Kernel vs. Usermode

Welcome to my first blog article ever. I wrote this a long time ago when thought I would like to start a blog but then it somehow never happened :). But hey here it is now life and in colour. The content of this article started quite a long time ago when I had a class at University with the name "IT Infrastructure" where we went into the depth of the OS kernel, understanding caching in the CPU and how the CPU actually calculates and obviously many
more things. At that time I thought wow being in the OS kernel is very slick but on the flip side something very complicated so eventually dangerous e.g. overwrite memory...C programming...procedural no objects. Of course every OS driver using hardware is also running in the Ring 0 so the complexity really depends a lot on the functionality of the software running in the kernel as well as on QA itself. So enough of the initial talking now let's get into the article.
Operating systems are generally pretty big programs while the core component is the kernel. The kernel is the master and owner of all hardware resources runs runs in the deepest software layer and has direct access to hardware. The duties of a kernel are:

• The interface to applications (API)
• Control of the CPU (Central Processing Unit), hardware devices, memory (scheduler, driver, memory management).
• Scheduling of resources e.g. process time for applications
• The structure of resources e.g. the mapping of file systems onto a block oriented device like a disk.
• Resolving conflicts of resources e.g. queuing of resources, locking of CPU resources
• Virtualization of resources: processor (processes), disk (files), memory (virtual memory)
• Monitoring of access control to files and devices

There are many different kind of kernels for different purposes like Exokernel, Monolithic kernel, layered kernel but without going into details of all different kind of kernels the microkernel is the most used kernel today. A microkernel is used for every Windows Workstation/Server and Linux based OS as well as VMware ESXi. The idea is to split and divide the OS into several processes while a client, can be a either another OS or an application. So this client requests a service by sending the message to the appropriate server, the server then performs the operation and the microkernel delivers the result back to the client as illustrated in the following figure:

Figure 1: Microkernel

Some of the microkernel different characteristics are:

• Parts of the OS are easy to replace
• Driver are able to run in user or kernel mode
• Physical I/O access is challenging to implement
• Context switches (sometime also referred as task switch or process switch is the switching of the CPU from one process or process thread thread to another).

User mode (non-privileged mode for user programs):

Where all user programs get executed. User mode has no direct access to memory or hardware. The reason is that every program could overwrite each other’s memory which could lead into corruption. User mode programs are in general seen as untrusted software from the kernel perspective. If there is a need to access hardware resources the process makes a call via the underlying API (system calls).

Kernel mode (also referred to as system mode):

The mode where all kernel programs execute. In kernel mode the processes have direct access to every underlying hardware. The CPU itself can only run in either kernel or user mode at one time. A switch from user to kernel mode is not done automatically it will get done by interrupts.

Without going too much into detail of the microkernel I would like to focus on context switches a bit. Every process has one or more threads. Programs use threads to use more than one CPU in quasi parallel time. As we learned earlier the microkernel is the master of all resources. So if a process wants to run in the CPU the overhead it quite huge. The existing environment running currently in the CPU has to be saved which includes:

• Status of the process
• The program counter
• Stack Pointer
• State of open files
• Memory management: pointer into the actual process environment

Every step is an access to main memory, the cache of this process in the CPU has to be deleted because it won’t be valid anymore which concludes into a cache miss in the future. Every time a process want to get time on the CPU the OS scheduler decides when this process will get time again to run within the CPU.

Figure 2: Process status

A context switch can only happen in the kernel so if an application wants to use the CPU the process has to go from user mode to kernel mode via system calls. So a permanent switch from user to kernel mode is very expensive and is using a lot of CPU cycles. A software running directly in the kernel can reduce the overhead dramatically and improves performance. Two examples for kernel implementations in the virtualization world are:

• VMware VSAN
• PernixData FVP

Lets summarise: it all depends what needs to be approached but in general you say the following:

• Kernel mode drivers / software is very complicated due to the fact that is runs in the core of the OS plus kernel mode is somehow limited how it can be programmed but has a huge performance benefit when done right. Also think about security which is in the kernel much easier to handle than outside
• User mode software is extremely powerful because it has much less implications on stability and has the benefit that one can choose their framework for programming. Often you see a combination of user mode and kernel mode software because there there need to be a way to interact with the kernel modules. This is usually a daemon in user mode running on the core OS itself.