Privilege Ring

Definition

Privilege Ring

A privilege ring is a hierarchical level of privilege in a computer system’s architecture, enforced at the hardware level by some CPUs (for example, x86). Lower-numbered rings have more privilege and may access resources that higher-numbered rings cannot.

Rings

Ring levels

Ring Privilege Typical use
-1 highest hypervisor — controls hardware access via virtualization instructions
0 high kernel — full access to CPU control registers and I/O controllers; also called supervisor mode
1 intermediate drivers (historical)
2 intermediate drivers (historical)
3 lowest applications — userspace code with restricted access

Ring	Privilege	Typical use
-1	highest	hypervisor — controls hardware access via virtualization instructions
0	high	kernel — full access to CPU control registers and I/O controllers; also called supervisor mode
1	intermediate	drivers (historical)
2	intermediate	drivers (historical)
3	lowest	applications — userspace code with restricted access

Hypervisor extension

Recent CPUs provide virtualization instructions that allow a hypervisor to control Ring 0 hardware access. These instructions operate only at the higher privilege level of Ring -1.

Lukas' Notes

Privilege Ring

Table of Contents

Definition

Rings