Framework Diagram

Note: The 【Function Library】 not only includes system interface libraries like glibc but also functional dependency libraries like OpenSSL and Qt.

1. What is User Mode?

• User mode refers to the execution mode and virtual address space where application code resides. Common user programs such as browsers, editors, and chat tools all run in user mode.
• User mode programs cannot directly access hardware or kernel-sensitive resources. When sensitive operations such as file access or network communication are needed, they must request kernel services through controlled mechanisms (such as system calls).

2. What is Kernel Mode?

• Kernel mode is the high-privilege mode in which the operating system kernel and some of its extensions (such as hardware drivers, scheduling, and memory management) run. In this mode, code can directly access all hardware resources and memory spaces.
• Although kernel mode has the highest privileges, kernel code must follow strict interface and context rules, such as not allowing sleeping in certain contexts and ensuring synchronization safety. Violations can lead to kernel panic or system instability.
• Modern Linux also supports mechanisms like FUSE and eBPF that allow some system functions to be implemented in user space, but core control is always managed by the kernel.

3. Why Distinguish Between These Two Modes?

Distinguishing between these two execution modes is primarily to ensure system security, stability, and isolation:

• If ordinary applications (user mode) could directly manipulate hardware or system resources, it would easily lead to destruction of the entire system's security and stability. Once a bug occurs, the consequences would be severe.
• Therefore, all sensitive and high-privilege operations are uniformly scheduled and managed by kernel mode. User programs can only request services through controlled system call interfaces, which protects the kernel and other parts of the system from being directly affected or damaged by user programs.

The switching between user mode and kernel mode is achieved through controlled mechanisms—"traps" or system calls. This mechanism ensures that access to system resources must go through strict authorization and inspection.

Reference: https://en.wikipedia.org/wiki/User_space_and_kernel_space

4. How to Understand the Working Modes of These Two States

INFO

• Think of 「user mode」 as being in a bank lobby, where you can move around freely but cannot enter the operational area behind the counter.
• 「Kernel mode」 is like the bank's vault and operational area, which only bank employees (kernel) can access and operate.
• When you (user program) need to conduct business (such as withdrawing money), you tell the staff (kernel) through the counter (system call) to help you with the operation.

Practical examples:

• User mode calling read():

  • Actually read() triggers a system call, enters kernel mode, and the kernel reads data from disk/cache and returns it.

• Page fault:

  • Access unallocated memory -> CPU triggers page fault -> Kernel allocates/loads page in kernel mode -> Return to user mode to continue execution (or process is killed).

99% of the software we use daily runs in user mode. Only when requesting the operating system to do work (such as using hardware, creating processes, accessing files, etc.) does it temporarily enter kernel mode.

WARNING

Writing drivers and kernel modules means working directly in kernel mode, so you must be even more careful, otherwise it can cause system abnormalities.