HOME

TheInfoList



OR:

A modern computer
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
usually segregates
virtual memory In computing, virtual memory, or virtual storage is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a very l ...
into user space and kernel space. Primarily, this separation serves to provide
memory protection Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that ha ...
and hardware protection from malicious or errant software behaviour. Kernel space is strictly reserved for running a privileged
operating system kernel The kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates in ...
, kernel extensions, and most
device driver In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s. In contrast, user space is the memory area where
application software Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...
and some drivers execute.


Overview

The term user space (or userland) refers to all code that runs outside the operating system's kernel. User space usually refers to the various programs and
libraries A library is a collection of materials, books or media that are accessible for use and not just for display purposes. A library provides physical (hard copies) or digital access (soft copies) materials, and may be a physical location or a vir ...
that the operating system uses to interact with the kernel: software that performs
input/output In computing, input/output (I/O, or informally io or IO) is the communication between an information processing system, such as a computer, and the outside world, possibly a human or another information processing system. Inputs are the signals ...
, manipulates
file system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
objects,
application software Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...
, etc. Each user space
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
normally runs in its own
virtual memory In computing, virtual memory, or virtual storage is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a very l ...
space, and, unless explicitly allowed, cannot access the memory of other processes. This is the basis for
memory protection Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that ha ...
in today's mainstream operating systems, and a building block for
privilege separation In computer programming and computer security, privilege separation is one software-based technique for implementing the principle of least privilege. With privilege separation, a program is divided into parts which are limited to the specific pri ...
. A separate user mode can also be used to build efficient virtual machines – see
Popek and Goldberg virtualization requirements The Popek and Goldberg virtualization requirements are a set of conditions sufficient for a computer architecture to support system virtualization efficiently. They were introduced by Gerald J. Popek and Robert P. Goldberg in their 1974 article "F ...
. With enough privileges, processes can request the kernel to map part of another process's memory space to its own, as is the case for
debugger A debugger or debugging tool is a computer program used to software testing, test and debugging, debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the pr ...
s. Programs can also request
shared memory In computer science, shared memory is memory that may be simultaneously accessed by multiple programs with an intent to provide communication among them or avoid redundant copies. Shared memory is an efficient means of passing data between progr ...
regions with other processes, although other techniques are also available to allow
inter-process communication In computer science, inter-process communication or interprocess communication (IPC) refers specifically to the mechanisms an operating system provides to allow the processes to manage shared data. Typically, applications can use IPC, categori ...
.


Implementation

The most common way of implementing a user mode separate from
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
involves operating system
protection ring In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
s. Protection rings, in turn, are implemented using
CPU modes CPU modes (also called ''processor modes,'' ''CPU states,'' ''CPU privilege levels'' and other names) are operating modes for the central processing unit of some computer architectures that place restrictions on the type and scope of operations t ...
. Typically, kernel space programs run in
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
, also called
supervisor mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
; normal applications in user space run in user mode. Many operating systems are
single address space operating system In computer science, a single address space operating system (or SASOS) is an operating system that provides only one globally shared address space for all processes. In a single address space operating system, numerically identical (virtual memor ...
s—they have a single address space for all user-mode code. (The kernel-mode code may be in the same address space, or it may be in a second address space). Many other operating systems have a per-process address space, a separate address space for each and every user-mode process. Another approach taken in experimental operating systems is to have a single
address space In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity. For software programs to save and retrieve st ...
for all software, and rely on a programming language's semantics to make sure that arbitrary memory cannot be accessed – applications simply cannot acquire any
reference Reference is a relationship between objects in which one object designates, or acts as a means by which to connect to or link to, another object. The first object in this relation is said to ''refer to'' the second object. It is called a ''name'' ...
s to the objects that they are not allowed to access. This approach has been implemented in JXOS, Unununium as well as Microsoft's Singularity research project.


See also

*
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
*
CPU modes CPU modes (also called ''processor modes,'' ''CPU states,'' ''CPU privilege levels'' and other names) are operating modes for the central processing unit of some computer architectures that place restrictions on the type and scope of operations t ...
*
Early user space The multi-stage booting process of Linux is in many ways similar to the BSD and other Unix-style boot processes, from which it derives. Booting a Linux installation involves multiple stages and software components, including firmware initializati ...
*
Memory protection Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that ha ...
*
OS-level virtualization OS-level virtualization is an operating system (OS) paradigm in which the kernel allows the existence of multiple isolated user space instances, called ''containers'' ( LXC, Solaris containers, Docker, Podman), ''zones'' (Solaris containers), '' ...


Notes


References


External links


Linux Kernel Space Definition
* {{DEFAULTSORT:User Space Operating system technology Device drivers