Correct me if wrong, according to my aging memory, the Intel x86 architecture actually have individual stack for each ring. So ring0,1,2,3 everyone have one ring. Normal OS only uses 0 and 3, but VMWare uses an additional ring1, and XEN HVM uses ring "-1", for its hypervisor implementation. So theoretically u have more stacks than just two. Plus the interrupt stack as mentioned before. Stack switching can be found in many University lectures notes found online - last saw is one from MIT. But then again, I may be wrong......Have fun!!! On Fri, Apr 25, 2008 at 12:54 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: > In general, user cannot see kernel memory, but kernel can see user > memory. To enforce this, all memory are not to be shared. And this > is also enforce at the x86 hardware level - no OS feature is needed > (ie, windows/linux all worked in the same way)....the keyword to > search is called "stack switching". > > And kernel have two stack - one for interrupt processing, and another > the normal non-interrupt processing. > > > On Thu, Apr 24, 2008 at 5:11 PM, sahlot arvind <asahlot@xxxxxxxxx> wrote: > > Why do we have two stacks per process i.e. one user mode and other kernel > > mode? > > As soon as process enters into kernel mode it starts using kernel mode > > stack, but as soon as it comes out of kernel mode stack there is nothing in > > the kernel mode stack. So cannot we simply have a single stack i.e. just > > user mode stack which can also be used for kernel mode execution of process > > this violate the first principle mentioned above.....the current CPU > may be processing in kernel mode, but another CPU may be processing in > userspace mode, same process, and as all the userspace memory are > visible to him, he can view the kernel's data. even though (in > theory, and not using the hardware stack switching mechanism) it is > possible to set the privilege tag for the memory (called DPL, to match > the CPU processing privilege - CPL) any CPU running at ring 3 (which > is CPL3) cannot see the memory's data assigned at DPL0, but then u > will have incur the overhead of doing this FOR EVERY switching between > ring0 and ring3. and this attributes cannot be set at the > granularity of bytes level - not what is that, but I think it is > something like every 0x1000 bytes - so u may end up with lots of > memory padding - wasting more memory instead. > > > > after all there wont be any data related to kernel (all would have been > > not possible....u mean zero out ALL the kernel local variable? then > when it come back to kernel again, it will see all its variable > zeroed? don't forget that kernel function can BLOCK....and then > execution get transfer back to userspace ..... when the kernelspace is > not yet completet. > > > > popped off) in the stack when we are back in user mode? > > > > If you say that its just the stack pointer which is adjusted during pushes > > and pops and the stack content remains intact and user can try to > > increment/decrement stack pointer in order to access kernel data (which is > > stale however) then instead of having two stacks (kernel and user) cannot we > > simply zero out the stack area used by kernel before returing to user mode? > > and can we save memory by having just one stack? > > > > Best regards > > - A > > http://linuxexplained.blogspot.com > > > > > -- > Regards, > Peter Teoh > -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
