phil-opp / blog_os

Writing an OS in Rust
http://os.phil-opp.com
Apache License 2.0
15.56k stars 1.07k forks source link

Ring 3 #574

Open vinaychandra opened 5 years ago

vinaychandra commented 5 years ago

Thanks for the great information and tutorials. The current state of the project looks awesome and I'm waiting for more posts.

Currently in the road map, i see multi tasking. That would cover most of the modern operating systems' major capabilities with the exception of User mode. Are you planning on providing an example of simple ring 3 user mode and traps?

phil-opp commented 5 years ago

Thanks a lot! I'm glad that you like it.

Yes, my current plan is heap allocation, then multitasking (async/await, threads, kernel processes), and after that userspace processes (ring 3, syscalls). I updated the Roadmap accordingly.

Darksecond commented 5 years ago

Looking ahead; are you planning on moving to a higher-half kernel, or are you going to use a trampoline setup? What would that look like?

phil-opp commented 5 years ago

@Darksecond

I think a higher-half kernel is probably the easiest approach as it only needs a minimum of context switches. I'm still debating whether we should add something like kernel page-table isolation for Meltdown mitigation, but it's probably too complex.

What approach do you prefer?

Darksecond commented 5 years ago

I'm not totally sure yet. Currently I'm leaning towards a normal higher-half approach. Looking at other implementation of kpti you really only need to protect your kernel heap and stacks as that's where the secret data lives. KPTI then can be added on top of a normal higher-half design later (as the linux kernel did). For KTPI you need to set-up a higher-half trampoline anyways, plus you need a special stack, etc. It's not so easy to do.

My feeling is that for implementing KPTI you need to do everything you need to do for a normal higher-half kernel, and extra. So I think it could be split up, normal higher-half ring 3 first, then add KPTI later perhaps.

phil-opp commented 5 years ago

I'm not totally sure yet. Currently I'm leaning towards a normal higher-half approach.

Ok, seems like we're on the same page then. Let me know if you find another approach that works better.

So I think it could be split up, normal higher-half ring 3 first, then add KPTI later perhaps.

Sounds reasonable! One possible idea is to introduce KPTI together with other security measures, such as (K)ASLR, a capability system, or protecting the kernel against denial of service attacks.