Understanding Linux User Space vs Kernel Space and Process Contexts

Introduction

This piece revisits basic Linux kernel concepts to strengthen the reader's knowledge of operating‑system fundamentals, especially the distinction between user space and kernel space and the various execution contexts.

User Space and Kernel Space

In a 32‑bit system the virtual address space is 4 GB. The operating system divides this space into two regions: the upper 1 GB (0xC0000000‑0xFFFFFFFF) is reserved for the kernel, while the lower 3 GB (0x00000000‑0xBFFFFFFF) is available to user processes.

Kernel space: The highest 1 GB of virtual memory used exclusively by the Linux kernel. User space: The lower 3 GB of virtual memory where ordinary applications run.

Each process can invoke system calls to enter kernel space, so the kernel and all processes share the same kernel address region. From a process perspective the virtual address layout looks like the following diagram:

The overall Linux internal structure can be visualized as three layers: hardware → kernel space → user space.

Kernel Mode and User Mode

When a task executes a system call and enters kernel code, it runs in kernel mode (privilege level 0) and uses the process's kernel stack. Conversely, when a task runs its own code, it operates in user mode (privilege level 3). If an interrupt occurs while user code runs, the CPU temporarily switches to interrupt context, which also uses the kernel stack but does not represent any specific process.

Process Context and Interrupt Context

Process context refers to the set of information the kernel must preserve for a process, including registers, stack, open files, and memory management structures (task_struct, mm_struct, etc.). It can be divided into three parts:

User‑level context: program code, data, user stack, and shared memory.

Register context: general‑purpose registers, instruction pointer, flags, and stack pointer.

System‑level context: task control block, memory management info, and kernel stack.

When the scheduler switches from one process to another, a context switch occurs, requiring the kernel to save and restore all of the above information. A mode switch (triggered by a system call) is lighter because it only changes the register context.

Interrupt context occurs when hardware generates an interrupt, causing the kernel to run an interrupt handler in kernel space. The handler receives parameters from the hardware and must preserve the interrupted process's state, but it does not represent any specific process and typically cannot block.

Summary

A process’s context includes all register values, state, and stack contents needed to resume execution. The Linux kernel saves this context during a context switch or when handling an interrupt, ensuring that each process can continue correctly after being resumed.