Saturday, February 8, 2014

Kernel Space and User Space

Understanding of Kernel space and User space in detail is very important if you wish to have a strong base of Linux Kernel.

  • Here Kernel Space and User Space corresponds to their Virtual address space.
  • Every process in linux utilizes  its own separate virtual space.
  • In a linux system based on 32 bit Architecture, user space address space corresponds to lower 3GB of virtual space and kernel space the upper 1GB.(general way)
  • The kernel space virtual address space is shared between all the processes.
  • When a process is active, it can either be running in "user mode" or "kernel mode".
  • In a process is running in User mode it means that the CPU is running the user space side of code.
  • A process running in the user mode has limited capability and is controlled by a flag in the CPU.
  • Even though the kernel memory is present in the process's memory map the user space code is not allowed to access the kernel space code.(can do in some special way).
  • When a process wants to do something other than move data around in its own (userspace) virtual memory, like opening a file for example, it must make a syscall to communicate with the kernel space.
  • Each CPU architecture has it's unique way of making a system call but the basic remains the same i.e.
  • A magic instruction is executed, the CPU turns on the "privileged mode" flag, and jumps to a special address in kernel space, the "syscall entry point".( read another post to understand what syscall is)
  • Now when the syscall has reached the kernel space then the process is running in kernel mode and executing instructions from the kernel space memory.
  • Taking the same example of open system call, to find the requested file, the kernel may consult with filesystem drivers (to figure out where the file is) and block device drivers (to load the necessary blocks from disk) or network device drivers and protocols (to load the file from a remote source).
  • These drivers can be either built in or can be loaded as module but the key point that remains it that they are the part of kernel space.
  • Loading a module is done with a syscall that asks the kernel to copy the module's code and data into kernel space and run its initialization code in kernel mode.
  • If the kernel can't process the request then the process is made to sleep by the kernel and when the request is complete then the syscall returns back to the user space.
  • Returning back to user mode means restoring the CPU registers to what they were before coming to Kernel Mode and changing the CPU privilege level to non-privilege .
  • Apart from syscalls there are some other things that take CPU to kernel mode eg. 

1. Page faults- If the process tries to access a virtual memory address that doesn't have a physical address assigned to it then the CPU enters the Kernel mode  and jumps to page fault handler and the kernel sees whether the virtual addresss is valid or not and depending upon this it either tries to create a physical page for the given virtual address or if it can't then sends a segmentation fault signal (SIGSEGV).

2. Interrupts- When the CPU receives some interrupt from the hardware then it jumps to the kernel mode and executes the interrupt handler and when the kernel is finished handing the interrupt the the code return to the user space where it was executing.