Kernel Protection Domain

The code in the kernel and kernel extensions run in the kernel protection domain. This code includes interrupt handlers, kernel processes, device drivers, system calls, and file system code.

The processor is in the kernel protection domain when it executes instructions in the privileged state, which provides:

• Read and write access to the global kernel address space
• Read and write access to the thread's uthread block and u-block, except when an interrupt handler is running.

Code running in the kernel protection domain can affect the execution environments of all processes because it:

• Can access global system data
• Can use all kernel services
• Is exempt from all security constraints.

Programming errors in the code running in the kernel protection domain can cause the operating system to fail. In particular, a process's user data cannot be accessed directly, but must be accessed using the copyin and copyout kernel services, or their variants. These routines protect the kernel from improperly supplied user data addresses.

Application programs can gain controlled access to kernel data by making system calls. Access to functions that directly or indirectly invoke system calls is typically provided by programming libraries, providing access to operating system functions.