How to switch from user mode to kernel mode?

The only way an user space application can explicitly initiate a switch to kernel mode during normal operation is by making an system call such as open, read, write etc.

Whenever a user application calls these system call APIs with appropriate parameters, a software interrupt/exception(SWI) is triggered.

As a result of this SWI, the control of the code execution jumps from the user application to a predefined location in the Interrupt Vector Table [IVT] provided by the OS.

This IVT contains an adress for the SWI exception handler routine, which performs all the necessary steps required to switch the user application to kernel mode and start executing kernel instructions on behalf of user process.


To switch from user mode to kernel mode you need to perform a system call.

If you just want to see what the stuff is going on under the hood, go to TLDP is your new friend and see the code (it is well documented, no need of additional knowledge to understand an assembly code).

You are interested in:

  movl    $len,%edx           # third argument: message length
  movl    $msg,%ecx           # second argument: pointer to message to write
  movl    $1,%ebx             # first argument: file handle (stdout)
  movl    $4,%eax             # system call number (sys_write)
  int     $0x80               # call kernel

As you can see, a system call is just a wrapper around the assembly code, that performs an interruption (0x80) and as a result a handler for this system call will be called.

Let's cheat a bit and use a C preprocessor here to build an executable (foo.S is a file where you put a code from the link below):

gcc -o foo -nostdlib foo.S

Run it via strace to ensure that we'll get what we write:

$ strace -t ./foo 
09:38:28 execve("./foo", ["./foo"], 0x7ffeb5b771d8 /* 57 vars */) = 0
09:38:28 stat(NULL, Hello, world!
 NULL)               = 14
09:38:28 write(0, NULL, 14)      

I just read through this, and it's a pretty good resource. It explains user mode and kernel mode, why changes happen, how expensive they are, and gives some interesting related reading.

http://www.codinghorror.com/blog/2008/01/understanding-user-and-kernel-mode.html

Here's a short excerpt:

Kernel Mode

In Kernel mode, the executing code has complete and unrestricted access to the underlying hardware. It can execute any CPU instruction and reference any memory address. Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system. Crashes in kernel mode are catastrophic; they will halt the entire PC.

User Mode

In User mode, the executing code has no ability to directly access hardware or reference memory. Code running in user mode must delegate to system APIs to access hardware or memory. Due to the protection afforded by this sort of isolation, crashes in user mode are always recoverable. Most of the code running on your computer will execute in user mode.

Tags:

Linux Kernel