Does User space/Kernel Space exist in RTOS?

Question

I heard from various kernel developers that most of the RTOSes do not have any separation between user space and kernel space and therefore do not need any context switching.

Is this true?

In the same time, I heard from some other people that it is not true, and RTOSes such as VxWorks or Integrity have separated user mode kernel mode.

Firstly, which of those assumptions are right?

Secondly, if both assumptions are correct, it raises the question that when RTOS vendors use separation between kernel space and user space and when they do not?

Can you name some well-known RTOSes that does not have user mode/kernel mode separation?

Finally, as a side question how they can control the I/O operations and avoid race condition?

Answer 1

Things like FreeRTOS and derivatives run happily on hardware without a MMU.

Without a MMU any separation between kernel and user mode is somewhat illusory (you can simply overwrite kernel memory), but there is still a distinction:

Typically a RTOS will be configured with a number of tasks and each task has its own stack. That means context switching is still very much part of the equation because whenever the kernel wants to switch a task, it must first save the stack of the outgoing task and then swap in the stack of the incoming task before handing off to the incoming task.

As a 3rd party developer (ISV) you would write your code to run inside the task context, and so you can take advantage of the task mechanism to get it to behave kind of like a lightweight thread.

Still, without a MMU there will not be any 'real' protection from messing with the kernel accidentally in this scheme. For example the single most trivial way to crash a RTOS without MMU is to misconfigure the stack size and then end up with a stackoverflow, accidentally wiping out kernel data/other tasks/overwriting actual program instructions...

... Now with a MMU the kernel can set up a page table mapping so that it can intercept pagefaults and use this to implement a segfault mechanism when it detects a bad memory access (violation of preconfigured memory boundaries). With additional security features baked into the silicon the kernel can also restrict what kind of instructions tasks are allowed to execute and in combination with the MMU implement proper separation between kernel and user mode/space.

Answer 2

Context switching is not directly related to user/kernel space. Context switching relates to the switching between threads/process/interrupt contexts; that happens in any RTOS regardless of any concept of user/kernel space or MMU protection.

The kernel/user space concept refers to privilege levels, where in kernel space you can perform operations or access memory or I/O not available to user space. Than concept may not make much sense in an embedded system where many threads will need direct I/O access to ensure the real-time behaviour that a kernel driver switch may not be able to offer. Many RTOS are not full OS's but only kernels providing scheduling, IPC, synchronisation, resource locking and timer services; they often do not define a driver-model or provide any I/O, networking or filesystem services so the kernel space concept has little merit.

Rather then a kernel/user space concept, some RTOS running on targets with an MMU do use memory protection schemes to allocate memory and memory-mapped I/O to specific threads/processes (and the kernel) such that one thread cannot cannot corrupt another or the kernel. On the other hand many RTOS run on targets with no MMU so cannot provide that kind of security and robustness.

In the tern RTOS refers only to the scheduling method providing deterministic behaviour; there is not one design and all have significant differences in approach and capability. Refer to the documentation for the specific RTOS.

Answer 3

First, RTOS can support user & kernel seperation. Some refer this as protected build support where user/application can't access any kernel resource directly.

In RTOS without MMU support, user & kernel separation is guaranteed by restricting user access only through syscall.

If you don't know about syscall, you can google it. It is a mechanism where any kernel access by user is through a software interrupt service routine.

Regarding the context switching, there is no correlation between context switching & user/kernel separation.

When vendors support user & kernel separation? Mostly it is like a build time feature. Since this adds overhead on execution time, it depends on vendors philosophy behind their RTOS.

Answer 4

According to the VxWorks Architecture which is an RTOS, clearly, it does not have two address spaces (user and kernel). Both user services and kernel services will be handled in a single address space by giving each task its own memory space. This memory space requires virtual to physical memory mapping which is available only with the optional component VxVMI (VxWorks Virtual Memory Interface).

Added info: We use RTOS with single address space, to provide non interpreted services and faster OS execution. VxWorks Architecture reference link:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://www.ing.iac.es/~docs/external/vxworks.old/Programmers-Guide-5.4.pdf&ved=2ahUKEwjm3rmag5XpAhVEXn0KHSGPDYwQFjAAegQIBBAB&usg=AOvVaw0E9VEDjpd5XIvaaoDxGcCD