Why Kernel Space vs User Space Matters: A Deep Dive into OS Architecture

Kernel Space and User Space

For a 32‑bit operating system, the virtual address space is 4 GB, meaning each process can address up to 4 GB.

The kernel is the core of the OS, independent of regular applications, with full access to protected memory and hardware. Modern OSes enforce that user processes cannot directly manipulate the kernel.

The virtual address space is split into two parts: the upper 1 GB (from 0xC0000000 to 0xFFFFFFFF) is reserved for the kernel (kernel space), and the lower 3 GB (from 0x00000000 to 0xBFFFFFFF) is used by user processes (user space).

Each process shares the same upper 1 GB kernel space, while the remaining 3 GB is private to the process.

The highest 1 GB of kernel space is shared by all processes.

Why Distinguish Kernel Space from User Space

Some CPU instructions are dangerous (e.g., clearing memory, setting the clock) and can crash the system if misused. Therefore, CPUs separate privileged and non‑privileged instructions, allowing only the OS to execute the dangerous ones.

Intel CPUs define four privilege rings; Linux uses Ring 0 for kernel mode and Ring 3 for user mode.

When a process runs in Ring 3, it is in user mode; in Ring 0, it is in kernel mode.

Kernel Mode and User Mode

A process running in kernel space is in kernel mode; a process running in user space is in user mode.

In kernel mode, the CPU can execute any instruction and access any address or I/O port.

In user mode, the CPU restricts the process to its mapped virtual pages and permitted I/O ports.

Older DOS systems lacked these concepts, so all code ran in kernel mode, making the system fragile.

Linux separates kernel and user spaces to isolate OS code from application code, improving stability; a faulty application cannot crash the entire OS.

Thus, distinguishing kernel and user spaces enhances OS stability and usability.

How to Enter Kernel Space from User Space

All resource management (disk I/O, memory allocation, network I/O) occurs in kernel space. Applications cannot perform these actions directly; they must request the kernel via system calls.

For example, an application reads a file by issuing a system call to the kernel, which reads the data into kernel space, copies it to user space, and returns control to the application.

The transition involves separate stacks for user and kernel modes; each process has a user‑mode stack and a kernel‑mode stack.

There are three ways for a process to move from user mode to kernel mode: 系统调用、软中断和硬件中断. Each involves extensive OS mechanisms.

Overall Structure

The Linux system can be viewed as three layers from bottom to top: hardware → kernel space → user space.

Code in kernel space controls hardware resources; user‑space code accesses hardware only through the kernel’s system‑call interface. This design is common across operating systems such as Windows.

Running in user space, executing user processes.

Running in kernel space, in process context, representing a specific process.

Running in kernel space, in interrupt context, unrelated to any process.

When the CPU is idle, it runs an idle process in kernel space.

Summary

Modern operating systems use the separation of kernel space and user space to protect the OS’s security and stability. Understanding these concepts is essential when studying operating systems.