Free electronic library

3.
This allows it to access memory allocated to applications that run in ring 3, but
protects it from applications and other kernels. The hypervisor, in ring 0, is
protected from kernels in ring 1, and applications in ring 3.
When AMD tidied up the IA32 architecture as part of the process of creating
x86-64, one of the things it did was reduce the number of rings. With the exception
of OS/2, and (optionally) NetWare, no one at the time made much use of rings 1
1.7. The Xen Architecture 17
and 2, so they wouldn??™t be missed. Unfortunately, the virtualization community
was among those a?¬?ected.
3 2 1 0 3 2 1 0
Native Paravirtualized
Hypervisor Kernel Applications Unused
Figure 1.3: Ring usage in native and paravirtualized systems
In the absence of rings 1 and 2, it was necessary to modify Xen to put the
operating system in ring 3, along with the applications. Figure 1.4 shows the
di?¬?erence between the two approaches. This approach is also taken by Xen on
other platforms, such as IA64, which only have two protection rings.


Pages:
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73