A modern computer
operating system usually segregates
virtual memory into user space and kernel space. Primarily, this separation serves to provide
memory protection and hardware protection from malicious or errant software behaviour.
Kernel space is strictly reserved for running a privileged
operating system kernel, kernel extensions, and most
device driver
In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and ot ...
s. In contrast, user space is the memory area where
application software and some drivers execute.
Overview
The term user space (or userland) refers to all code that runs outside the operating system's kernel. User space usually refers to the various programs and
libraries that the operating system uses to interact with the kernel: software that performs
input/output, manipulates
file system
In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
objects,
application software, etc.
Each user space
process normally runs in its own
virtual memory space, and, unless explicitly allowed, cannot access the memory of other processes. This is the basis for
memory protection in today's mainstream operating systems, and a building block for
privilege separation. A separate user mode can also be used to build efficient virtual machines – see
Popek and Goldberg virtualization requirements. With enough privileges, processes can request the kernel to map part of another process's memory space to its own, as is the case for
debuggers. Programs can also request
shared memory regions with other processes, although other techniques are also available to allow
inter-process communication
In computer science, inter-process communication or interprocess communication (IPC) refers specifically to the mechanisms an operating system provides to allow the processes to manage shared data. Typically, applications can use IPC, categori ...
.
Implementation
The most common way of implementing a user mode separate from
kernel mode involves operating system
protection rings.
Protection rings, in turn, are implemented using
CPU modes.
Typically, kernel space programs run in
kernel mode, also called
supervisor mode;
normal applications in user space run in user mode.
Many operating systems are
single address space operating systems—they have a single address space for all user-mode code. (The kernel-mode code may be in the same address space, or it may be in a second address space).
Many other operating systems have a per-process address space, a separate address space for each and every user-mode process.
Another approach taken in experimental operating systems is to have a single
address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.
For software programs to save and retrieve st ...
for all software, and rely on a programming language's semantics to make sure that arbitrary memory cannot be accessed – applications simply cannot acquire any
references to the objects that they are not allowed to access.
This approach has been implemented in
JXOS, Unununium as well as Microsoft's
Singularity research project.
See also
*
BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
*
CPU modes
*
Early user space
*
Memory protection
*
OS-level virtualization
Notes
References
External links
Linux Kernel Space Definition*
{{DEFAULTSORT:User Space
Operating system technology
Device drivers