Kernel space is the portion of memory and execution privilege reserved for the kernel itself. Code running in kernel space has direct access to hardware registers, physical memory, and privileged CPU instructions, and its virtual address space is shared across all processes (mapped into the high half of each process's address space on 64-bit Linux). Only trusted code—the kernel proper and loaded kernel modules—runs here.
The separation between user and kernel space is enforced by the CPU's protection mechanisms and by the memory management unit. When a user-space program issues a system call, the CPU transitions to kernel mode, the kernel executes on the kernel stack for that thread, and then returns to user mode. This boundary crossing is cheap on modern hardware (a few tens of nanoseconds) but not free, which is why high-performance I/O mechanisms like io_uring and eBPF aim to reduce the number of crossings.
Bugs in kernel-space code are typically catastrophic: a null-pointer dereference produces a kernel panic (Linux's equivalent of the Windows blue screen), and memory corruption can compromise the whole system. This is why writing kernel code demands far more caution than writing user-space code, and why Linux has elaborate subsystems for runtime verification, lockdep, KASAN, and the like.
Related terms: User Space, Kernel, System Call
Discussed in:
- Chapter 3: The Linux Kernel — User Space and Kernel Space
Also defined in: Textbook of Linux