From the following website
https://www.cnblogs.com/sparkdev/p/8410350.html
Kernel space and user space
32-bit operating systems, its address space (virtual address space, the linear address space or call) is 4G (32 th power of 2). That maximum address space of a process for 4G. The core of the operating system kernel (kernel), which is independent of the regular application, you can access a protected memory space, but also all access to the underlying hardware. To ensure the safety of the kernel, the operating system now generally force the user processes can not directly manipulate kernel. Basically specific implementation by the operating system virtual address space is divided into two parts, one for the kernel space, another part of the user space. For Linux operating system, the highest 1G byte (from the virtual address 0xC0000000 to 0xFFFFFFFF) used by the kernel, called the kernel space. The lower use 3G bytes (from the virtual address 0x00000000 to 0xBFFFFFFF) by each process, called a user space.
For this we can understand the contents of the above:
4G address space per process, the highest 1G is the same, that is, kernel space. Only the remaining 3G only return process their own use. In other words, the highest 1G kernel space is shared by all processes!
The following diagram depicts the distribution of 4G address space per process (this figure from the Internet):
Why do we need to distinguish between kernel space and user space
In all CPU instruction, some instructions are very dangerous if misused, will cause the system to crash, such as clearing memory, set the clock and so on. If all programs are allowed to use these instructions, then the probability of a system crash will be greatly increased.
Therefore, CPU instruction into privileged instructions and non-privileged instructions, instructions for those dangerous, only allows the operating system and its associated modules, ordinary applications can only use those instructions will not cause disaster. For example, Intel's CPU privilege level will be divided into four levels: Ring0 ~ Ring3.
In fact, Linux system uses only two Ring0 and Ring3 run level (Windows system is the same). When the process is running in user mode operation is referred to in the Ring3 level, while running is known as running in kernel mode when Ring0 level.
Kernel mode and user mode
Well, now we need to explain what is the kernel mode, user mode:
when the process runs in kernel space is in kernel mode, and the process is running in the user space in user mode.
In kernel mode, a process running in the kernel address space, and the CPU can execute any instructions. The code also run without any restrictions, free to visit any valid address, you can also access the port directly.
In user mode processes running on the user's address space, the code to be executed by the CPU to the many checks, they can only access the mapped virtual address in user mode can access the page specified in the page table entry in its address space, and only in a predetermined task state segment (TSS) I / O permission bit map (I / O permission bitmap) can directly access the access port.
For the previous DOS operating system, there is no kernel space, user space and kernel mode, the concept of user state. You may think that all of the code is running in kernel mode, so user-written application code can easily allow the operating system to crash out.
For Linux, by distinguishing between kernel space and user space design, isolate the operating system code (code-source operating system than many robust applications) and application code. Even a single application errors will not affect the stability of the operating system so that other programs can also be a normal run (Linux, but a multi-tasking system ah!).
Therefore, the distinction between kernel space and user space is essentially to improve operating system stability and availability.
How to enter the kernel space from user space
In fact, all of the system resources management is done in kernel space. Such as a disk file read and write, memory allocation recovered, from the network interface to read and write data and the like. Our application is unable to direct such operations. But we can accomplish this task through the interface provided by the kernel.
For example, an application to read a file on disk, it can initiate the kernel to a "system call" to tell the kernel: "I want to read certain files on the disk." In fact, through a special instruction for the process to enter from user mode to kernel mode (to the kernel space), in kernel space, CPU can execute any instruction, of course, including reading data from the disk. The specific process is to first read the data into kernel space, then copy the data to the user space and kernel mode to switch from user mode. Your application has returned from a system call and get the data you want, you can happily executed down.
It simply is the application of high-tech things (read from disk files) outsourced to the system kernel, the kernel do these things both professional and efficient.
For a process is concerned, and finally returns from user space into the kernel space to user space, this process is very complicated. For example, concepts such as our regular contact "stack" is actually a process stack in kernel mode and user mode each. Use of the process runs in the user space is in user space stack is running in kernel space, the process uses a kernel stack space. So, Linux each process has two stacks, one for user mode and kernel mode.
Since the process must be switched to the user mode kernel mode to use system resources, then we are going to take a look at the process of a total of how many ways can access from user mode to kernel mode. In summary, there are three ways: system calls, software and hardware interrupts . Each of these three methods are related to the operating system a lot of knowledge, so we will not expand here.
the whole frame
Next we look at the structure of the entire system from the perspective of Linux kernel space and user space. It can be roughly divided into three parts, from the bottom up as follows: Hardware -> kernel space -> user space. As shown below (this figure from the Internet):
In the top of the hardware, kernel space code that controls the right to use the hardware resources, user space kernel code only through exposure system call interface (System Call Interface) in order to use the hardware resources in the system. In fact, not only is Linux, Windows operating system design is similar.
In fact, we can each processor activity at any given point in time can be summarized as one of the following three:
- Run in user space, the implementation of user processes.
- Run in kernel space, in the context of the process on behalf of a particular process execution.
- Run in kernel space, in interrupt context, independent of any process, deal with a specific interrupt.
The above three points, including almost all cases, such as when the CPU is idle, the kernel will run an empty process, in process context, but running in kernel space.
Description: Linux system interrupt service routine is not in the context of the implementation process, they are in a process that is independent of all, a special interrupt context execution. The reason why there is a special execution environment is to ensure that the interrupt service routine to respond to and process the interrupt request, then quickly exits the first time.
to sum up
现代的操作系统大都通过内核空间和用户空间的设计来保护操作系统自身的安全性和稳定性。所以在我们阅读有关操作系统的资料时经常遇到内核空间、用户空间和内核态、用户态等概念,希望本文能够帮助您理解这些基本的概念。