Kernel Space vs User Space

The kernel is the part of the operating system that runs with higher privileges, while user space usually means applications running with low privileges. However, these terms are heavily overloaded and might have specific meanings depending on the context.

User mode and kernel mode are terms that may refer specifically to the processor execution mode. Code that runs in kernel mode can fully control the CPU, while code that runs in user mode has certain limitations. For example, CPU interrupts can only be disabled or enabled while running in kernel mode.

User and kernel space may refer to memory protection or virtual address spaces associated with either kernel or user applications. Simplifying, the kernel space is the memory area reserved for the kernel, while user space is the memory reserved for a particular user process.

A module runs in kernel space, whereas applications run in user space. One of the roles of OSs is to account for the independent operation of programs and protection against unauthorized access to resources. The OS enforces this behaviour by implementing different operating modalities (or levels) in the CPU. All current processors have at least two protection levels. We refer to the execution modes as kernel space and user space.

Address Space

Address space terms can have different meanings in different contexts.

  • Physical address space: the way the RAM and device memories are visible on the memory bus.

  • Virtual address space: the way the CPU sees the memory when the virtual memory module is activated (also called protected mode or paging enabled). The kernel is responsible for setting up a mapping that creates a virtual address space in which areas of this space are mapped to certain physical memory areas. Related to (virtual) address space:

    • Process space: part of the virtual address space associated with a process. It is the “memory view” of processes. It is a continuous area that starts at zero.

    • Kernel space: the kernel space is the “memory view” of the code that runs in kernel mode.

Explain how data is transferred between userspace and kernel space

Userspace applications typically request the kernel using system calls, whose code lies in the kernel space. Unix transfers execution from user space to kernel space whenever an application issues a system call or is suspended by a hardware interrupt.

Kernel code executing a system call works in the context of a process - it operates on behalf of the calling process and can access data in the process’s address space.

Code that handles interrupts is asynchronous concerning processes and unrelated to any particular process.

When does the control pass from user mode to kernel mode in a Linux system?

Control transfers from user mode to kernel mode in several situations:

System Calls

The most common transition occurs when a userspace application performs a system call (e.g., read(), write(), open(), fork()).

The CPU switches to kernel mode through a controlled mechanism (such as syscall, sysenter, or software interrupts depending on the architecture).

Hardware Interrupts

Hardware devices such as network cards, disks, or timers can trigger interrupts.

When an interrupt occurs, the CPU immediately switches to kernel mode and executes the appropriate interrupt handler.

Exceptions / Faults

Exceptions occur when the CPU detects an abnormal condition during instruction execution, such as:

  • Page faults
  • Divide-by-zero
  • Invalid instructions

These events cause the processor to transfer control to the kernel so it can handle the fault.

Traps

Traps are intentional exceptions generated by software (for example, debugging breakpoints).

In summary, the kernel gains control whenever the system must manage hardware, enforce protection, or provide operating system services to applications.

This site uses Just the Docs, a documentation theme for Jekyll.