Most people have heard the term userspace and most people have a grasp of what it means, but why is it called userspace and what is it? To understand the name we need to go back to the core and look at the architecture of a CPU.
Most processors, including most microcontrollers, have two modes of operation: privileged mode and non privileged mode. At first sight there is no big difference between them, a program written using the “normal” instructions will run the same in both modes, so why do we need the two modes?
The answer comes by looking at more than just the processing capabilities of a CPU. In a previous post (Computer memory from the ground up (part 1)), I mentioned that a CPU is connected to the world using connection pins and that those pins have different functions. A CPU needs to interact with devices that are external to the CPU core, for example memory, storage devices and other types of devices and buses.
When we implement an algorithm, we usually depend on the “normal” instructions of the CPU and do not need to bother to configure external devices.
A CPU can also be “called” by a device by what is called an interrupt. A device will signal the CPU that it requires attention, and the CPU will enter a special mode and run code that is capable of handling the device.
This special mode is called the privileged or supervisor mode, and in this mode in addition to the normal registers and instructions, there are special administrative registers and instructions that are only used to handle this kind of operations.
It is of course possible to run a normal program in supervisor mode and pay special attention to these instructions and registers. In some small microcontrollers there is no other option since they might have only one mode of operation.
Very cool, but what about userspace?
Now that we have talked about the two modes of operation, it is time to move on and explain some new names that come on top of this.
In order to optimize the use of resources in a computer system, there is an operative system which is in charge to provide a basic platform over which resources can be shared and to make sure that there is a uniform platform to access devices and other resources.
The operative system runs in the privileged mode and the programs run in the non privileged mode. Programs can interact with the operative system by issuing system calls.
Most operative systems in use today follow the monolithic model, in which there is a kernel that implements the supervisor functionality. This is opposed to the microkernel model in which the kernel implements only a subset of the functionality, usually just the scheduler, and the rest of the functionality is implemented by code running in non privileged mode. It is not the aim of this post to discuss whether one model is better than the other, just to mention them.
The kernel will start processes that perform the tasks the system is supposed to do, for example the browser you are using to read this post. The processes will run in the non privileged mode, and this is regardless of whether there is a user running the task or not. We can think of an automatic system that controls another system, for example a display showing the bus schedule. In this case there is no user that is starting the task, the system boots and runs a process that shows the schedule.
There is another dimension to consider, Unix operative systems have the notion of users embedded in the architecture, with the user root as the administrative user and other users as normal users. Notice that even the root user runs in the non-privileged mode of the CPU, even though it has all the privileges in the OS. A user in the Unix sense is basically a compartment to keep processes and resources separated.
However since all processes are executed by users, the name userspace is used to indicate the non-privileged mode. Notice that this non-privileged mode maps only partially to the non-privileged mode of the CPU, the OS might decide that some operations are not available for some users. For instance, it is possible to say that a file is readable by only some users and the OS will stop other users from reading the file.
Finally, the term userspace is usually connected to the memory. As explained in a previous post (Computer memory from the ground up (part 3)), the OS is responsible for assigning enough memory to a process. Most modern CPU have a memory management unit (MMU), which makes it impossible for a process to access memory that is not explicitly mapped in its memory space. Therefore when a process wants to send data to the OS or read data from the OS, it needs to ask the operative system to do it. This is done by a couple of methods, the names vary between operative systems but their functionality does not: copy_from_userspace, copy_to_userspace.
However, there are modern CPUs which do not have a MMU and operative systems that run on them, for example uCLinux and Coldfire processors. In this model of operation there is no difference between the kernel memory and the process memory, at least there is no easy way for the CPU to detect that a process is trying to access some restricted memory. In these cases the methods to move data from and to userspace are basically just no-ops.
What’s next
In my next post I will explore the interaction between a process, the kernel and a external device in order to show how the different pieces work together. In the meantime feel free to share this post, like it, comment it or contact me by using the contact form.
Carlos Ware 