrian | 2021/03/18 08:35 AM |
| Microkernel? | --- | 2021/03/18 09:49 AM |
| Microkernel? | dmcq | 2021/03/18 10:59 AM |
| Microkernel? | dmcq | 2021/03/18 04:09 PM |
| Microkernel? | --- | 2021/03/18 09:27 AM |
| Microkernel? | Kalle A. Sandström | 2021/03/20 06:34 AM |
| Microkernel? | --- | 2021/03/20 08:35 AM |
| Microkernel? | anon2 | 2021/03/21 05:29 PM |
| Microkernel? | dmcq | 2021/03/15 04:06 AM |
| Microkernel? | anon2 | 2021/03/15 04:59 AM |
| Microkernel? | dmcq | 2021/03/15 11:51 AM |
| Microkernel? | anon2 | 2021/03/15 08:31 PM |
| Microkernel? | dmcq | 2021/03/16 09:17 AM |
| Microkernel? | Jukka Larja | 2021/03/16 11:22 AM |
| Microkernel? | dmcq | 2021/03/16 04:06 PM |
| Microkernel? | Jukka Larja | 2021/03/17 03:42 AM |
| Microkernel? | dmcq | 2021/03/17 07:00 AM |
| Microkernel? | anon2 | 2021/03/16 05:26 PM |
| Microkernel? | --- | 2021/03/16 10:07 AM |
| Microkernel? | -.- | 2021/03/15 08:15 PM |
| Microkernel? | anon2 | 2021/03/15 09:18 PM |
| Microkernel? | Foo_ | 2021/03/16 03:37 AM |
| Read the thread (NT) | anon2 | 2021/03/16 05:27 PM |
| Already did (NT) | Foo_ | 2021/03/17 02:55 AM |
| Already did | anon2 | 2021/03/17 03:46 AM |
| Already did | Etienne Lorrain | 2021/03/18 02:31 AM |
| Microkernel? | -.- | 2021/03/17 05:04 AM |
| Microkernel? | Gabriele Svelto | 2021/03/17 08:53 AM |
| Microkernel? | -.- | 2021/03/17 02:43 PM |
| Microkernel? | dmcq | 2021/03/16 08:40 AM |
| x86 - why unite when you can fragment? | Konrad Schwarz | 2021/03/17 10:19 AM |
| x86 - why unite when you can fragment? | anonon | 2021/03/15 07:37 AM |
