The kernel space is a protected area of memory containing the operating system's vital, low-level components and processes powering the system's core functions. Apart from hosting the kernel itself, the kernel space often includes the following:
Kernel extensions (kernel modules in Linux, kexts in macOS, drivers in Windows) – enabling applications and other external processes to access hardware resources (network cards, disk controllers, graphics cards), kernel resources, or add supplemental functionality. However, faulty extensions can cause kernel panics.
Memory management – Also called "memory manager" in Windows, this enables the OS to allocate ample virtual or physical memory to core processes.
Process scheduling and interrupt handlers – Scheduling which processes will run on which CPU core, and switching between processes on each CPU core (typically between 100 and 1000 times per second, depending on the kernel and its scheduler). It also enables the kernel to address immediate needs at the expense of another active process (such as when a packet arrives in the network card buffer).
System calls – enabling programs to securely access kernel services, including network operations or disk access, via requests
The kernel runs at protection ring 0 (the most privileged operating state) of the CPU. It is virtualized itself sometimes to guard against kernel vulnerabilities on security-sensitive systems — such as game consoles — and harnesses kernel memory to perform important tasks. The kernel operates separately from the userspace (running at protection ring 3), which runs applications and related processes under the management of the kernel.
The kernel assigns memory allocations to applications as it requests them. It typically randomizes the locations in physical memory so an attacker can’t predict in which addresses a targeted piece of data or code will reside.
The kernel space is protected from userspace applications, and can generally only be changed or accessed by system calls. These are defined entry points into the kernel for applications needing to directly perform an operation normally prohibited by CPU protection ring 3.
What makes the kernel space useful?
At the highest level, the kernel space is used to isolate critical resources and processes from the applications running on the system. It contains key components necessary for the OS to run effectively, and promotes system stability through abstraction. Only certain processes, components, and programs can access this virtual system partition. While each kernel space is a little bit different — say Linux vs. Windows vs. Unix (macOS) — they do share notable similarities.
As a result, the kernel space helps enhance system stability and security. Critical system resources are reserved so the OS doesn't exhaust itself (and so applications can't theoretically crash the OS). It also prevents modifications to resources that should be immutable. It enjoys higher privileges and sets boundaries for tasks, instead of letting those tasks directly monopolize the hardware.
The unrestricted control the kernel space has over processes can also yield system-wide performance benefits. It can freely access hardware resources — enabling smarter allocation of memory, scheduling, and interrupts. However, kernel switching behaviors (when the CPU swaps interchangeably between kernel and user mode code execution) have become less efficient with patches against the Spectre and Meltdown vulnerabilities. These updates to CPU microcode and kernel page table isolation (KPTI) have impacted performance benchmarks. However, they help prevent processes from accessing privileged information via speculative CPU execution and caching.
Overall, the kernel space acts as the nervous system to the greater OS and everything running atop it. Without it, the OS would be left vulnerable to conflicting tasks, privilege escalation, and outright failure stemming from unrecoverable kernel problems (blue screen of death, anyone?).
How does HAProxy interact with the kernel space?
HAProxy products interact directly with the system kernel to enable functions such as reverse proxying and listening for new connections. HAProxy can let the kernel decide which network gateway is ideal using its routing table, or request the kernel use specific networking interfaces for smarter traffic management.
Because HAProxy filters and routes incoming traffic, the load balancer layer plays an important role in preventing harmful requests from expending kernel resources — using security features such as PacketShield. In HAProxy ALOHA, PacketShield filters packets at an even lower level than the kernel's SYN cookies can to guard against DDoS attacks.