Privilege Levels in processor and Virtual Memory

Privilege Levels in processor and Virtual Memory

Privilege Levels:
The processor has Ring Levels 0-3, 0 being most privileged, 3 being least privileged. All processes in user land, be it root or non-root, execute in Ring 3. (Ring 1,2 are unused in Linux)

A process in Privilege level 3 cannot read/write/execute segments which belong to supervisor (the kernel). So a write to memory locations higher than PAGE_OFFSET (3GB on i386) causes segmentation fault.

Same goes for hardware access through in/out or mapped i/o (exceptions are iopl etc).

Virtual Memory:
Virtual Memory ensures no access to physical RAM pages by processes. Hence you *cannot* under any circumstances write a physical address, Hence there is ZERO chance of even reading kernel data, let alone messing them up.

Comments