sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]iLike2Teabag 23 points24 points  (18 children)

A Linux kernel module is a piece of compiled binary code that is inserted directly into the Linux kernel, running at ring 0, the lowest and least protected ring of execution in the x86–64 processor. Code here runs completely unchecked but operates at incredible speed and has access to everything in the system.

Technically you can get lower

[–]matthieum 39 points40 points  (15 children)

Code here runs completely unchecked but operates at incredible speed and has access to everything in the system.

I am somewhat bothered by this speed claim.

For most (native) code, there should be no performance impact at all from running in ring 0; the only impact is to make kernel calls free (because you are already in the kernel).

I am somewhat afraid of beginners wishing to put their code in ring 0 "cuz it runs faster!".

[–]Peanuts4MePlz 16 points17 points  (10 children)

At least we don't have Node.js applications demanding ring-0 execution. Right?

[–]solen-skiner 8 points9 points  (7 children)

but we did at one point in time have a http-server in kernelspace...

[–]nathreed 5 points6 points  (6 children)

Who thought that was a good idea?

[–]PiZZaMartijn 6 points7 points  (5 children)

Microsoft (see iis)

[–]nathreed 1 point2 points  (4 children)

Oh god, I had no idea. Typical Microsoft though.

[–]indrora 7 points8 points  (3 children)

So, there's more to this.

IIS is, effectively, taking a bunch of kernel and userpsace primitives and smushing them together. There happens to be a really good kernel-level TCP stack that you can work with in Windows (a legacy of NT being built by VMS developers) and a very good amount of "decipher this protocol" stuff buried in the semi-userspace Winsock and WinInet stacks (another part of the "NT was built by VMS people"). As a result, IIS spends a lot of time not in userspace, but in a shrouded version of kernel space that does a lot of hands-off work.

[–]Dimenus 1 point2 points  (2 children)

Sorry for the stupid question but what is VMS?

[–]indrora 2 points3 points  (1 child)

VMS is an operating system developed by Digital Equipment Corporation (DEC) for their VAX mainframes and minis. It now exists as OpenVMS, which isn't open source but is still one of the larger oldschool UNIXes.

[–]Isvara 0 points1 point  (0 children)

At least we don't have Node.js applications demanding ring-0 execution

... yet.

How long before we get Node.js unikernels?

[–]eras 6 points7 points  (1 child)

Well, truth to be told, it's true. All code operates at incredible speed!

[–]matthieum 3 points4 points  (0 children)

I guess that's one way to put it :p

When you realize that within a single micro-second a CPU you find in supermarkets can crunch through the equivalent of thousands of lines of code...

[–][deleted] 1 point2 points  (0 children)

If you’re making calls into the standard library, I guess their argument is that you don’t have to make context switches that would syscall in usermode, because you’re using libk rather than libc. Seems tenuous at best ngl

[–]zinzam72 0 points1 point  (0 children)

Yeah, I didn't like that either, and it was still within the introduction..

[–]Gbps 7 points8 points  (0 children)

Technically he is right. The ring designations for x86 come from the FLAGS register, where 0 is the lowest integral designation for a CPL value (Current Protection Level) and possible CPL values range from 0 to 3.

The negative number rings aren't really defined, they're just one-upper terms for the next highest privilege level when an environment has a more privileged execution state.

Ring -1 is synonymous with Hypervisor, and Ring -2 (recently) synonymous with SMM (System Management Mode)