User mode and kernel mode OS &

User mode and kernel mode

Kernel mode: cpu Memory access to all data, including peripheral devices such as hard disks, network cards, cpu themselves may be switched from one program to another.

User mode: only restricted access memory, and does not allow access to peripheral devices, the ability to occupy the cpu deprived, cpu resources can be accessed other programs.

Why should a user mode and kernel mode?

Because of the need to restrict access capabilities between different programs, to prevent their access to the data memory of another program, or data acquisition peripheral device, sent to network, CPU privilege levels divided into two - user mode and kernel mode.

Switching the user mode and kernel mode

All user programs are run in user mode, but the program does sometimes need to do some kernel state of things, such as reading data from hard disks, or get input from the keyboard and so on. And the only way to do these things is the operating system, so in this case the program need to request the name of the operating system program to perform these operations.

Such a mechanism requires time: switches to user mode kernel mode, but not in kernel mode control execution instruction

This mechanism is called a system call, realized in the CPU instruction called Trap (Trap Instruction)

Their workflow is as follows:

用户态程序将一些数据值放在寄存器中, 或者使用参数创建一个堆栈(stack frame), 以此表明需要操作系统提供的服务.
用户态程序执行陷阱指令
CPU切换到内核态, 并跳到位于内存指定位置的指令, 这些指令是操作系统的一部分, 他们具有内存保护, 不可被用户态程序访问
这些指令称之为陷阱(trap)或者系统调用处理器(system call handler). 他们会读取程序放入内存的数据参数, 并执行程序请求的服务
系统调用完成后, 操作系统会重置CPU为用户态并返回系统调用的结果

When a task (process) system calls into the kernel code and execute, we call process runs in kernel mode (or simply kernel mode). At this time, the processor is the highest privilege level (0) kernel code execution. When the process is in kernel mode, kernel code execution will use the kernel stack of the current process. Each process has its own kernel stack. When the process is executed in the user's own code, which is said to run in user mode (user mode). At this time, i.e., the processor is running at the lowest privilege level (Level 3) user code. When a user program is being executed is interrupted abruptly interrupt, then the user program can also be symbolically called in kernel mode processes. Because the interrupt handler uses the kernel stack of the current process. This state is in the process of kernel mode is somewhat similar.

Kernel mode and user mode are two levels to run the operating system, not necessarily linked with the intel cpu, intel cpu Ring0-Ring3 provide three levels of operating modes, Ring0 highest level, the lowest Ring3. Use a level to run Linux Ring3 user mode, Ring0 as kernel mode, do not use Ring1 and Ring2. Ring3 Ring0 state can not be accessed address space, including code and data. 4GB address space Linux processes, 3G-4G is part of everyone shared, kernel mode address space, where he stored the entire kernel code and all the kernel modules, and the kernel data maintained. Users run a program, the program's process created initially running in user mode, if you want to perform file operations, network data transmission and other operations must be called by write, send and other systems, call call the kernel of these systems will be in the code operation is completed, then, must switch to Ring0, and then enter the kernel address space 3GB-4GB code to complete the operation executed, after completion of switch back Ring3, back to user mode. In this way, the user mode program can not operate freely kernel address space, has a certain safety feature.
As for protected mode, is said by the memory page table and other operating mechanisms to ensure inter-process address space will not conflict with each other, a process of operation does not modify the data address space of another process.

1. Conceptual distinction of the user mode and kernel mode

What is the user mode, what is the core state, which had previously been two basic concepts are not clearly understood, personally feel that the root cause is that because most of the time focused on the perspective and focus our attention when writing on the implementation of the program and the logic function code, a look at the examples:

1) Examples

void testfork(){
if(0 = = fork()){
printf(“create new process success!\n”);
}
printf(“testfork ok\n”);
}

[c] view plain copy

<span style="font-size:14px;">void testfork(){  
if(0 = = fork()){  
printf(“create new process success!\n”);  
}  
printf(“testfork ok\n”);  
}</span>  

This code is very simple, from a functional point of view, is the actual execution of a fork (), creates a new process, from a logical point of view, it is to determine if the fork () returns 0 related statements are printed, then finally print a function to perform a full two testfork () function. Perform logic functions and the code point of view is so simple, a total of four lines of code, from top to bottom a sentence to perform it, it does not look like where the concept reflects the user state and the state of the process.

If the first two static observation point of view, we can also code from a dynamic point of view, i.e. it is converted into an instruction execution process executed by a CPU after loading, then this procedure is a dynamic execution sequence of instructions. And what exactly loaded code, how to load and is closely related to the operating system.

2) privilege level

Familiar with Unix / Linux systems people know, fork system call is actually working the way to complete the appropriate function, specific work by sys_fork responsible for implementation. In fact, whether it is not Unix or Linux, for any operating system, creates a new process is part of the core function, because it needs to do a lot of the underlying meticulous work, physical consume system resources, such as physical memory allocation from the parent process copy information, copy settings page directory page tables, etc., which obviously can not just let the program which will be able to do it, so he naturally leads to the concept of privilege levels, obviously, the most critical power must be performed by a high privilege level programs , so that it can be done centrally manage and reduce access and use of the limited resources of the conflict.

Privilege level is obviously very effective means to manage and control the execution of the program, so the hardware privilege level to do a lot of support on the Intel x86 architecture CPU for a total of four privilege level 0 to 3, 0 highest, 3 the lowest level, hardware when executing each instruction of the instruction will have the privilege level to do the appropriate checks related concepts have CPL, DPL and RPL, will not elaborate too much here. Hardware mechanisms have provided a privileged use of the software is to make good use of natural question, which belongs to the operating system to do, for Unix / Linux, it uses only 0 and 3 privilege level privilege level. That in Unix / Linux system, a work has the highest CPU power can provide in 0 privilege level of instruction, and a job with the lowest or most basic rights provided by the CPU in the three privileged instructions.

3) user mode and kernel mode

Now we are privileged from scheduling to understand user mode and kernel mode is easier to understand, and when the program is run on level 3 privilege level, you can call it running in user mode, because this is the lowest privilege level, ordinary the user processes running privilege level, most programs are run directly to the user in user mode; on the contrary, when the program runs on 0 privilege level, you can call runs in kernel mode.

Although there are many different programs under user mode and kernel mode work, but the most important difference lies in the different privilege levels, that is, different power. Run the program in user mode can not directly access the operating system kernel data structures and procedures, such as testfork example above () can not call sys_fork directly (), because the former is working in user mode, belonging to the user mode application, and sys_fork ( ) work in kernel mode, the kernel mode application belongs.

When we execute a program in the system, most of the time it will switch to kernel mode when running in user mode, in which the operating system needs some help to complete the work it does not have the power and ability to complete, such as testfork () initially running in user mode process, when executed it calls fork () final trigger sys_fork (), you switch to kernel mode.

1. Converting user mode and kernel mode

1) user mode to kernel mode switching three ways

a. The system calls

This is a user mode processes volunteered to switch to a way of kernel mode, user mode process to complete the work program application call the service using the operating system provided by the system, such as the previous example, fork () is actually implemented a process of creating a new system transfer. The mechanism of its core system calls or use the operating system for the user open a special interrupt to achieve, such as the Linux int 80h interruption.

b. Abnormal

When the CPU is running at the user when the program under the state unknowable in advance of certain exception occurred, then will trigger a switch from the current running process to handle this exception kernel-related programs, was turned into kernel mode, such as missing page exception.

c. Peripheral interrupt

When the user requests the peripheral device is finished, it will issue a corresponding signal to the CPU interrupt, the next instruction the CPU time to suspend a program to be executed and instead to execute the interrupt handler corresponding to the signal if the previously executed instruction is under the user mode programs, then the conversion process naturally occurs by the user to switch the state of the kernel mode. Such as hard disk write operation is completed, the system will switch to the interrupt handler drives the reader in subsequent operations and the like.

The three ways to the system at run time by the user mode kernel mode of the main ways in which the system calls the user process can be considered to be actively initiated, exceptions and interrupts the peripheral device is passive.

2) Specific switching operation

From the trigger point of view, may be considered the presence of three different types, but the actual completion of the final state by a user operation to switch to kernel mode, the key steps involved are exactly the same, there is no difference, are equivalent to the implementation a process interrupt response, because the system calls actually end interrupt mechanism is implemented, while exceptions and interrupt handling mechanism is basically the same, with regard to their specific differences will not repeat them here. Details regarding step and interrupt handling mechanism is not too much to do this analysis, the step of switching from kernel mode to user mode involved include:

[1] extracted from the kernel stack descriptor of the current process and ss0 esp0 information.

[2] Use ss0 and esp0 point of kernel stack of the current process will save cs, eip, eflags, ss, esp information together, the

The process is completed by the user to the kernel stack stack handover procedure, while preserving the next program to be suspended

Instructions.

[3] The previously retrieved by the interrupt vector of the interrupt handler cs, EIP information corresponding register is loaded, started

Execute the interrupt handler, then go to the execution of the program kernel mode.