I'm making explainer videos to put up on youtube. As part of the process, I have to write little scripts for myself. So, I figured "why not just put them up on my website?"

Well, that's what you see here. Enjoy.

Userspace vs. Kernel space


Welcome to the first video in the kernel programming series.

I will assume that you are comfortable with C and that you know what assembly language is (even if you haven't programmed in it before).

The first thing to talk about is the difference between kernel space and userspace.

(Disclaimer: I am not an expert. This video is my best guess; I would be really happy to have someone tell me if there are any mistakes.)

When a processor is running, it keeps track of the current privilege level. If the level is high enough, the processor is able to execute any instruction and access any address (more or less). At lower privelege levels, certain instructions will not be allowed, and only a subset of the computer's memory is accessible.

Program code can always request that the current privelege level be lowered, for example, when the kernel releases control of the CPU to let user programs run. However, programs can never raise the privelege level.

You may be wondering, "If the privilege can only be lowered, how could you ever raise it again? And for that matter, how does the kernel regain control of the CPU?"

The answer is simple: interrupts. When an interrupt is triggered (either via a hardware interrupt, a fault, or a software interrupt) the CPU sets its privelege level back to the highest setting and jumps to a specific address in memory. Clearly, the kernel will make sure that its own function is located at this address.

This function's first and most important task is to service the interrupt. For example, a network card may be signaling that packet was received and that the data should be read into main memory. Or, the user has hit a key on the keyboard and we need to let a process know about it. Another example is a timer interrupt, which will cause interrupts at regular intervals. Finally, programs can cause "software interrupts" with special instructions; this technique is what allows a user program to make system calls.

After servicing an interrupt but before leaving interrupt context, the kernel will run its scheduling algorithm. This algorithm will scan through the list of processes and decide which one should be run once we return from the interrupt (based on which processes have highest priority and which ones have had the least execution time so far). Usually this means dropping priveleges and jumping to a user program. However, some processes in the list are kernel processes (sometimes called kernel threads), and priveleges will not be dropped when we leave interrupt context.

So there you have it. "Kernel space" means all the code and memory that is associated with kernel code, and that is executed when the processor's state is at its highest privelege level. "User space" is basically everything else. Kernel code is entered at system boot and when an interrupt happens.