Kernel space and user space

A software that runs under an operating system will be executed at user (ring 3) level. In order to access the machine resources, it will have to interact with the operating system kernel (that runs at ring 0). Here's a list of some of the operations a ring 3 application cannot do:

  • Modify the current segment descriptor, which determines the current ring
  • Modify the page tables, preventing one process from seeing the memory of other processes
  • Use the LGDT and LIDT instructions, preventing them from registering interrupt handlers
  • Use I/O instructions such as in and out that would ignore file permissions and read directly from disk

The access to the content of the disk, for instance, will be mediated by the kernel that will verify that the application has permission to access the data. This kind of negotiation improves security and avoids failures, but comes with an important overhead that impacts the application performance.

Some applications can be designed to run directly on the hardware without the framework provided by an operating system. This is true for real-time systems, where there is no compromise on response times and performance.