The difference between the kernel state and the user state

When a task (process) executes a system call and is executed in the kernel code, we say that the process is in the kernel run state (or simply the kernel state). At this point the processor is executed in the highest privileged (level 0) kernel code. When the process is in the kernel state, the kernel code that executes will use the kernel stack of the current process. Each process has its own kernel stack. When the process executes the user's own code, it is said to be in the user's running state (user state). That is, the processor is running in the least privileged (level 3) user code. When the user program is being executed and the program is interrupted abruptly, the user program can also be symbolically referred to as the kernel state in the process. Because the interrupt handler will use the kernel stack of the current process. This is somewhat similar to the state of a process that is in a kernel state.

The kernel state and the user state are two operational levels of the operating system, there is no inevitable connection with the Intel CPU, Intel CPU provides ring0-ring3 three levels of operating mode, RING0 level is highest, Ring3 lowest. Linux uses the RING3 level to run the user state, RING0 as the kernel state, without using Ring1 and Ring2. The RING3 state cannot access RING0 's address space, including code and data. The 4GB address space of the Linux process, the 3g-4g part is shared, is the kernel-State address space, which is stored in the entire kernel code and all kernel modules, as well as the data maintained by the kernel. The user runs a program, the process created by the program is run in the user state, if you want to perform file operations, network data transmission, and so on, must be called through Write,send, and other system calls, these system calls will call the kernel code to complete the operation, then, you must switch to RING0, Then enter the kernel address space in the 3GB-4GB to execute the code to complete the operation, after completion, switch back to Ring3, back to the user state. In this way, the user-state program can not arbitrarily operate the kernel address space, with a certain degree of security protection.
As for protection mode, it is said that through the memory page table operation mechanism, ensure that the address space between processes does not conflict with each other, the operation of one process will not modify the data in the address space of the other process.

1. Conceptual differences between the user and kernel states

What is the user state, what is the kernel state, these two basic concepts have been understood not very clearly, the root cause of the personal feel is because most of the time we write programs in the focus of attention and perspective on the implementation of the function and the logic of the code, first look at an example:

1) Example

1. void Testfork () {
2. if (0 = = Fork ()) {
3. printf ("Create New Process success!\n");
4. }
5. printf ("Testfork ok\n");
6. }

This code is very simple, from a functional point of view, is actually executed a fork (), to generate a new process, from a logical point of view, it is determined that if the fork () returned is 0 print the relevant statement, and then the function finally printed a sentence to execute the complete testfork () function. Code execution logic and function is so simple, a total of four lines of code, from the top to the next sentence of execution, completely see where there is the concept of user state and process state.

If the previous two is a static observation of the point of view, we can also from a dynamic point of view of the code, that is, it is converted to the CPU execution of instructions after loading the execution process, this program is a dynamic execution of the sequence of instructions. What code is loaded and how it is loaded is closely related to the operating system.

2) Privilege level

People familiar with the unix/linux system know that fork work is actually done in the way the system calls to complete the corresponding functions, the specific work is carried out by the sys_fork responsible for implementation. In fact, whether it is UNIX or Linux, for any operating system, the creation of a new process is a core function, because it has to do a lot of work at the bottom, consume the physical resources of the system, such as allocating physical memory, copying information from the parent process, copying the Settings page Table of Contents page, etc. These obviously cannot be arbitrarily allowed to do, so it naturally leads to the concept of the privilege level, it is clear that the most critical power must be implemented by a highly privileged program, so as to achieve centralized management, reduce access and use of limited resources conflict.

Privilege level is obviously a very effective means of management and control program execution, so there is a lot of support on the hardware to the privilege level, on the Intel x86 architecture of the CPU has 0~3 four privileged, 0 highest, 3 lowest, the hardware on the execution of each instruction will be the command of the privilege level of the corresponding check, The associated concepts are CPL, DPL, and RPL, which are no longer too much elaborated here. Hardware has provided a set of privilege-level use of the relevant mechanisms, software is a good use of the problem, which is the operating system to do, for Unix/linux, only use 0 level privilege and 3 privilege level. That is to say, in the unix/linux system, a command that works at level 0 privilege has the highest power available to the CPU, while an instruction at level 3 privilege has the lowest or most basic power provided by the CPU.

3) User state and kernel state

Now we understand the user-state and kernel-state from the privilege-level scheduling, when the program runs at level 3 privilege level, it can be called as running in the user state, because this is the lowest privilege level, is the normal user process to run the privilege level, most users directly face the program is running in the user state; When the program is running at level 0 privilege level, it can be called running in the kernel state.

Although there are many differences between the user-state and kernel-state programs, the most important difference is the difference in privilege levels, that is, the difference in power. Programs running in the user state cannot directly access the operating system kernel data structures and programs, such as Testfork () in the above example can not directly call Sys_fork (), because the former is working in the user state, belongs to the user program, and Sys_fork () is working in the kernel State, belongs to the kernel state program.

When we execute a program in the system, most of the time is run in the user state, when it needs the operating system to help complete some of its power and ability to complete the work will be switched to the kernel state, such as Testfork () initially run in the user state process, when it calls Fork () the final trigger Sys_ When the fork () is executed, it switches to the kernel state.

2. Conversion of user state and kernel state

1) 3 Ways to switch the user state to the kernel state

A. System call

This is a way for the user-state process to switch to the kernel state actively, the user-state process through the system call request using the operating system provided by the service program to complete the work, such as in the preceding example, fork () is actually executed a new process to create a system call. The core of the system call mechanism is to use an interrupt that the operating system is particularly open to the user, such as an int 80h interrupt for Linux.

B. Exceptions

When the CPU executes a program running in the user state, some pre-unknown exception occurs, which triggers the current running process to switch to the kernel-related program that handles this exception, and then goes to the kernel state, such as a page fault.

C. Interruption of peripheral equipment

When the peripheral device completes the user requested operation, the CPU is signaled to the corresponding interrupt, then the CPU will suspend execution of the next instruction to be executed to execute the handler corresponding to the interrupt signal, if the previously executed instruction is a user-state program, Then the process of this conversion will naturally occur from the user state to the kernel state switch. For example, the disk read and write operation is completed, the system will switch to the hard disk read and write interrupt handler to perform subsequent operations.

These 3 methods are the most important way for the system to go to the kernel state from the user state at runtime, where the system call can be thought to be initiated by the user process, and the exception and the peripheral device interrupt are passive.

2) Specific switching operation

From the triggering mode, it can be considered that there are 3 different types, but from the final actual completion from the user state to the kernel state switching operation, the key steps involved are completely consistent, no difference, is equivalent to the execution of an interrupt response process, because the system call is actually finally the interrupt mechanism implementation, The exception and interrupt processing mechanisms are basically consistent, and the specific differences about them are not mentioned here. Details and steps about the interrupt handling mechanism do not do too much analysis here, the steps involved in switching from the user state to the kernel state mainly include:

[1] Extracts the SS0 and esp0 information of its kernel stack from the descriptor of the current process.

[2] using SS0 and esp0 point to the kernel stack to save the current process Cs,eip,eflags,ss,esp information, the

The process also completes the switching process from the user stack to the kernel stack, while saving the next one of the suspended programs

Instructions.

[3] The CS,EIP information of the interrupt handler that was previously retrieved by the interrupt vector is loaded into the appropriate register, starting

Executes the interrupt handler, and then goes to the kernel state of the program execution.

The difference between the kernel state and the user state