Kernel mode

Programs that execute in the kernel protection domain include interrupt handlers, kernel processes, the base kernel, and kernel extensions (device driver, system calls and file systems).

This protection domain implies that code executes in kernel execution mode, and has the following access:

• Read/write access to the global kernel address space
• Read/write access to the kernel data in the process region when executing within a process

Kernel services must be used to access user data within the process address space.

Programs executing in this protection domain can affect the execution environments of all programs, because they have the following characteristics:

• They can access global system data
• They can use kernel services
• They are exempt from all security restraints
• They execute in the processor privileged state.